The Abstract

Modern SOCs are drowning in data but starving for context. As state-sponsored actors like Volt Typhoon and Salt Typhoon perfect the art of using "Living off the Land" (LotL) techniques, they've learned to hide in the noise of legitimate administrative traffic. If your network detection strategy relies on Firewall logs and NetFlow. You are only seeing the "signals" while the "story" remains invisible.

This talk breaks down why traditional logs fail to catch modern APTs that bypass EDR and blend into the background. We will explore why transactional data is considered the "ground truth" required to unmask stealthy lateral movement. Finally, we'll also provide a future look at the AI arms race: where attackers use AI to craft perfect lures, defenders must realize that their AI is only as good as the data it consumes. In the world of autonomous SOCs, transactional data isn't just a log—it's the rocket fuel that makes defensive AI actually work.