Hi [[ session.user.profile.firstName ]]

Optimizing AWS GuardDuty alerts for your environment

If you’ve got GuardDuty set up in your AWS environment, then your security is already heading in the right direction. But knowing what to do with the alerts and how to make the most out of them isn’t always as clear. I’ll break down the classes of GuardDuty alerts and discuss different strategies to identify quality alerts using levers to tweak the volume and mapping of alerts based on your business needs.
Live online Oct 20 6:40 pm UTC
or after on demand 21 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Chris Vantine, Detection & Response Engineer - Expel
Presentation preview: Optimizing AWS GuardDuty alerts for your environment

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Optimizing AWS GuardDuty alerts for your environment Oct 20 2021 6:40 pm UTC 21 mins
    Chris Vantine, Detection & Response Engineer - Expel
    If you’ve got GuardDuty set up in your AWS environment, then your security is already heading in the right direction. But knowing what to do with the alerts and how to make the most out of them isn’t always as clear. I’ll break down the classes of GuardDuty alerts and discuss different strategies to identify quality alerts using levers to tweak the volume and mapping of alerts based on your business needs.
  • Automating AWS alert enrichment Oct 20 2021 6:20 pm UTC 21 mins
    Britton Manahan, Senior Detection & Response Analyst - Expel
    Enrichments help you up-level your detections capabilities by giving you the full picture of what’s going on and a baseline for your users’ activity. Find out how Expel automates AWS alerts enrichment with the help of the Expel Workbench™ and our bot, Ruxie™. We’ll cover the key questions our automations help us quickly answer and how these automations make spotting true positives in the complexity of the cloud easier.
  • Breaking down container security Oct 20 2021 6:00 pm UTC 21 mins
    Tim Chase, Field CTO, Enterprise and Partners - Lacework
    Containers are complex, and securing them is even more complicated. It all starts with understanding the different components from the bottom up. Join our partners at Lacework to unpack each part of a container with insights on how to best secure each using AWS native tools as well as additional monitoring from the Lacework platform.
  • Free up your time with automation Oct 20 2021 5:00 pm UTC 60 mins
    Peter Silberman, Expel; Brandon Maxwell, Auth0; Jeremy Stinson, Precisely; Aaron Blum, Cockroach Labs
    Alerts in any environment, but especially the cloud, are only as useful as the investigative time put into them. Digging through logs and sorting through false-positives is time consuming and every second can matter. The solution? Automating the right things at the right time. Join a panel of Expel customers who have built their own automation and taken advantage of Expel’s automation to free up their time.

    In this panel we’ll discuss:
    • Benefits from automation (ex: staffing, faster time to detect and respond, improved visibility)
    • Challenges with automation
    • How it’s freed up resources and the follow-on effect of what else they were able to focus on

    Peter Silberman, CTO, Expel
    Brandon Maxwell, Senior Manager, Detection & Response, Auth0
    Jeremy Stinson, Chief Architect of SaaS, Precisely
    Aaron Blum, Lead Security Engineer, Cockroach Labs
  • Iterating on detections in AWS Oct 20 2021 4:25 pm UTC 21 mins
    Ian Cooper, Associate Detection & Response Engineer - Expel
    Learn how Expel approaches detection writing by iterating upon previous research and detection work. We’ll explore how our detection coverage evolves as we learn more about a technology and brainstorm ways to iterate upon your own detections. Then you’ll get a glimpse of our detections for lesser known AWS controls that can be used to unseat security in your environment.
  • Mining your data to find Coin Miners Oct 20 2021 4:05 pm UTC 21 mins
    Sam Lipton, Detection & Response Engineer - Expel
    Join Expel in the data caves to see how we dig for coin miners in customer environments. You’ll leave this session with some tips on how you can use signal to find unauthorized coin mining in your AWS environment.
  • A walk through Expel’s AWS Mind Map Oct 20 2021 3:45 pm UTC 21 mins
    Brandon Dossantos, Detection & Response Engineer - Expel
    We’ve seen quite a few incidents in AWS. And we noticed a few common themes about when and why attackers use different AWS APIs – and they mapped nicely to the MITRE ATT&CK tactics. Follow along as we walk you through Expel’s AWS mind map and share why constructing a mind map can assist in developing detections, performing timeline analyses and identify attacker paths in AWS.
  • Keynote: Getting better at [cloud] security Oct 20 2021 3:00 pm UTC 45 mins
    Lior Cohen, Sr. Security Specialist - AWS
    AWS Sr. Security Specialist, Lior Cohen, will give an overview of cultural, procedural and technical perspectives of how to effectively and continuously improve cloud security. He’ll review highlights from AWS’s internal culture of security, the use of frameworks to continuously improve security and give guidance on how to improve your AWS security posture now. You’ll also learn more about the shared responsibility model, AWS’s Well Architected Framework, cloud security design patterns, the NIST Cyber Security Framework and native AWS security services.
  • Securing your email: re-thinking phishing and business email compromise attacks Recorded: Aug 10 2021 30 mins
    Bruce Potter, CISO and Tina Velez, Principal Solution Architect
    Successful phishing attacks are making way for an increase in business email compromise (BEC). Simply turning on multi-factor authentication (MFA) is no longer enough to halt the crafty attackers, as bad actors are continually finding ways to bypass MFA and are even creating fake Okta pages to steal user credentials. To prevent these attacks, you need detection and response coverage across the email attack lifecycle.

