2023 SOC/SOAR Solutions Forum

The pace of IT change has become difficult to keep up with for SOCs. The SOC team should use the SOAR platform to gain insight on what the SOC does and perform it with greater speed, precision, and consistency. The challenge is SOAR tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of data from disparate tools. The SOAR tool doesn’t replace SIEMs or analysts. It’s a tool to provide support to the analyst and enable the full power of a SIEM.

The SOC/SOAR Solutions Forum will explore best practices of selection, implementation, operations, and staff use of SOAR tools. Investing in a SOAR platform is strategic and financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. SOAR promises to reduce Security Operations Center (SOC) operating cost. If implemented properly, and with a commitment to ongoing operational adjustment, the SOAR can become an enabler, tracker, metrics collector, and procedure knowledge base.

Join in on the action! Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest our of 2023 Solutions Forums. We'll see you there!



Anomali-logo_lion-wordmark_RGB-color.pngGoogle_Cloud.pngPalo_Alto_Networks.pngrapid7.pngVMRay Logo - Dark Blue

Agenda | March 17, 2023 | 10:30AM - 1:30PM EDT

Timeline (EDT)

Session Details

10:30 AM

Welcome & Opening Remarks

Chris Crowley, Certified Instructor, SANS Institute

10:45 AM

Advanced Sandboxing – Supercharging your SOC

Join Michael Bourton and Andrew Maguire from VMRay on March 17th, 2023, to hear about the advances in modern sandbox technology and how SOAR playbook integration can meet the challenge of today’s most evasive malware threats. Learn how SOC teams can integrate advanced sandboxing into their existing SOAR solution to perform automated EDR malware alert triage. Discover how to extract and streamline the sharing of IOCs and artifacts to enhance threat intelligence repositories or assist in threat-hunting efforts. Finally, understanding the value of custom YARA rules and how STIX can be used to create firewall rules and detection signatures, shining new light on evasive threats breaching the perimeter.

Andrew Maguire, Product Marketing, VMRay

Michael Bourton, Senior Security Solutions Engineer, VMRay

11:20 AM

Uniting Data That Matters Using SOAR

The key to optimizing SOC performance? Extracting insights from your data via a SOAR platform. This session will offer a cheat sheet for harnessing the full power of your SIEM via SOAR in three critical areas: 1) Creating playbooks so you can orchestrate disparate tools, 2) leveraging business intelligence so you can identify gaps, reallocate resources, evolve existing processes, or identify where to automate manual processes and 3) Use case management to unite the information that matters so your analysts can focus on what’s important instead of drowning in data.

Andy Shepherd, Senior Solutions Engineer, Google Cloud

11:55 AM


12:10 PM

What Does it Take to be Successful at SecOps Automation?

Alert volume is increasing. Analysts are burning out. You are considering SOAR to help you automate your workflows and ease the workload for your SecOps team. But finding value in a SOAR product can be challenging without direction. How do you determine if you are a candidate for automation? In this session, we will share some of the insights we have gained from our experience helping our customers deploy SOAR:

  • Top things to consider before you deploy automation
  • Breaking down a process into an automated workflow
  • Some "low-hanging fruit" use cases for immediate time savings
  • Insights from Cortex XSOAR customer telemetry to see how your peers are deploying automation

Jane Goh, Principal Lead, Product Marketing, Cortex XSOAR. Palo Alto

12:45 PM

Sustaining a Successful SOC: A Panel on Technology, Productive People, and Effective Strategy

Chris Crowley, Certified Instructor, SANS Institute

Andy Shepherd, Senior Solutions Engineer, Google Cloud

Michael Bourton, Senior Security Solutions Engineer, VMRay

Jane Goh, Principal Lead, Product Marketing, Cortex XSOAR, Palo Alto

1:30 PM


Chris Crowley, Certified Instructor, SANS Institute