The Zero-Trust Approach for Your Alert Haystack

  • Date 05 Jun 2019

The Zero-Trust Approach for Your Alert Haystack

05 Jun 2019, 10:00 - 10:25

Tech Talks

Current approaches for SOC automation are focused on making alerts more consumable and running playbooks, but ultimately defenders run the risk of having their systems compromised by not investigating every single alert. This presentation will discuss how the evolutionary nature of software can enable a zero-trust approach to a large volume of alerts. Through identification examples of trusted Microsoft software, high-risk malware Emotet and Ursnif, and a nation state sponsored threat from APT17, it will demonstrate how the Genetic Malware Analysis approach prioritises files according to risk and severity, and accelerates all stages of the incident response cycle.

Learning Outcomes:

  1. Understand some of the major challenges incident response and SOC teams face on a daily basis.
  2. Apply the biological immune system concepts to cybersecurity, and understand how the Genetic Malware Analysis approach works. All malware is based on previously written software or binary code, and detecting even the smallest fragments of code similarities between files can classify malware to its relevant malware family and make attributions.
  3. Learn how the Genetic Malware Analysis approach and identifying code reuse similarities between files (both malicious and trusted software) improves security operations and accelerates all stages of the incident response cycle.
  4. Identify and distinguish between trusted software, high-risk malware, and nation state sponsored threats through real-life examples.
  5. Learn practical applications of incident response flows using the Genetic Malware Analysis approach.



  • Roy Halevi




    Roy spearheads the research and engineering operations behind Intezer’s Genetic Malware Analysis technology. His extensive background in software...

Business Issues covered

  1. What will this session help you to do?
    • Build a robust cyber response and resilience strategy
    • Clearly navigate and understand increasingly complex legislation‎


We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.