Agenda | 8:30 AM - 5:30 PM EDT
Kickoff & Welcome
Chris Crowley, SANS Instructor
Implementing SOAR with Network Packet Capture for Faster, More Accurate Incident Response
SOAR’s goal is to transform SOC operations by orchestrating security incident response workflows. A key element of effective SOAR is making sure SOC analysts have relevant evidence at their fingertips as soon as they are ready to investigate an incident. This evidence needs to come from a range of sources to enable a complete 360 degree view of the incident. However, many SOAR deployments are missing a critical source of evidence that provides an irrefutable record of threats that occur on your network: the actual network traffic. Just like a black box flight recorder, Network Packet Capture shines a light on the precise footsteps of a security incident and allows faster, more accurate conclusions to be drawn.
This presentation looks at the benefits of incorporating recorded network traffic into your SOAR workflows. It covers the pros and cons of different methods of recording traffic including:
And outlines how packet capture can be integrated into SOAR workflows and playbooks to improve the speed and accuracy of Incident Response.
Michael Morris, Director of Bus. Dev. and Technology Alliances, Endace
How a Security Company Automates its SOC
Our SOC is tasked with protecting roughly 10,000+ employees globally, a continuously expanding environment of endpoints, multiple data centers, and the security services our 85,000 customers consume. To protect all the data that flows across these infrastructures, we perform three primary services: threat monitoring, incident response and threat hunting. We provide these services with a lean SOC team that operates remotely during business hours only. Many are surprised to learn that we don’t have eyes on glass every second of every day but we’ve worked hard to refine a model that uses strong prevention, automation, and policy to ensure we can effectively mitigate risks without drowning in alerts around the clock.
Join us for a behind-the-scenes peek at how a SOC team protects one of the largest cybersecurity companies in the world. . You also get an opportunity to poll these SOC experts in a live Q&A.
Top Use Cases for Integrating Threat Intelligence with SOAR
SOAR and Threat Intelligence are two foundational technologies for every modern security operations team, but are all too often used in silos limiting their effectiveness. Fusing these two solutions can deliver intelligence-driven security operations, enabling security operations teams to validate, investigate and remediate threats faster and with greater precision.
Join our session as we discuss the benefits and use cases of integrated SOAR and Threat Intelligence, including how you can:
Daniel Diserens, Senior Security Solutions Architect, Siemplify
SOC Modernization: Lessons for Post-Pandemic Recovery
Building Cyber Resilience to address modern day threats requires rethinking your current SecOps. If you are not adequately equipped, the pre-pandemic way of operating a SOC, handling threats with inflexible tools and technologies will require a redo now.
In this session, you will hear Sumo Logic’s experience with managing a cloud-native SOC and key considerations to modernizing your SecOps including:
Girish Bhat, VP, Sumo Logic
Better SOC/SOAR Efficiency with Better Threat Intelligence: 3 Ways to Get There
We live and work in an age where every minute counts, and threat actors employ more and more advanced techniques to evade detection from AVs, sandboxes, and process failures. Learn in this session from an industry leading expert in SOAR how applying threat intelligence correctly can greatly improve the SOCs efficiency, and catch the bad guys earlier on. The key sessions topics will be:
Andrew Yeates, Solutions Architect, ReversingLabs
U.S. Cybersecurity Regulation: Fact or Fiction?
As a result of the recent Executive Order, many U.S. federal agencies are trying to quickly determine next steps in their Zero Trust journey. And they are not alone. Organizations around the globe are examining their Zero Trust strategies and wondering if this EO is a precursor for broader legislation and future regulations that could begin to add new layers of accountability to cybersecurity incidents.
During this keynote session, industry experts Art Coviello, former CEO of RSA Security and Mike Brown, Rear Admiral, United States Navy (retired), an authority on our nation’s cybersecurity strategy through this his leadership positions at the Departments of Defense and Homeland Security, will provide insight based on their experience on what to expect from the government, when to expect it, and how these changes will impact cybersecurity professionals.
