2025-10-25 –, Track 3 - Room 2400
Modern security operations face a tough reality, given that attackers are faster and more creative than ever, but most teams don’t have unlimited budgets or staff. The good news? You don’t need a giant stack of expensive products to build real capability.
Throughout this presentation, we’ll explore practical ways to combine free and community-supported tools into a cohesive security program that can handle modern threats.
You’ll see how to:
-
Detect phishing and email-based attacks before they reach users
-
Monitor browser activity to catch risky clicks and malicious content
-
Track wireless networks for rogue devices and close-access attacks
-
Leverage network traffic and complementary logs to uncover suspicious behavior
-
Quickly investigate endpoints to corroborate or correlate network-based activity
-
Enrich events with network-based threat intelligence for better prioritization
We’ll walk through real-world examples showing how these capabilities work together to find and stop attacks across multiple layers without spending a fraction of what you might dole out in those big box IT data stores. Whether you’re building a SOC from scratch or looking to augment an existing setup, you’ll leave with practical ideas and proven approaches you can put to work right away.
Wes Lambert is a lead engineer at Target, where he focuses on network security monitoring at scale. He spends his time designing and tuning network-based detection architecture and helps the organization achieve visibility across the enterprise.