SANS Stay Sharp Training Live Online: Quickly sharpen your skills with 1-3 day blue team & cloud courses. Save 25% thru 11/11.

Security Operations London 2019

London, United Kingdom | Mon, Dec 2 - Sat, Dec 7, 2019
This event is over,
but there are more training opportunities.

Don't be a SIEMingly SOAR Loser...

  • Rob Gresham
  • Tuesday, December 3rd, 6:00pm - 7:00pm

This title is so perfect for this discussion. Security operations, automation, and response constitute an awesome path for security teams, whether it is automation attached to the SIEM or a stand-alone orchestration tool. We love innovation, yet it seemingly creates such a SOAR on our seating devices. Where is the value in our SOAR products, and how long will it take until we are rewarded? Is it measured by your detection or response time? Containment, reimage, or resolution times? Is it a ticketing tool, case management, or neither? What is the difference between ticketing and case management tools? There are generally two approaches to the SOAR implementation models. One is as infinite as the ocean and the other is how you really work. We will explore these areas, offer suggestions, and provide some definitive truths (IMHO). We'll use the TTP0 fractal to define our flows and I2A2 to collect that SOEL, and if you don't SOAR after implementing those. We will demonstrate how your existing use cases or tribal knowledge can be exploited to deliver powerful automation and response, and how the human-machine team can be taken up a notch and work immediate automation into your processes that will lead to true orchestration. SOARing isn't an easy task (even though some make it look so easy, right?) and yet all of us want to fly or be flown.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
Monday, December 2
Session Speaker Time Type
Kerberos & Attacks 101 Tim Medin Monday, December 2nd, 7:00pm - 8:00pm SANS@Night
Tuesday, December 3
Session Speaker Time Type
Don't be a SIEMingly SOAR Loser... Rob Gresham Tuesday, December 3rd, 6:00pm - 7:00pm SANS@Night