Two pillars of a successful and proactive SOC are threat hunting and incident response. The use of network traffic analysis can help improve performance in these two areas, if you can trust the data. This session will explain how attackers can hide and misuse logs, agents, and standard security tools, and demonstrate effective approaches for countering their actions using network traffic analysis, passive monitoring, and real-time forensic data.
Jamie has worked in the Computer Industry for over 30 years, focused primarily on Security and Infrastructure technologies. In the early 1990s Jamie was one of the UK's leading experts on Computer Viruses - authoring his own Virus Scanner for MSDOS before joining Symantec as technical support lead for the new Peter Norton range of products, including the new Norton AntiVirus product. Nowadays Jamie is helping customers understand and mitigate the risk contemporary threats pose to their business.