An entire industry exists to serve threat feeds that are used within SIEM and SOAR platforms to identify infected systems and campaigns with known signatures (e.g. IP addresses, domain names, and file hashes). Indicator lists are used in a one-dimensional fashion: the raw data is correlated with threat feeds, and an alert is generated if there's a hit.
Adversaries are aware of this level of maturity within enterprise SOCs. As such, attackers avoid re-using domain names and other indicators between campaigns. To defend against evolving threats and unknown actors, security teams must leverage analytics to dive into their data.
This webcast details common SOC blindspots that adversaries exploit, and how you can measure the visibility of your existing SIEM apparatus using free, open source tools. Attendees will also learn about the data processing steps required to flag red teams, state-sponsored adversaries, and emerging threats within their environments using the AlphaSOC Analytics Engine.