Stanford University: Winning Detection Strategies in Higher Education

Wednesday, April 11 | 9:15AM–10:15AM ET | Baltimore Ballroom A, Fifth Floor
Session Type: Breakout Session
Delivery Format: Interactive Presentation
Many of us in higher education have a SIEM or a collection of security tools in place to alert on anomalies and for reactive searching. At Stanford, we build detections in our security tools based on behavior patterns falling outside Stanford's "normal." Our SecOps team will discuss how to look for normal in your school, identify sources of useful tactical data, and provide guidance on behaviors you should start monitoring. The tactics we discuss will be demonstrated on our tools, but in most cases will translate to security tools you have in place today.

Outcomes: Be able to apply detection tactics immediately at your school * Take away winning blue-team strategies to look for suspicious anomalies on your network * Start using your SIEM to gather "normal" patterns in your environment, then turn around to start detecting for malicious intent


  • stacy Lee

    Security Operations, Stanford University
  • Jeremy Tavan

    Information Security Systems Specialist, Stanford University

Resources & Downloads

  • WinningDetectionStrategiesInHigherEdu

    4 MB, pdf - Updated on 10/25/2018