Free Enterprise Defense: Mastering Detection with Sysmon, SIEM, and CTI

Back to events

Hack Red Con 2024

Talks

Event Hack Red Con 2024 starts on Oct 25, 2024, 10:00:00 AM (America/Kentucky/Louisville)

60min Talk - Technical

Location: Track 1 - 10/26/24, 2:00 PM - 10/26/24, 3:00 PM (America/Kentucky/Louisville) (1 hour)

Free Enterprise Defense: Mastering Detection with Sysmon, SIEM, and CTI

Peter Drybrough

Senior Cyber Intelligence Analyst

Peter Drybrough

Senior Cyber Intelligence Analyst

As a Senior Cyber Intelligence Analyst at UPS, I help protect the company's network, employees, and data from cyber threats, using my core competencies in cyber threat intelligence (CTI), and incident response.

I work with a team of cyber security professionals to monitor, analyze, and respond to cyber incidents, and to provide actionable and timely intelligence to stakeholders. I am passionate about cyber security and its impact on national and global security, and I strive to continuously learn and improve my skills in the field.

Welcome, cyber defenders, to 'Free Enterprise Defense: Mastering Detection with Sysmon, SIEM, and CTI.' We've been busy revamping our Sysmon configuration and integrating it with our SIEM system, and boy, do we have some stories to tell. While we won’t share our config (for obvious reasons), we will share our strategies so you can effectively use them too!
If you’re like us, tools are a big part of the overall cost of running a defense. Whether you have all the latest and greatest tools or are balling on a budget in a small shop, Sysmon is a free tool that complements and supports any detection stack.
This talk will share what worked, what didn't, and how we turned our detection strategies into a well-oiled machine. Expect real-world scenarios and a dive into the CTI lifecycle. Whether you're a seasoned analyst or just starting out, there's something here for everyone. Let's get started and turn those cyber threats into mere annoyances.