Loading…
GRAYHAT has ended
Back To Schedule
Friday, October 30 • 9:00am - 9:45am
Rapid Threat Containment - Using Programmability to Detect, Prioritize, Contain and Report on Incidents

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Detecting and responding to incidents is challenging. To do so automatically is even more challenging. There are many sources of information for security events
such as endpoint security, DNS, Firewalls, Network Anomalies etc. Trying to automatically respond is typically avoided because of the risk for false positives.
But can we, by combining different sources of events, and applying a penalty point system, reduce the likelyhood of false positives enough to allow for automatic response?
This lecture will outline a prototype for Rapid Threat Containment based on input from multiple sources. It will also discuss challenges, such as how to normalise the target
of the attack (which could be hostname, IP address, MAC address, email address, username - depending on the source). It will also discuss some potential extra benefits such
as creating automatic reports on breaches based on the information.
Speakers
avatar for Hakan Nohre

Hakan Nohre

Technical Solutions Architect, Cisco
Hakan Nohre is a Technical Solutions Architect with Cisco Systems, focusing on Cyber Security in Cisco EMEAR. He has over 20 years of experience of Enterprise IT Security, covering technical solutions such as Firewalls, VPN, IPS, DNS and Identity Solutions. He is currently specialising... Read More →
CV

Christopher Van Der Made

Security Developer Advocate, Cisco
Cisco Developer Advocate with focus on security technologies. With Cisco for 5+ years. Favorite language is Python. From Rotterdam, the Netherlands.

Village
BT

Friday October 30, 2020 9:00am - 9:45am CDT
Blue Team Village
  Level0, Blue Team Village