Loading…
← Back to schedule
email.telemetry.normalized: Detection Engineering Beyond the Inbox in Healthcare
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago
Email continues to be the most common initial access vector in healthcare environments, yet many organizations still rely primarily on email security gateways for detection and protection. While gateways provide an important first layer of defense, they often create visibility gaps once messages reach user inboxes. Attackers routinely exploit these gaps through techniques such as executive impersonation, credential harvesting, and business email compromise (BEC).


This session explores how extending email security beyond the inbox can significantly improve detection and response capabilities in healthcare environments. Based on real-world operational experience, the talk focuses on integrating third-party email security telemetry into a centralized SIEM using custom connectors and normalized log pipelines. By ingesting and analyzing this telemetry alongside other security signals, defenders gain deeper visibility into attacker behavior that may otherwise go unnoticed.


Healthcare environments present unique challenges compared to other industries. Clinical workflows, external vendor communication, patient interactions, and regulatory requirements often limit how aggressively organizations can block or restrict email activity. These constraints create opportunities for attackers who understand how healthcare communication patterns differ from traditional enterprise environments. This talk highlights several real-world attack scenarios observed in healthcare networks, including executive impersonation attempts targeting leadership staff and phishing campaigns leveraging newly registered domains or fake authentication portals.


Attendees will see how detection engineering techniques can be applied to email telemetry once it is normalized within a SIEM. Instead of relying solely on static gateway signatures, defenders can build behavioral detections based on patterns such as suspicious sender reputation, missing email authentication controls (DMARC, DKIM, SPF), domain anomalies, and abnormal message characteristics. Lightweight Sigma-style logic will be used to illustrate how these detection patterns can be implemented in a platform-agnostic way.


Beyond detection, the session will also demonstrate how SOAR workflows integrated with SIEM detections can automate investigation and response actions. Automated enrichment, alert triage, domain blocking, and credential reset workflows can significantly reduce analyst fatigue while improving response speed and consistency in high-volume healthcare environments.


This talk is grounded entirely in real-world incidents and production security operations rather than theoretical frameworks or vendor marketing. The goal is to provide practical guidance on how healthcare defenders can implement a defense-in-depth strategy for email security by combining gateway protections, SIEM-based detection engineering, and automated response workflows.


Attendees will leave with actionable ideas for improving email visibility, building stronger detection logic, and operationalizing email telemetry to better defend healthcare environments against modern phishing and impersonation attacks.
Speakers
avatar for Akash Parasumanna Sridhar

Akash Parasumanna Sridhar

Security Engineer, Campbell Clinic
Akash Parasumanna Sridhar is a cybersecurity professional working in healthcare environments, specializing in detection engineering, incident response, and security automation. He has hands-on experience designing SIEM-driven detections, integrating third-party security telemetry... Read More →
Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA
  Talk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link