Welcome & Introduction
Going Beyond SOAR: Making Security Automation for Everyone
Security professionals face more change, more alerts, and more attacks than ever before. They’re tasked with protecting increasingly complex environments from a multiplying range of threats, each and every day.
While automation is a powerful tool for staying ahead of increased complexity - for security teams, automation has been largely limited to the world of Security Orchestration, Automation and Response (SOAR) platforms. This has limited the usefulness of automation to many security professionals, and created a world where many teams are stuck between repetitive daily tasks and reacting to alerts.
In this session, Torq Field CTO Marco Garcia will share how to design and implement a modern security automation practice. He’ll highlight where SOAR platforms succeed - and where they fall short, and discuss how to bring powerful automation into the hands of every member of a security team. Attendees will learn how to start with automation at any size - and how to iteratively build out a security automation practice that reduces risks, saves time, and helps them stay ahead of threats.
Marco Garcia, Field CTO, Torq
Security vs. Observability: Two Roads Converge
Observability and security are complimentary use-cases which appear likely to converge, organizations seeking resilience and efficacy should consider data-driven approaches that foster compatibility between the two.
Devon Kerr, Team lead for Elastic Security Intelligence & Analytics, Elastic
Optimize Threat Investigations in the SOC with Domain Intelligence
According to a Forrester Consulting Thought Leadership Paper, 74% of security operations teams spend more than 4 hours investigating a single threat incident. Considering that security operations teams are facing ever increasing volumes of log data every day, gaining efficiencies into investigation workflows and quickly determining which threats are highest priority is critical.
Join Kevin Libby, Threat Intelligence Advisor, as he walks through a sample investigation to learn how to use domain and DNS intelligence to:
Kevin Libby, Enterprise Sales Engineer, DomainTools
Uniting Threat Intelligence and SOC Teams with Intelligence-Driven SOAR
How smart is your Security Orchestration, Automation, and Response
(SOAR) platform? The answer to that question is critical to determining
how protected your organization is from the next data breach or
Imagine for a moment that you’re sitting in a restaurant between
sessions at a major industry conference and you receive an email from
your boss, the Chief Information Security Officer, that says he/she not
only wants to be made instantly aware of potential incidents that could
lead to a data breach or ransomware attack on your company’s new
clinical trial database but he/she also wants to ensure that the new
state-of-the-art threat library developed by the CTI team is driving
better decisions and executes controls automatically based on changes in
the threat landscape.
Did you make the right investment decisions? Is your SOAR smart enough to handle that? Join us for the ThreatConnect Intelligence-Driven SOAR presentation, where we will walk you through a fictional scenario that is based on a generic testing and therapeutics company concerned about ransomware targeting its COVID-19 testing data.
Security Architect, ThreatConnect
How to Confidently Defend Against Threats with Next-Gen SIEM
Why do you need a next-gen SIEM? Advanced adversaries, applications
moving rapidly to the cloud, more data — there are many reasons a legacy
SIEM just doesn’t cut it anymore.
Devo Security Operations empowers security teams to confidently defend their organization, providing teams the ability to:
Join this session to learn how SOC teams from the US Air Force, American Express GBT, Manulife, Rubrik, and more have transformed their operations with the Devo next-gen SIEM.
Josh Klick, Cybersecurity Specialist, Devo
Winning the War Against Ransomware: How the SOC Can Lead the Charge
According to published data, ransomware shows no sign of slowing in 2021
and beyond. For this year through June, we have seen a 160% increase in
the publicized ransomware attacks over the same time period from last
year. With the current cybersecurity talent shortage, and an
overwhelming number of alerts to investigate, what can a SOC do to help
mitigate these attacks?
Join Cisco as we discuss techniques organizations can leverage threat intelligence, orchestrate workflows, and improve incident response.
Product Marketing Manager, Cisco
Alert prioritization: Managing too much of a good thing
Behavioral analytics play a well-respected role in threat detection:
Using the latest approaches, they can be extremely effective at
identifying abnormalities in network traffic that fall outside defined
"normal" patterns, and have a higher likelihood of indicating suspicious
activity. But there is such a thing as being too good: Behavioral
analytics are inherently noisy -- meaning, they can be almost too
powerful and surface an overwhelming number of alerts for SOC analysts
If the overall goal is to improve detection rates for questionable activities and cut down on false positives, there has to be a way to further prioritize anomalies to make the workload manageable, and to ensure that resources are being focused on the most important alerts. IronNet's VP of Cyber Operations, Anthony Grenga, will discuss best practices using feature enrichment, and alert aggregation and correlation in order to help model adversary attack techniques and highlight anomalous activity by threat categories to prioritize alerts.
VP Cyber Operations, IronNet
Crowdsourcing threats: Global Intelligence for security operations
Given the complexity and vast attack surfaces of modern cloud architectures, SOC teams and tools will continue to struggle to keep pace with threats in their environments. In this session, we will share unique analytics capabilities that leverage the collective wisdom of peer organizations to turbocharge threat scoring and prioritization, allowing your SOC team to address the most critical threats. In addition, we will present innovations that accelerate threat investigations using the power of the crowd.
Bashyam Anant, Sr. Director Product Management, Sumo Logic
Getting to Better Implementation in the SOC
Defenders today are faced with a complex set of challenges resulting
from the confluence of several key factors. The economics of attack
tooling and the anonymity of cryptocurrency has driven the
commoditization of threat techniques and greater specialization among
bad actors, resulting in an explosion of what look like sophisticated
attacks. This is compounded by the fact that defender tooling either
does not provide adequate coverage as the attack surface grows, or
requires a combination of tools that are operationally challenging to
In this session we’ll present a technical perspective on how evaluating defensive tools and their efficacy, can help teams to ensure implementation requirements are met. The discussion will hone in on key technology elements used in the modern SOC and how they can help to build an understanding of what an attacker would see in the environment, important data to collect and analyze and why, analytics processing methodologies, the most common security tasks that can be automated without having to build out entire operational processes, how to scope potentially compromised systems with modern forensic techniques and tooling, and hunting tools -- and provide concrete recommendations on how to best leverage these in the context of your security architecture.
Matt Kraning, CTO, Cortex at Palo Alto Networks