SANS and NVISO Community Night
- Daan Raman & Oliver Nettinger
- Thursday, February 28th, 6:00pm - 9:00pm
18:00 - 19:00 - Welcome & Intro
19:00 - 19:45 - Where's Wally? Hands-on Threat Hunting in Elasticsearch using ee-outliers
Speaker : Daan Raman
The collection of millions of endpoint and network events in modern IT environments opens up great opportunities for the security analyst to perform Threat Hunting activities in search of adversary activity. However, the Threat Hunter faces several challenges: how do we create a baseline of ânormalâ or âexpectedâ activity out of millions (or billions!) of events? How do we introduce the human feedback loop in our Threat Hunting activities? How do we deal with false positives?
In this talk we introduce ee-outliers, an open-source framework we developed to detect statistical outliers in events stored in an Elasticsearch cluster, in support of the Threat Hunter. The framework contains a number of statistical models which can be used and extended using a basic configuration file format: no coding skills required!
In this technical talk we want to give a practical introduction of how ee-outliers can help the modern Threat Hunter spot adversary activity in huge volumes of security events. Attendees can expect lots of demos and realistic Threat Hunting examples! At the time of the conference, ee-outliers will have been open-sourced and made available to the audience members.
19:45 - 20:30 - Cybersecurity in Modern Road Vehicles
Speaker: Oliver Nettinger:
This talk will provide the audience with an overview of what car security actually means, its challenges compared to classical IT security, and a quick walk-through of vehicle security related history. It will touch on current research topics, as well as manufacturer and regulatory efforts to tackle the challenges of vehicle related security. Finally, it will provide an outlook on security with autonomous driving cars.
20:30 - 21:00 - Networking and Drinks
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Tuesday, February 26
| Session | Speaker | Time | Type |
|---|---|---|---|
| Making Sense of Your ICS Environment with the Help of Packet Analysis and Automa-tion | Kai Thomsen | Tuesday, February 26th, 6:00pm - 7:00pm | SANS@Night |
| The Offensive Defender | Cyberspace Trapping | Matthew Toussain | Tuesday, February 26th, 7:00pm - 8:00pm | SANS@Night |
Wednesday, February 27
| Session | Speaker | Time | Type |
|---|---|---|---|
| Rise of the Blue Team CTF | Russ Taylor | Wednesday, February 27th, 5:45pm - 6:30pm | SANS@Night |
Thursday, February 28
| Session | Speaker | Time | Type |
|---|---|---|---|
| SANS and NVISO Community Night | Daan Raman & Oliver Nettinger | Thursday, February 28th, 6:00pm - 9:00pm | Special Events |
