Today many organizations are using Bro (newly named Zeek) for network security monitor as it provides a powerful network analysis framework. This presentation will describe how to leverage Zeek to report on ATT&CK TTPs, raw events, and other detectable activities. Key takeaways include how to report on sightings and occurrences of ATT&CK TTPs and events providing both metrics and gap analysis to inform security operations teams on where their defense may require improvement.

Event Website

About the Speakers

  • Allan Thomson

    Allan Thomson
    CTO, LookingGlass Cyber Solutions, Inc.

    As LookingGlass Chief Technology Officer, Allan leads technical strategy, architecture and product technology across all LookingGlass Threat Intelligence product lines including Threat Response systems. Allan is a key contributor to STIXv2 standards and co-chair of STIX/TAXIIv2 Interoperability sub-committee including STIXPreferred certification program. Prior to LookingGlass, Allan served as Principal Engineer at Cisco Systems, Inc., where he led the software architecture and design of the company’s Cyber Threat Defense System and Platform Exchange Grid. He was responsible for overall systems management and security telemetry collection/ aggregation, as well as distributed threat analysis/intelligence services in multi-tenant public and private cloud deployments