Noopur Davis, CISO, Comcast

“As a result of the security data fabric, the questions we dare to ask ourselves become more audacious each day.”

Do you use the same data for continuous controls monitoring, threat hunting, and incident response?

Can you improve your vulnerability scan operations to reconcile ephemeral assets?

Are there systems still operating but no longer have your security agents on them?

How quickly can you find owners for unknown assets in your CMBD?

How long would it take you to run a full investigation spanning multiple years?

What is the typical behavior of vendors who connect to your network?

Can you correlate any device, Windows event, authentication events, and EDR events across 150k+ users for the past two years in chronological order?

Are you confident in the way you automate your routine threat hunts?

Can you detect anomalous source code repository interactions?

Can you alert when a non-technical employee is executing technical tasks e.g., source code access or executing admin tasks?

How do you detect concerning executions of LOLBins?

Have you seen this IOC in your ecosystem in the past two years?

Can you detect credential sharing or compromise based on behavior patterns?

How quickly can you find owners for unknown assets in your CMBD?

How long would it take you to run a full investigation spanning multiple years?

Can you correlate any device, Windows event, authentication events, and EDR events across 150k+ users for the past two years in chronological order?

Are you confident in the way you automate your routine threat hunts?

Can you improve your vulnerability scan operations to reconcile ephemeral assets?

Have you seen this IOC in your ecosystem in the past two years?

How do you detect concerning executions of LOLBins?

Are there systems still operating but no longer have your security agents on them?

What is the typical behavior of vendors who connect to your network?

Do you use the same data for continuous controls monitoring, threat hunting, and incident response?

Can you detect credential sharing or compromise based on behavior patterns?

Can you alert when a non-technical employee is executing technical tasks e.g., source code access or executing admin tasks?

Can you detect anomalous source code repository interactions?

Can you detect anomalous source code repository interactions?

Can you improve your vulnerability scan operations to reconcile ephemeral assets?

Can you alert when a non-technical employee is executing technical tasks e.g., source code access or executing admin tasks?

Are you confident in the way you automate your routine threat hunts?

How long would it take you to run a full investigation spanning multiple years?

Can you correlate any device, Windows event, authentication events, and EDR events across 150k+ users for the past two years in chronological order?

How do you detect concerning executions of LOLBins?

What is the typical behavior of vendors who connect to your network?

Have you seen this IOC in your ecosystem in the past two years?

Are there systems still operating but no longer have your security agents on them?

Do you use the same data for continuous controls monitoring, threat hunting, and incident response?

Can you detect credential sharing or compromise based on behavior patterns?

How quickly can you find owners for unknown assets in your CMBD?

What is the typical behavior of vendors who connect to your network?

Are there systems still operating but no longer have your security agents on them?

Do you use the same data for continuous controls monitoring, threat hunting, and incident response?

Can you alert when a non-technical employee is executing technical tasks e.g., source code access or executing admin tasks?

How do you detect concerning executions of LOLBins?

Can you correlate any device, Windows event, authentication events, and EDR events across 150k+ users for the past two years in chronological order?

Are you confident in the way you automate your routine threat hunts?

Have you seen this IOC in your ecosystem in the past two years?

Can you detect credential sharing or compromise based on behavior patterns?

Can you detect anomalous source code repository interactions?

How long would it take you to run a full investigation spanning multiple years?

Can you improve your vulnerability scan operations to reconcile ephemeral assets?

How quickly can you find owners for unknown assets in your CMBD?

"My dream was to have vast amounts of relevant security data easily actionable within minutes and hours—not days or weeks—and we’ve achieved that using a security data fabric"

— Noopur Davis, CISO, Comcast
DataBee® podcast

Free the CISO

Listen on
SpotifyApple PodcastsYouTube Music