Register by tomorrow to save $150 on top-notch cyber security training in Reston, VA!

ICS Security Summit & Training 2018

Orlando, FL | Sun, Mar 18 - Mon, Mar 26, 2018
This event is over,
but there are more training opportunities.

Defeating Alert Fatigue: Transforming NSM Alerts Into Effective Workflows

  • Dennis Murphy, Lead ICS Security Engineer and Daniel Trivellato, Product Manager
  • Monday, March 19th, 12:05pm - 1:30pm

The primary goal of network security monitoring (NSM) solutions is to detect anomalies and threats to the ICS network and its devices. But once threats are detected and alerts are raised, they need to be accurately processed and integrated into organizational workflows to enable an effective response. Analysts have to go through these alerts and discern relevant from irrelevant, classify them into "buckets" of related issues, and forward the information to the appropriate team for remediation. Until now, this task has been scarcely supported by network security monitoring solutions.

This talk presents lessons learned from our 5+ years of experience in managing large network security monitoring deployments and how we have turned this experience into automation, effectively supporting analyst operations and reducing their alert fatigue.

SecurityMatters

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Sunday, March 18
Session Speaker Time Type
Electricity Information Sharing and Analysis Center (E-ISAC) strategic plan update and GridEx IV lessons learned Bill Lawrence, NERC E-ISAC Sunday, March 18th, 5:30pm - 6:30pm SANS@Night
Monday, March 19
Session Speaker Time Type
Vendor Solutions Expo Monday, March 19th, 11:00am - 11:30am Vendor Event
Defeating Alert Fatigue: Transforming NSM Alerts Into Effective Workflows Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
ICS Cybersecurity Vulnerabilities and the One Chip Challenge Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
Choose the Right Tool for the Job - A "Lessons Learned" discussion on the value of breaking tradition in the OT space Rick Kaun, VP Solutions Monday, March 19th, 12:05pm - 1:30pm Lunch and Learn
Vendor Solutions Expo Monday, March 19th, 3:00pm - 3:30pm Vendor Event
ICS Security Summit Night Out Monday, March 19th, 6:00pm - 8:00pm Reception
Tuesday, March 20
Session Speaker Time Type
Vendor Solutions Expo Tuesday, March 20th, 10:30am - 11:00am Vendor Event
Vendor Solutions Expo Tuesday, March 20th, 3:15pm - 3:45pm Vendor Event
GIAC Certification Reception Tuesday, March 20th, 6:30pm - 8:00pm Reception
Wednesday, March 21
Session Speaker Time Type
Under the Hood of ICS Monitoring and Detection: 3 Use Cases Kim Legelis, Chief Marketing Officer Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
Alright, Who Changed What? Eric Persson, ICS Cybersecurity Consultant Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
ICS Down...it's go time! Jason DelyTechnical Director, ICS and Critical Infrastructure Wednesday, March 21st, 12:30pm - 1:15pm Lunch and Learn
Thursday, March 22
Session Speaker Time Type
Learning from the Adversary: The Value of Malware Analysis for ICS Dean Parsons Thursday, March 22nd, 6:00pm - 7:00pm SANS@Night