Every year billions of dollars are spent on preventing breaches. While some of these systems are doing a sufficient job of keeping data away from the hands of attackers, it has become clear that there is no real way to prevent breaches with 100% certainty. Of course time should be spent building proper controls, but if we hope to survive the next decade, we need to focus on detection and remediation.
It’s one thing to have information stolen. For some that is all it takes to ruin their year or possibly even worse. For the majority of data though it is about how that data is used. Detecting anomalies in the use of sensitive information can help lead to discovering successful attacks and provide a leg up in threat intelligence and containing a breach. Better understanding and design of our systems coupled with true threat intelligence is the way forward, and we have to start now. This presentation details how to build threat intelligence and plan for the eventual compromise that will happen to your systems.