A Wind of Change for Threat Detection - Melissa Kilby, Apple
Abstract
There’s a breeze in the air blowing steady advancements in cloud native security threat detection. However, threat actors are outpacing our innovation — rule-based detections focus on what we think attackers will do, not on what they are doing and generate enough alerts to bury security analysts in a sandstorm of poor signal-to-noise. Can this dynamic be blown back to shift the information asymmetry in favor of defenders? This advanced talk will focus on how to create high-value, kernel signals that are difficult to bypass using eBPF and Falco - but not in the traditional way. Advanced data analytics is an emerging crosswind that enables us to soar past attackers by detecting deviations in current behavior from past behavior. I’ll discuss rules versus behavior challenges and push the boundaries of innovation through demos that scale in real-world production environments. Come join me as we take this zephyr of an idea into a jet stream of change for threat detection!