Chris Crowley, SANS Instructor
Cool Ways to Automate Your Threat Intel Management
Join us for a live demo of top ways you can leverage automation to get more out of your threat feed subscriptions. Why do it manually when you can “outsource” scoring your feeds, mapping external threats to what’s happening in your environment, and distributing critical indicators to your enforcement points? See how you can truly unlock the power of your threat intel and gain time back in the process.
Shravanthi Reddy, Sr Product Manager, Palo Alto Networks
Deep Dive Into Integrating Always-on Packet Capture with SOAR
Continuous network packet capture holds vital clues to help resolve critical security incidents. This tech talk reviews how to integrate packet capture with SOAR platforms for faster and more accurate incident response. It will include demos of integrations with Palo Alto Networks Cortex XSOAR and Splunk SOAR.
Hackers often cover their tracks by erasing logs or deleting other clues that show their activity. You will learn how you can bring clarity to every incident, alert or issue when continuous network packet capture is integrated with your SOAR workflows.
Michael Morris, Dir. of Bus. Development & Technology Alliances, Endace
Cyber Resilience for Digital Operations
Security operations needs context awareness to ensure the success of business initiatives in a world of advanced, targeted attacks. Netenrich empowers security, IT and cloud operations to thrive during adversity with adaptive incident resolution using real time, data driven risk and trust-based decision making. The Netenrich Resolution Intelligence platform streamlines the process of managing, analyzing, and fixing the root cause of incidents to prevent future disruption.
Christopher Morales, CISO, Netenrich
Track “Things”, Gain Better Visibility and Investigate Incidents Faster using IPAM Asset Data
Responding to security events requires sophisticated investigation skills and gathering of data from multiple sources to accurately understand severity of an attack, and identify affected devices. This data gathering can often be a manual, laborious process and involve co-ordination with multiple groups within the company. And even then, visibility gaps exist. Without a centralized database of things that connect to the network, tracking becomes difficult. Without understanding the role of assets involved in a breach, prioritization can be misplaced.
Join this session to gain insights into:
Krupa Srivatsan, Director, Infoblox
End Cyber Risk with Security OperationsCyber risk is a business risk. Unfortunately, the cybersecurity industry has shown an effectiveness problem in reducing cyber risk for organizations. Every year we’ve witnessed new technologies, vendors, and solutions emerge—yet despite this constant innovation, high-profile breaches continue to make the headlines.
Join us as we discuss:
Christopher Fielder, Director, Arctic Wolf
Making Your SIEM and SOAR More Effective by Reducing the Noise
Everyone in the SOC is too busy, and everything feels on fire all the time. With an insane amount of “bad” on the internet driving alert volumes in the SOC sky-high, it's hard to see which “bad” to focus on--because there’s simply too much noise. Automation is the obvious answer, but finding time to set up the right automation is difficult. Join GreyNoise founder and CEO Andrew Morris on this webinar to learn just how bad “internet noise” is today, and what you can do to reduce the racket and reclaim the value of your SIEM and SOAR.
Andrew will cover:
Andrew Morris, Founder and CEO, GreyNoise Intelligence
SOAR Into SOC Efficiency: Panel
Security Orchestration, Automation and Response (SOAR) tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things.
Investing in a SOAR platform is strategic and oftentimes a financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. This process occurs when an organization’s security team uses the platform to gain insight on an attacker’s tactics, techniques, and procedures (TTPs) and known indicators of compromise (IOC). But more importantly, to know what the SOC needs to do and perform it with great speed, precision, and consistency.
Chris Crowley, SANS Instructor
Level SOC & SOAR with Chris Crowley
Hear what Chris Crowley has to say about Level SOC & SOAR and what you can expect from attending.
Cybersecurity Solutions for Today's Challenges
The 2nd annual SANS Cyber Solutions Fest aims to connect cybersecurity professionals of all levels with the latest solutions, tools, and techniques to combat today's cybersecurity threats.
- Featuring 4 unique levels: Threat Hunting & Intel, SOC & SOAR, MITRE ATT&ACK®, and Cloud Security
- Network in real-time with over 30 sponsors and learn from top industry experts
- Join interactive panel discussions, discover job opportunities, compete in games for multiple prizes, and more