SANS Automation & Orchestration Solutions Forum

  • Thursday, 30 Jan 2020 9:30AM EST (30 Jan 2020 14:30 UTC)
  • Speakers: Chris Crowley, Jay Spann

In the Austin area? Join us at the Live Event. Register here.

Security Orchestration, Automation and Response tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things. The challenge is that the tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figure out the sequence of actions that need to be automated, and bring together the mass of data from disparate tools.

The session will provide practical and actionable examples of the sequence of steps that an organization needs to take to utilize these tools. He will provide examples of what can be orchestrated, and what can be automated. Plus, some examples of how to deal with the remaining work to be done.

Topics will include:

  • Security Operations Centers (SOC)
  • Security Incident and Event Management (SIEM)
  • Automation
  • Configuration Management
  • Anti-Malware
  • Orchestration
  • Vulnerability Assessments & Penetration Testing
  • Threat Intelligence
  • Intrusion Detection/Prevention Systems (IDS/IPS)
  • Log Management & Security Monitoring
  • Security Incident Management
  • Containment
  • Incident Handling
  • Network, Filesystem, and Memory Forensics

Not many classes specifically deal with SOAR tools. Vendors are trying to develop mature customers. Customers are trying to understand how to use these tools:

  • Which tasks should I automate?
  • What is orchestration and what is it supposed to do to help me? How do I use it?
  • What is the best vendor solution to address X?
  • What resources are out there so I don't have to reinvent the wheel?

SANS has worked hard to maintain its reputation as a vendor-neutral provider of world-class training and facilitator of security research. We also recognize that many of our students come from vendor organizations and that these vendors make a significance to the community. For this reason, and true to the SANS mission, we are excited to host this exchange of ideas in the form of the SANS Automation & Orchestration forum.

Earn 4 CPE Credit hours for attending this webcast.


8:30am - 9:15am - Opening Remarks/Keynote - Chris Crowley, SANS Senior Instructor

9:15am - 10:00am - The Past, Present and Future of Security Orchestration, Automation and Response

Manual incident response processes and difficulty hiring experienced personnel leaves security teams struggling to keep up with the growing volume of alerts. Security orchestration, automation and response (SOAR) streamlines and speeds up the incident response process. In this presentation, you'll get an in-depth look into the past, present and future of SOAR with research, use cases and real-life customer data supporting these insights. In this webinar, Swimlane's SOAR Evangelist Jay Spann will discuss:

  1. A short history of and the current state of SOAR
  2. How organizations are currently implementing SOAR
  3. Common and not-so-common SOAR use cases
  4. Upcoming trends and exciting use cases that will affect the future of SOAR

Jay Spann, SOAR Evangelist, Swimlane

10:00am - 10;30am - Networking break

10:30am - 11:15am - Alex Valdivia, Director of Research, ThreatConnect (speaker information coming soon)

11:15am - 12:00pm - Before SOAR was a thing - Lessons Learned from 10+ Years of Security Integration & Automation with Panopticon at UT Austin

Within Texas and across the world, the complexities and demands of an institutional cybersecurity program are growing at an exponential pace, while the resources and sustained talent pools have become scarcer and more constrained. Since 1999 US Austin's Information Security Office has been pioneering the cybersecurity field through innovative research & the development of novel security automation to address growing cybersecurity challenges at Texas-sized scale. This talk will provide an overview of UT's security approach with a focus on end-to-end incident response IR/SOC integration and automation with Panopticon SOAR.

Cam Beasley, CISO and Adjunct Professor with Computer Science at UT Austin

12:00pm - 12:15pm - Closing address