Black Hat 2024: Network Detection Isn't a One-and-Done Security Process

"The network is the truth of what's going on," Phil Owens, VP of customer solutions for Stamus Networks, tells Dark Reading's Terry Sweeney at News Desk during Black Hat USA. Owens is making the case for building overlapping network detection methods to ensure even the stealthiest attacker doesn't slip by.

And while AI has brought more speed and comprehensiveness to network threat detection, AI has also added to the mountain of alerts that SOC analysts must triage daily. "And because of that, we think by using multiple types of solutions, [analysts will] be able to really drill in to the most imminent and dangerous threats on the network," Owens says. Network detection outputs also offer analysts the chance to organize their day better by pointing them to network hotspots or toward some kind of hunting environment for intruders or malicious payloads. "Multiple detection methods on the network side are good," he adds.

Analysts can still use signatures in detection work, and they're helpful especially when signature information can be correlated with data from other types of detection methods, such as different kinds of machine learning algorithms. "Things like that can really trigger and pull down the amount of alerts that are actually happening on the network," Owens says.

A network detection platform environment might work for some customers, but Owens says adding a standalone NDR to the mix will uncover different results than a single platform. "We want to integrate with the rest of your environment and make it as seamless as possible," he adds. "And by having multiple best of breed types of solutions, you now have different viewpoints around what you're looking at." It's a more complete way to get closer to the truth of the network.

Phil Owens is VP of customer solutions for Stamus Networks, and has over 25 years of experience in IT, networking, and cybersecurity. As a systems engineer, he has been a trusted advisor to several fortune 500 companies. As a product manager, he has created successful cybersecurity software products. Prior to joining Stamus Networks he held positions at RSA Security, AT&T, and IBM. Phil is also proud to have served in the US Air Force. He resides in Florida, USA.