In the Austin area? Join us at the Live Event. Register here.
Security Orchestration, Automation and Response tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things. The challenge is that the tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figure out the sequence of actions that need to be automated, and bring together the mass of data from disparate tools.
The session will provide practical and actionable examples of the sequence of steps that an organization needs to take to utilize these tools. He will provide examples of what can be orchestrated, and what can be automated. Plus, some examples of how to deal with the remaining work to be done.
Topics will include:
Not many classes specifically deal with SOAR tools. Vendors are trying to develop mature customers. Customers are trying to understand how to use these tools:
SANS has worked hard to maintain its reputation as a vendor-neutral provider of world-class training and facilitator of security research. We also recognize that many of our students come from vendor organizations and that these vendors make a significance to the community. For this reason, and true to the SANS mission, we are excited to host this exchange of ideas in the form of the SANS Automation & Orchestration forum.
Earn 4 CPE Credit hours for attending this webcast.
8:30am - 9:15am - Opening Remarks/Keynote - Chris Crowley, SANS Senior Instructor
9:15am - 10:00am - The Past, Present and Future of Security Orchestration, Automation and Response
Manual incident response processes and difficulty hiring experienced personnel leaves security teams struggling to keep up with the growing volume of alerts. Security orchestration, automation and response (SOAR) streamlines and speeds up the incident response process. In this presentation, you'll get an in-depth look into the past, present and future of SOAR with research, use cases and real-life customer data supporting these insights. In this webinar, Swimlane's SOAR Evangelist Jay Spann will discuss:
Jay Spann, SOAR Evangelist, Swimlane
10:00am - 10;30am - Networking break
10:30am - 11:15am - Alex Valdivia, Director of Research, ThreatConnect (speaker information coming soon)
11:15am - 12:00pm - Before SOAR was a thing - Lessons Learned from 10+ Years of Security Integration & Automation with Panopticon at UT Austin
Within Texas and across the world, the complexities and demands of an institutional cybersecurity program are growing at an exponential pace, while the resources and sustained talent pools have become scarcer and more constrained. Since 1999 US Austin's Information Security Office has been pioneering the cybersecurity field through innovative research & the development of novel security automation to address growing cybersecurity challenges at Texas-sized scale. This talk will provide an overview of UT's security approach with a focus on end-to-end incident response IR/SOC integration and automation with Panopticon SOAR.
Cam Beasley, CISO and Adjunct Professor with Computer Science at UT Austin
12:00pm - 12:15pm - Closing address