Transform Your Cyber Defenses: An Intelligence-Led Approach to Validation & Remediation

In our experience working in security operations, we found that validation efforts are often used without a focused mission, and findings from Red Teams, Purple Teams, and validation tools are rarely used to remediate identified gaps. Our approach transforms validation efforts from a useful tool or assessment to a key component in a cyber defense strategy. We demonstrate how a security validation program should focus on the threats that matter, identify existing detection capabilities, and remediate gaps while leveraging inputs from intelligence, validation, detection, engineering, and response to drive operational and tactical cyber defense efforts. Attendees will learn how to define threats, test, and validate existing detection capabilities, identify and remediate gaps, and build a prioritized, actionable roadmap. We will focus on presenting processes and workflows so that you can capitalize on available, purpose-built toolsets to build a scalable and repeatable methodology, leveraging various SIEMs, EDRs, SOAR solutions, validation tools, data analytics, and automation. We use the MITRE ATT&CK Framework as a common lexicon to track capabilities, gaps, and tasks across the various defense teams. Ultimately, this threat-informed approach helps organizations drive a comprehensive program in which defenders can proactively execute a measurable, actionable, and repeatable process to harden cyber defenses against the threats that matter. We hope attendees will identify additional areas to develop information sharing across functions and how to operationalize their existing data sets, and leave feeling confident they can identify existing gaps and capabilities in logging and alerting for the threats that matter.

Emily Cranston is a Manager with Mandiant's Cyber Defense team, now part of Google Cloud, based out of Buffalo, New York. As part of Mandiant's Cyber Defense team, she provides strategic guidance to clients to help build, mature, and expand cyber defense programs. With over a decade of experience, she has a strong background in cyber threat intelligence (CTI), which she uses to help organizations become Intelligence-Led.