We got together with security professionals a while ago to talk about security monitoring strategies.

But could they be more effective if combined with robust risk scenarios, aligned to your organisation?

https://cydea.com/blog/the-link-between-risk-scenarios-and-detection-use-cases/

#PositiveSecurity #RiskManagement #SecurityMonitoring #RiskScenarios

We're getting into "silly season" at the end of the year. With that in mind, I've thought about the things I did in 2022 that I found most interesting, helpful, or potentially impactful.

First, there's the paper on #CTI-driven #ThreatHunting I wrote and presented on at several events:
https://www.gigamon.com/content/dam/resource-library/english/white-paper/wp-intelligence-driven-threat-hunting-methodology.pdf

Then, there was my @VirusBulletin paper on the #XENOTIME actor responsible for the #Triton event, which I thought was neat as a deep-dive into organizational relationships that get masked in our tracking a single "adversary:"
https://www.virusbulletin.com/uploads/pdf/conference/vb2022/papers/VB2022-Zeroing-in-on-XENOTIME-analysis-of-the-entities-responsible-for-the-Triton-event.pdf

On a personal front, I wrote up some prelimianry analysis on the #Industroyer2 attempted (?) #ICS #OT incident as part of the conflict in #Ukraine - and there are still some items raised there for which we don't have answers several months after the incident was discovered:
https://pylos.co/2022/04/23/industroyer2-in-perspective/

Finally, I wrote a blog for my employer diving into the idea of the #FalsePositive in #DetectionEngineering and #SecurityMonitoring that I think is helpful for analysts from #IR to the #SOC
https://blog.gigamon.com/2022/08/05/revisiting-the-idea-of-the-false-positive/

I need to think this over a bit, but look for something covering the most insightful work of others, from my perspective, from the past year!