2025-08-05 –, Florentine F
The cybersecurity market is projected to experience strong growth. This is driven by the plethora of devices connected to and integrated into enterprise networks, combined with the increase in zero day vulnerabilities being identified and exploited. The attack surface has broadened, while becoming more complex.
Many of the enterprise security tools used to defend our networks have failed us. Painful examples range from 0day attacks in on-prem Exchange servers to the SolarWinds supply chain attacks. These enterprise tools resulted in the successful compromise of businesses around the world.
In order to defend, both proprietary and open source tools have been at the core of many successful security projects and business initiatives. Open source tools have many benefits, among them, the freedom to try and tweak, while not being locked into 1-3 year licensing terms.
This talk will cover how an open source project, in particular, MISP (the malware information sharing platform) can be integrated into threat investigation workflows to help augment enterprise tools with the goal of increasing overall security while making a threat analyst’s life a little easier.
This talk came out of wanting to get back to Linux and open source communities after working with Microsoft Defender, Intune, Entra, and the rest of the Microsoft 0365 world for years. (So frustrating!) I wanted to better deal with my frustration with closed source “solutions” at work to gain more power over alerts, as well as make the investigation and triage process more efficient. I had forgotten the joy of working with the terminal after getting clobbered with Wacatac alerts. (Searching for Wacatac leads to Microsoft marketing documentation that tells you that Microsoft Defender can defend against it.)
Some jobs don’t have the ability to choose over what security tools are being used, so one must assess and see if the situation can be made better. That’s the background behind this talk.
Keya Arestad works as a security architect and has been doing various types of defending (and hacking) of endpoints and networks for over 10 years. She likes to balance time between computer screens and being outside.