SANS Community Nights provide a great way to stay in touch with your local InfoSec community and to hear the latest thought leadership from SANS world-leading instructors.
Join us at the Copenhagen Marriott Hotel, Kalvebod Brygge 5, Copenhagen, 1560, Denmark
View the agenda below:
Tuesday 24th September 2024
Registration
17:30 – 18:00
The Dark Cloud Above All SOCs - Alert Fatigue and False Negatives
With Mathias Fuchs
18:00 – 19:00
Key Insights from SANS CTI Survey 2024
With Andreas Sfakianakis
19:00 – 20:00
Abstracts:
Key Insights from SANS CTI Survey 2024 With Andreas Sfakianakis
In the past year, cyber threats are once again top of mind for organizations of all types. The global geopolitical situation continues to become more unstable, leading to increased conflicts and hybrid threats. As a result, cyber threat intelligence (CTI) professionals face significant challenges in managing the evolving threat landscape and providing actionable intelligence to their stakeholders. During this presentation, SANS Certified Instructor Candidate Andreas Sfakianakis will explore 2024 CTI Survey results to learn: How the CTI discipline has evolved in the past year How CTI analysts kept up with the ever-changing threat landscape How CTI analysts view emerging threats, such as adversary use of AI How technology enablement improves the efficiency of CTI teams.
The Dark Cloud Above All SOCs - Alert Fatigue and False Negatives
A SOC, per definition, works like a funnel. You usually have less skilled analysts at the top of the funnel and the more skilled tier 2 or tier 3 analysts further down the road. That means that, per definition, the least qualified analysts in the SOC will decide if an alert will even be analyzed by a more mature analyst. Doesn't sound like a good idea? Well then, we are on the same page. In this talk, I will walk through typical SOC operations, what the risks are, how false negatives can be prevented or their effect mitigated. I'll also talk about tricks that keep analysts more engaged and reduce alert fatigue. If you are running a SOC or working with a SOC as IR or Threat Hunting team, there is something for you to take back home.