Nationwide Efficiency: Minimizing YARA Rulesets for Maximum Threat Detection
- 15:40
- Tue
- 14 Nov
Presenter:
YARA rules have emerged as indispensable tools for defenders, especially in detecting and eliminating suspicious files during incident response engagements. Yet, as the cyber threat landscape continues to evolve, the methodologies behind selecting and optimizing these rules for specific industry sector or national contexts remain largely underexplored. In my role as the Malware Analysis Director, I grappled with the challenge of effectively sifting through an expansive collection of over 30,000 YARA rules. The primary objective was to come up with a YARA ruleset that would be both computationally efficient and highly relevant to the unique cybersecurity challenges faced by our industry. Our objective was basically to curate a lean, efficient rule set, ensuring optimal threat detection on a large scale, within the constraints of computing resources and relevant threats and the goal of this session is to explain how we managed to do it.
Presenter: