Every SOC is deluged by massive amounts of logs, suspect files, alerts and data that make it impossible to respond to everything. It is essential to find the signal in the noise to be able to best protect an organization.
This talk will cover techniques to automate the processing of data mining malware to derive key indicators to find active threats against an enterprise. Techniques will be discussed covering how to tune the automation to avoid false positives and the many struggles we have had in creating appropriate whitelists. We’ll also discuss techniques for organizations to find and process intelligence for attacks targeting them specifically that no vendor can sell or provide them.