@DavidJBianco / detect-respond.blogspot.com
Mandiant (a FireEye Company)
Before coming to work as a DFIR subject matter expert at Mandiant, David spent five years helping to build an intel-driven detection & response program for a Fortune 5 company. He set detection strategies for a network of nearly 500 NSM sensors in over 160 countries and led response efforts for some of the company’s the most critical incidents, mainly involving targeted attacks. He stays active in the community, speaking and writing on the subjects of Incident Detection & Response and Threat Intelligence.
David will be presenting The Pyramid of Pain: Intel-Driven Detection & Response to Increase Your Adversary’s Cost of Operations
There’s more to good threat intelligence than lists of domains or IPs, and it’s useful for more than just finding bad actors in your environment. What if I told you that you could use threat intelligence not only to get better at detecting and responding to incidents, but also to make your attackers’ lives significantly more difficult, to drive up the costs of their operations and to potentially make it so expensive to operate against you that they give up? Sound too good to be true?
In this talk, I’ll cover a practical, proven framework for applying threat intel to incident detection and response. The framework’s centerpiece is the Pyramid of Pain. The result of nearly 5 years experience directing the global detection program for a Fortune 5 company, the Pyramid is a blueprint for turning your incident response capability into an offensive weapon to cause pain for your attackers.