Effective ICS/OT TTX Design & Facilitation and Using Machine Learning to Reduce the Alert Fatigue

Effective ICS/OT TTX Design & Facilitation presented by SANS Certified Instructor Mike Hoffman

This talk provides insights into designing and executing Tabletop Exercises (TTX) for Incident Response in Industrial Control Systems (ICS) and Operational Technology (OT) environments. It stresses the importance of testing plans, tailoring incident response strategies, and understanding the threat landscape. Key components of an ICS/OT IR plan, such as preparation, identification, containment, eradication, recovery, and lessons learned, are highlighted. Additionally, it emphasizes the significance of TTXs in testing IR capabilities, complying with regulations, and addressing specific challenges unique to ICS/OT environments. The talk covers participants, facilitation methods, scenario design considerations, and post-exercise evaluations to maximize the benefits of TTXs and enhance organizational resilience.

Using Machine Learning to Reduce the Alert Fatigue presented by SANS Principal Instructor Nik Alleyne

Most enterprises today have a number of security tools to support their security operations. In many cases, these tools have a view of what they think are bad and thus produce a large number of alerts. The problem is, the majority of these alerts tend to be false positives rather than true positives. Using machine learning, we can identify those alerts which are more likely to be true positives, thus expending more energy towards these alerts. In this session, we will discuss how you can leverage the SOAR, the SIEM (or any other security tool), Threat Intelligence and case management platforms, to build a machine learning model to aid with reducing the alert fatigue.