    Join Expel’s CISO, Bruce Potter and Tina Velez, Principal Solution Architect, to learn how to detect these advanced attacker tactics. We’ll show you how we triage phishy emails, detect BEC and uncover risky behavior.

    During this chat, we'll cover:
    Phishing trends we’re seeing among our own customer base
    How to detect and respond to phishing email and BEC threats
    A behind-the-scenes walk through of an investigation
  • Hunting in your Microsoft Environments Recorded: Jul 20 2021 24 mins
    Bryan Geraldo, Senior Detection & Response Engineer, Expel
    Hunting can be a game changing strategy for your security posture. But how do you start building that strategy? Using a vulnerability-centric approach isn't enough. Hunting techniques need to focus on a proactive approach as the threat landscape has evolved to new places – like the cloud. Learn how to develop hunts that are hypothesis-driven and use a threat-centric approach to identify areas in your environment that need improvement.
  • 3 Ways to Detect Business Email Compromise in Office 365 Recorded: Jul 20 2021 20 mins
    Anthony Randazzo, Manager, Detection & Response Engineering, Expel
    Phishing attacks are on the rise and BEC is still the number one tactic. In order to keep your org and its users safe, it’s important to understand the BEC attack life cycle and know where to look to spot evil – especially as these attacks continue to evolve. In this session you’ll find out what the BEC attack life cycle looks like, what signal is available in Microsoft Azure and O365 to detect a potential BEC attack and get three tips on how you can detect an attacker in your Exchange Online environment.
  • How our customers with Microsoft tools detect and protect against attacks Recorded: Jul 20 2021 41 mins
    Joe Oney, SecOps Manager, Hogan Lovells. Pete Sillberman, CTO, Expel
    Join us for a conversation with Joe Oney, Security Operations Manager at Hogan Lovells, to hear about how he and his team use Microsoft security tools to keep their org safe. He'll share some tips and tricks on how to support your Microsoft stack and amplify alerts, along with some Microsoft-specific lessons learned.
  • Detections in your cloud infrastructure Recorded: Jul 20 2021 22 mins
    Dan Whalen, Principal Detection & Response Engineer, Expel
    Hosting your infrastructure in the cloud comes with promises of reliability, scalability and cost efficiency. Securing this infrastructure, however, requires a special focus. It can be a real challenge to make sense of all of the sources of data and build out a detection strategy. In this talk, we’ll review what data sources and security services exist in Azure and lay out a mental model you can use to build your own detection strategy based on your unique risks.
  • How to use Defender for Endpoint to investigate a ransomware incident Recorded: Jul 20 2021 46 mins
    Tyler Fornes, Global Response Manager, Expel
    If you have Defender for Endpoint, you’ve got one of the best EDR tools on the market. But do you know all of the ways you can optimize it? Join us as we dive into some of our favorite things about Defender for Endpoint and share the tale of a real ransomware incident we uncovered at Expel and how we used the capability baked into Defender for Endpoint to quickly identify the source of the compromise and remediate. This will also serve as a deep-dive into how we use the Expel Workbench™ to augment the capability of Defender for Endpoint and the automation we have built around the MS product suite.
  • How MSFT thinks about security strategy Recorded: Jul 20 2021 25 mins
    Mandana Javaheri Microsoft Global Director, SCI Business Development
    Learn about Microsoft's strategic approach to security. Mandana Javaheri, global cybersecurity, compliance and identity leader at Microsoft, will talk about XDR – how to expedite detection & response and remediation – and the ways Expel and Microsoft work together to support our joint customers. You'll walk away from this talk with a better understanding of modern approaches to security and how partners can help level-up detection capabilities.
Managed detection and response for cloud, hybrid and on-prem
Expel is a managed detection and response (MDR) provider whose mission is to make great security as accessible as the internet. Our 24x7 SOC offers security monitoring and response for cloud, hybrid and on-premises environments. Our BrightTalk channel focuses on tips and tricks for detecting the latest threats using all your go-to security tech.

Learn more about us at https://expel.io.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Optimizing AWS GuardDuty alerts for your environment
  • Live at: Oct 20 2021 6:40 pm
  • Presented by: Chris Vantine, Detection & Response Engineer - Expel
  • From:
Your email has been sent.
or close