Threat intelligence can provide a rich insight into threat actor activity but often lacks the timelines and context that comes from the learning of real-life incident investigations. Security leaders need to know how to leverage this frontline intelligence to not only understand if they are likely to be in a similar situation but also to know how they could take immediate action on their defenses.

Watch Kroll expert George Glass outline the key threats to look out for in 2023 and discuss how to use live insights from real-world incident investigations to continuously improve your organization’s day-to-day security operations and prioritize risk management plans.

Key sections:

0:00 - INTRO

1:36 - AGENDA

2:16 - Intelligence-Driven Detection and Response

9:14 - What is Detection-as-code?

11:55 - Ideal Detection Lifecycle

14:31 - Example Detection Rules

19:13 - SIGMA Rule

22:45 - Unit Testing Detections

28:39 - Actor TTP Simulation

30:49 - The CI/CD Pipeline

34:35 - Key Takeaways

Get the latest from the Kroll Cyber Risk blog: https://www.kroll.com/en/insights/publications/cyber

Demo Kroll Responder, our MDR solution: https://www.kroll.com/en/services/cyber-risk/managed-security/kroll-responder

Read the latest Cyber case studies: https://www.kroll.com/en/insights/publications/cyber/case-studies

#sigmarule #threatintelligence #securityoperations