Agenda | 8:30 AM - 5:00 PM ET
Kickoff & Welcome
Chris Crowley, SANS Instructor
Implementing SOAR with Network Packet Capture for Faster, More Accurate Incident Response
SOAR’s goal is to transform SOC operations by orchestrating security incident response workflows. A key element of effective SOAR is making sure SOC analysts have relevant evidence at their fingertips as soon as they are ready to investigate an incident. This evidence needs to come from a range of sources to enable a complete 360 degree view of the incident. However, many SOAR deployments are missing a critical source of evidence that provides an irrefutable record of threats that occur on your network: the actual network traffic. Just like a black box flight recorder, Network Packet Capture shines a light on the precise footsteps of a security incident and allows faster, more accurate conclusions to be drawn.
This presentation looks at the benefits of incorporating recorded network traffic into your SOAR workflows. It covers the pros and cons of different methods of recording traffic including:
And outlines how packet capture can be integrated into SOAR workflows and playbooks to improve the speed and accuracy of Incident Response.
Michael Morris, Director of Bus. Dev. and Technology Alliances, Endace
How a Security Company Automates its SOC
Our SOC is tasked with protecting roughly 8,000 employees globally, a continuously expanding environment of endpoints, multiple data centers, and the security services our 85,000 customers consume. To protect all the data that flows across these infrastructures, we perform three primary services: threat monitoring, incident response and threat hunting. We provide these services with a lean SOC team that operates in a single shift, working mostly remotely, during standard business hours. Many are surprised to learn that we don’t have eyes on glass every second of every day but we’ve worked hard to refine a model that uses strong prevention, automation, and policy to ensure we can effectively mitigate risks without drowning in alerts around the clock.
Join us for a behind-the-scenes peek at how a SOC team protects one of the largest cybersecurity companies in the world. . You also get an opportunity to poll these SOC experts in a live Q&A.
Devin Johnstone, Sr Staff Security Engineer, Palo Alto Networks
Capturing the ROI of Security Automation
No matter the size or industry, company leaders recognize that minimizing external threats are of paramount importance. As a result, companies value their SOCs and consider them critical to their cybersecurity strategy, however, it is not always easy to quantify the ROI of these investments. In this session you will not only learn how to capture the ROI, but to improve it as well.
This session outlines:
Sumo Logic Session Info Coming Soon
Better SOC/SOAR Efficiency with Better Threat Intelligence: 3 Ways to Get There to Reversing Labs session
We live and work in an age where every minute counts, and threat actors employ more and more advanced techniques to evade detection from AVs, sandboxes, and process failures. Learn in this session from an industry leading expert in SOAR how applying threat intelligence correctly can greatly improve the SOCs efficiency, and catch the bad guys earlier on. The key sessions topics will be:
Andrew Yeates, Solutions Architect, ReversingLabs
Diversify and Conquer: Building and Managing Successful CyberTeams
Successful organizations know it's important to build diverse teams, but how can you ensure you're hiring from the most diverse pool? And once you've developed a diverse team how can you support inclusion and respect to keep that team effective and engaged? In this panel we bring together a group of experts in the cybersecurity field who represent a wide variety of backgrounds and approaches. Together we'll talk through dimensions of diversity including educational, experiential, racial, and neuro. And we'll share examples of how you and your organization can thrive with a powerfully diverse workforce.
Chris Crowley, SANS Instructor
Cool Ways to Automate Your Threat Intel Management
Join us for a live demo of top ways you can leverage automation to get more out of your threat feed subscriptions. Why do it manually when you can “outsource” scoring your feeds, mapping external threats to what’s happening in your environment, and distributing critical indicators to your enforcement points? See how you can truly unlock the power of your threat intel and gain time back in the process.
Ryan Clough, Sr Product Manager, Palo Alto Networks
Deep Dive Into Integrating Always-on Packet Capture with SOAR
Continuous network packet capture holds vital clues to help resolve critical security incidents. This tech talk reviews how to integrate packet capture with SOAR platforms for faster and more accurate incident response. It will include demos of integrations with Palo Alto Networks Cortex XSOAR and Splunk SOAR.
Hackers often cover their tracks by erasing logs or deleting other clues that show their activity. You will learn how you can bring clarity to every incident, alert or issue when continuous network packet capture is integrated with your SOAR workflows.
Michael Morris, Director of Business Development and Technology Alliances, Palo Alto Networks
Cyber Resilience for Digital Operations
Security operations needs context awareness to ensure the success of business initiatives in a world of advanced, targeted attacks. Netenrich empowers security, IT and cloud operations to thrive during adversity with adaptive incident resolution using real time, data driven risk and trust-based decision making. The Netenrich Resolution Intelligence platform streamlines the process of managing, analyzing, and fixing the root cause of incidents to prevent future disruption.
Christopher Morales, CISO, Netenrich
Track “Things”, Gain Better Visibility and Investigate Incidents Faster using IPAM Asset Data
Responding to security events requires sophisticated investigation skills and gathering of data from multiple sources to accurately understand severity of an attack, and identify affected devices. This data gathering can often be a manual, laborious process and involve co-ordination with multiple groups within the company. And even then, visibility gaps exist. Without a centralized database of things that connect to the network, tracking becomes difficult. Without understating the role of assets involved in a breach, prioritization can be misplaced.
Join this session to gain insights into:
Krupa Srivatsan, Director of Product Marketing, Infoblox
End Cyber Risk with Security OperationsCyber risk is a business risk. Unfortunately, the cybersecurity industry has shown an effectiveness problem in reducing cyber risk for organizations. Every year we’ve witnessed new technologies, vendors, and solutions emerge—yet despite this constant innovation, high-profile breaches continue to make the headlines.
Join us as we discuss:
Christopher Fielder, Director, Product Marketing, Arctic Wolf
Tracking Internet “Noise” to Reduce Alerts and Predict Attacks
Every machine connected to the internet gets slammed with unsolicited communications from tens of thousands of IP addresses every day. This massive volume of “internet noise” triggers security tools to generate thousands of events that SOC teams must analyze, even though much of the traffic is harmless opportunistic scanning or common business services. But today, a new generation of threat intelligence is emerging that gives analysts the context they need to confidently ignore irrelevant or harmless activity, creating more time to uncover and investigate true threats.
Join this webinar to hear GreyNoise founder and CEO Andrew Morris discuss how GreyNoise data can be used to reduce alert fatigue, identify compromised devices, and predict malicious activity. Learn about:
Andrew Morris, Founder and CEO, GreyNoise Intelligence
SOC & SOAR Efficiency Panel
Security Orchestration, Automation and Response (SOAR) tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things.
Investing in a SOAR platform is strategic and oftentimes a financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. This process occurs when an organization’s security team uses the platform to gain insight on an attacker’s tactics, techniques, and procedures (TTPs) and known indicators of compromise (IOC). But more importantly, to know what the SOC needs to do and perform it with great speed, precision, and consistency.
Chris Crowley, SANS Instructor
Level SOC & SOAR with Chris Crowley
Hear what Chris Crowley has to say about Level SOC & SOAR and what you can expect from attending.
Cybersecurity Solutions for Today's Challenges
The 2nd annual SANS Cyber Solutions Fest aims to connect cybersecurity professionals of all levels with the latest solutions, tools, and techniques to combat today's cybersecurity threats.
- Featuring 4 unique levels: Threat Hunting & Intel, SOC & SOAR, MITRE ATT&ACK®, and Cloud Security
- Network in real-time with over 30 sponsors and learn from top industry experts
- Join interactive panel discussions, discover job opportunities, compete in games for multiple prizes, and more