3 Days left to get a GIAC Certification Attempt Included with Online Training - Dont Miss Out!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

SOCs Grow Up to Protect, Defend, Respond: Results of the 2017 SANS Survey on Security Operations Centers, Part 1

  • Wednesday, May 17th, 2017 at 1:00 PM EDT (17:00:00 UTC)
  • Chris Crowley, Alex Valdivia, James Carder and John Markott
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsors

  • Carbon Black
  • Endgame
  • LogRhythm
  • NETSCOUT Systems, Inc.
  • ThreatConnect
  • Tripwire, Inc.

You can now attend the webcast using your mobile device!

Overview

Join survey author Christopher Crowley as he co-chairs the SANS SOC Summit June 5-6, 2017.

It takes a village to protect today's networks from cyber threats. And, today's security operations centers (SOCs) represent villages unto themselves, with many different roles and technologies supporting multiple, complex tasks and often spanning geographies.

Whether in-house or in the cloud, SOCs are maintaining prevention and detection systems and monitoring hosts, the network and the Web for vulnerabilities. Increasingly, SOC functions are converging with intelligence, threat hunting and other emerging processes to aid in prevention and response.

How are organizations accomplishing these tasks? What types of resources are they utilizing to staff and run their SOCs? And what type of organizations are turning toward cloud-based managed services for part or all of their SOC needs? In this first part of a two-part webcast, join SANS principal instructor, Chris Crowley, who will share the results of SANS' first survey on security operations centers. Attend this webcast and learn about trends in SOCs, including:

  • Basic SOC architectures
  • Preparedness, staffing and capabilities
  • Level of automation and integration between prevention, detection and response
  • The SOC's relationship with IT Ops
  • What types of organizations are using cloud-based SOC services
  • What types of organizations are devoting mostly in-house resources to maintain their own SOCs
  • What functions are most commonly turned over to the cloud versus what are most commonly kept in-house

Click Here to be among the first to view the associated results whitepaper written by Chris Crowley. Click here to register for the second part of this webcast: Future SOCs, held on Thursday, May 18, 2017

Speaker Bios

Christopher Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.

Mr. Crowley is the course author for for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. He holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN and CISSP certifications. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming.

He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."

Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.


Alex Valdivia

Alex Valdivia is a member of the ThreatConnect Research Team, where he analyzes malware, malicious infrastructure and threat actors, and captures best practices in order to share intelligence and process with various ThreatConnect Communities. He has spoken at B-Sides Las Vegas, DEF CON Skytalks and has been a guest lecturer for threat intelligence courses at Johns Hopkins University, Metropolitan State University and the University of South Florida. Before ThreatConnect, Alex studied electrical engineering at George Mason University and worked the graveyard shift in a SOC, where he developed a fondness for thwarting inept online criminals.


James Carder

James Carder, CISO & VP of LogRhythm Labs, brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. government. At LogRhythm, he develops and maintains the company's security governance model and risk strategies; protects the confidentiality, integrity and availability of information assets; oversees both threat and vulnerability management, as well as the Security Operations Center (SOC). He also directs the mission and strategic vision for the LogRhythm Labs machine data intelligence, threat and compliance research teams.


John Markott

John Markott is a director of product management at Carbon Black. His mission: To help MSSP and IR providers to ride the wave and reap the rewards of Next-Generation Endpoint Security. With nearly two decades of experience in InfoSec, John is helping to bridge the gap between product design and implementation within security operations centers and next-generation security services.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.