Reducing mean time to detect (MTTD) for security incidents is a goal for many security teams. This is especially true for spear-phishing attacks that can quickly exploit access to compromised privileged accounts. Time series databases have been used by developers to reduce detection times since the queries they run to detect anomalies typically return in less than a second. In this session, we will share a new approach to security monitoring so your security teams can be alerted sooner. In this talk you will learn:
- How to convert log data into time series data
- What metric anomalies indicate potential security breaches
- Specific queries to detect metric anomalies