Devo - Cloud Native Security Conference.pptx

1、Mapping Motives Tells a Story:Mapping Motives Tells a Story:JOSHUA SMITHJOSHUA SMITHSecurity Content EngineerDAVID WOLFDAVID WOLFSecurity Innovation Researcher Analysis of 2,000 Enterprise Cloud Detections About Devo SciSec Innovation Research Methods and Scope Findings by Theme1.Automated SOC2.Augm

2、ented Analyst3.Alert Management Takeaways and Lessons LearnedSession ContentSession Content1 1.Automated SOC ControlsAutomated SOC ControlsDetectiveCorrectivePreventative MISSION:MISSION:*Reported#1 analyst pain point from Devo annual SOC Performance Report Assess Prioritize gaps Tune defensesRESEAR

3、CH PROCESS:RESEARCH PROCESS:RESEARCH THEMESRESEARCH THEMES:Assess Defensive CoverageIdentify High Priority GapsTune and Acquire New DefensesAbout Devo About Devo SciSecSciSec and Innovation and Innovation2 2.Augmented AnalystAugmented AnalystEmpoweredEnabledEducated3.Alert Management3.Alert Manageme

4、nt*CustomizableReusableAcross vendor productsConduct security research on emerging threats and customer security problems to deliver novel security use cases.Team-Detections Engineers-ML/AI Data Scientists-Security Researchers-QATechnology-Detections(product content)-ML models-Test infrastructure(ve

5、ndor products)-Cloud providers(AWS,GCP,Azure)About Devo About Devo SciSecSciSec Research Lab Research LabDevo SciSec security researchers:Analyzed cloud SIEM detections from more than 300 enterprises and MSPs that have active,firing alerts.Applied novel machine learning(ML)and natural language proce

6、ssing(NLP)to alert metadata in order to map detections to MITRE ATT&CK and Zero Trust Architecture.Explored further ML and NLP methods to analyze cloud alert metadata as a corpus in order to map attacker motives and stories using semantic relationships.6035 alerts used in analysis(15141 alerts in sa