Christian Have
Improving Threat Detection Accuracy: Leveraging Probability to Reduce False Positives
This track tackles the challenges of false positives in early-stage attack detection within organizations. Traditional SIEM alerting often leads to a high rate of false positives, posing significant challenges for analysts. We'll explore how context-driven threat detection, powered by probability scoring, can enhance detection accuracy by consolidating relevant observations into actionable incidents. Context-driven threat detection using algorithms increases detection efficacy by fusing relevant observations to produce high-value incidents. Instead of using SIEM to write atomic alerts to detect threats, we’re discussing methods to fuse observations and create high-fidelity alerts. By alerting on incidents in combination, analysts can detect attacks early in the kill chain while eliminating false positives.
Date & Time
Wednesday, May 1, 2024, 9:45 AM - 10:15 AM
Theater 1