Threat Hunting Platforms vs. SIEM, What’s the Difference? – Corey Thuen – BH20 #2

August 4, 2020

What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? This talk covers the high level and low-level tech that drives these differences.

This segment is sponsored by Gravwell.

Visit https://securityweekly.com/gravwell to learn more about them!

Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit: https://www.gravwell.io/summercamp2020

Guest

Corey Thuen

Co-Founder at Gravwell

Corey Thuen is a founder of Gravwell and has spent over a decade doing cybersecurity at places like Department of Energy national labs, Digital Bond, and IOActive. That experience is now driving development of a full-stack analytics platform built to alleviate pain points he personally experienced from inflexible tools.

Host

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Incident response

Applied Research & the Power of Sustained Thinking – Casey Smith – ESW #309

March 16, 2023

Tap, tap - is this thing on? Why do defenders still struggle to detect attacks and attacker activities? Why do so many tools struggle to detect attacks? Today, we've got an expert on detection engineering to help us answer these questions. Thinkst's Canary and Canarytokens make in catching penetration testers and attackers stupidly simple. Thinkst...

Managed services

MSP = More Security Please? The state of Managed Service Providers – Raffael Marty – ESW #307

March 2, 2023

The MSP space has undergone a lot of changes in the past few decades, with the emphasis on security increasing dramatically in the last 5-10 years. We discuss how ConnectWise, which builds and sells solutions to MSPs, has tackled this challenge. We'll be asking questions both from Raffael's point-of-view, selling to MSPs, but also from the customer...

Incident response

Supply Chain Breaches and Hacking the Cloud: Lessons Learned from IR – Lina Lau – ASW #230

February 27, 2023

Join us for this segment with Lina Lau to learn lessons from real incident response engagements covering types of attacks leveraged against the cloud, war stories from supply chain breaches seen in the last 1-2 years, and how defenders and enterprises can better protect and proactively defend against these attacks. Segment Resources: Attacking and...