The announcement is simple:
"Time: 8 AM to 9 AM
Location: University of Auckland Business School
Event Date: Nov 13, 2014
Organization: New Zealand Information Security Forum (NZISF)
In this talk I will focus on how to detect the groups behind our incidents, and some of the methods that we use in the security team at the University to detect hacking early, preferably before it has done any damage. We have developed a number of ‘predictive controls’ that have proven successful in detecting and deterring compromises of University data. I provide an overview of some external research outlining why such predictive controls are now a necessity for any security team. I then discuss the sort of security skills and security operations that are required to implement and maximise the usefulness of predictive controls."
And that's it. The topic is not so simple, but unfortunately much of it is not something I'd post on my blog. The upshot is that if you run a security team, and do your security operations well, then you'll know what I'm talking about. Many organisations, prior to getting hacked, discover that they had the data pointing to an impending attack all along. But it is searching for, and operationalising this data that is the hard bit.
The key to doing this well is to abstract from incidents. Incidents are one-offs, which you open when they happen and close when done. But the majority of our 'incidents' is generated by groups who keep coming back for more. My talk is about how to identify these groups, and then how to use your incidents in a constructive manner to predict when they'll strike next.
