CSN23: Context is King!

Document created by jmerrill on Sep 12, 2010
Version 1Show Document
  • View in full screen mode

Context is King!
Pete Babcock, Lead Security Analyst, United Services Automobile Association (USAA)
Level: Intermediate
A single successful login is logged on one of your UNIX servers – do you care? Most SOCs consider that to be normal activity and would not be alarmed. But, what if the user ID is for an employee that was terminated last week? Now do you care? Context is everything when evaluating security events. This presentation will walk through several scenarios, from terminated users to advanced persistent threats, and show how to use context to make better decisions for protecting your organization.