In the NY area? Join us at the Live Event. Register here!
Join the SANS Institute for the latest NYC Financial Briefing for the Financial Community.
Threat modeling has been an extended security practice among mature software development organizations as a mean to identify potential threats and define countermeasures to mitigate their effects on applications. 'However, when it comes to security operations, network and endpoint monitoring, the primary focus is still on vulnerabilities and the exploit 'du jour ', resulting in a vicious cycle that doesn't improve their detection capabilities or their overall ability to improve their defensive posture. '
In this 3rd edition of the NYC Financial Briefings, the SANS Institute will bring you practical advice on how financial organizations can introduce threat modeling practices and strategies that are effective to detect and defend your enterprise against modern adversaries. '
8:00am - 8:30am - Registration & Coffee Networking
8:30am - 9:00am - Welcome & Keynote: 'Detecting Zero Day Threats in the Network - Dave Hoelzer - Owner, EnclaveForensics, SANS Fellow, Dean of Faculty, Program 'Faculty at SANS Technology Institute
9:00am - 9:30am - A Lifecycle of Cybercrime: A Glimpse into the Mindset of a Typical Cybercriminal - Andrei Barysevich, Director of Advanced Collection, Recorded Future
Presenter: Andrei Barysevich, Director of Advanced Collection, Recorded Future
9:30am ' 10:00am - Security Challenges in the Financial Industry - Angelo Bovis, Senior Network Security ArchitectThe financial vertical is a key target of attacks today, using basic attacks, passive attacks, and very specific/targeted attacks. Financials have been pretty mature in building out their security organizations, but due to the ever-changing attack landscape, and complex infrastructures, the risk will always remain. Recently, financial companies have been investing more and more in cloud services, and this introduces new risks such as shadow it, unknown workloads, and new attack vectors. We will learn about these challenges, and what to do to reduce our risk of compromise.
Presenter: Angelo Bovis, Senior Network Security Architect
10:00am ' 10:30am - Networking Break
10:30am - 11:00am - Threat Modeling in the Web and Mobile Application Space - Dave Hoelzer - Owner, EnclaveForensics, SANS Fellow, Dean of Faculty, Program Faculty at SANS Technology Institute
Building on the foundation of the morning talk, David Hoelzer will walk through the most typical failures that are found in today's mobile and web applications and help you to see how to introduce threat modeling into your application development process or acceptance criteria. For each threat discussed, good practices for detection and proactive design advice will be given.
Presenter: Dave Hoelzer - Owner, EnclaveForensics, SANS Fellow, Dean of Faculty, Program Faculty at SANS Technology Institute
11:15am - 12:00pm - Conducting Investigations Intelligently with Hypothesis-Driven Playbooks - Ismael Valenzuela - McAfee, SANS Certified Instructor
As financial organizations continue to mature and formalize their security operations, they focus on improving processes and procedures that allow them to address threats more effectively. However, even with these in place, SOCs report that 25% of the alerts are not triaged and that investigations take too long. Why so? In many cases, this can be attributed to the lack of a standardized, intelligent investigation process and community wide tools that can be applied consistently & repeatedly over time, preventing less experienced analysts and incident responders from doing their job effectively.
In this talk, Ismael Valenzuela (Certified SANS Instructor, GSE #132 and Principal Engineer at McAfee), will showcase how threat investigations are best presented as an iterative process of postulating hypotheses and answering questions in the pursuit of an outcome. Using this approach, Ismael will show how to use Markdown to capture investigation playbooks and how they should be structured so they can be intelligently and effectively used by SOC analysts, incident responders and threat hunters.
Presenter: Ismael Valenzuela - McAfee, SANS Certified Instructor
12:00pm '- 12:15pm - Closing Remarks