Liam Stevenson, Associate Director of Technical Services within NCC Group's Managed Detection & Response division, shows how to derive significant cost efficiencies in SIEM platform consumption with smart log ingestion utilizing pre-processing data pipelines and modern cloud services. Doing so significantly reduces data volumes to the SIEM without loosing the residual value and accessibility of the underlying data.
In this post we explore how to use the extensible nature of Thinkst Canary to build a high interaction honeypot.
There is much hyperbole around machine learning and artificial intelligence in Managed Detection & Response. We detail when to apply and what reasonable results can be achieved on a specific real-world problem.