SANS Financial Services Briefing: Cyber Threat Intelligence in Security Operations: Am I Breached?

  • Friday, 12 Oct 2018 8:30AM EDT (12 Oct 2018 12:30 UTC)
  • Speaker: NULL
In the NY area? Join us at the Live Event. Register here:

Join the SANS Institute for the latest NYC Financial Briefing focused to the Financial Community.

The word 'breach' is often associated with notifications, visits from law enforcement, severe penalties and bad publicity. Thus, it's no wonder that most organizations try to prevent going through such a nightmare by designing, building and operating effective security operations. Succeeding at this goal requires making effective use of cyber threat intelligence, both in a strategic and tactical way, learning from past mistakes and maintaining awareness of the environment we are defending.

In this 4th edition of the NYC Financial Briefings, Ismael Valenzuela and David Hoelzer from the SANS Institute, along with a panel of industry experts, bring practical advice on how financial organizations can operationalize threat intelligence to answer critical questions like:

  • Am I breached?
  • How can I keep track of adversary's behaviors in my environment?
  • How can I not only consume but also produce actionable threat intelligence that can help me drive continuous improvement in my SecOps?
  • What are some of the best practices that can help me prioritize threats in my environment and assess impact?
  • What are some of the tools, processes, models and taxonomies that I can use?
  • How can humans and machines work together to help us spend less time collecting and parsing data and more time analyzing and defending our organizations?

Earn 4 CPE Credit hours for attending this event.


9:00am - 9:15am: Registration and Coffee Networking

9:15am - 10:00am: Welcome & Keynote: Intelligence Driven Defense: Successfully Embedding Cyber Threat Intel in Security Operations - Ismael Valenzuela, McAfee

  • "I thought all I had to do was show the data and people would understand. It doesn't work. You have to tell a story" - Cliff Stoll.
  • Easier said than done, right? Being able to tell a compelling story that can answer key questions like: who is attacking us, what is their motivation, were they here before, how do they operate, what is the impact to our business, and will they come back, should be one of the ultimate goals of any effective blue team. However, being successful at embedding cyber threat intel in SecOps require something else: maintaining a solid understanding of the environment we are defending, as well as a systematic way to identify and prioritize applicable threats and assess impact, so we can respond appropriately to these attacks.
  • 'In this talk, Ismael Valenzuela, Certified SANS Instructor and GSE #132, will share lessons learned and practical tips on how blue teams can not only consume but also produce actionable and contextual threat intelligence using tools, processes, models and taxonomies that are available to the community.

10:00am - 10:45am: Getting SecOps Foundations Right with Techniques, Tactics and Procedures Zero (TTP0) - Carlos Diaz, Cybersecurity Expert

  • TTP0 is a new community project created by SecOps (Security Operations) practitioners for SecOps practitioners. Just like a blueprint is required to design, build and operate any facility, TTP0 provides the starting point for building or assessing a security program from the ground up. It focuses on resetting the basics of a security program to ensure foundations help you prioritize threats in your environment and assess the potential impact from a successful adversary. In this talk, Carlos Diaz will discuss how TTP0 provides the foundation from mission, vision and strategy to aid you in determining which technique is best for the organization, while focusing on individual tactical capabilities along with the procedures that synchronize operations with the business. 'Using a modular, Lego-based approach, TTP0 helps boost effectiveness, expand coverage of tools for the adoption of taxonomies, and pave the roadmap for purposeful transformation of your automation capabilities.

10:45am - 11:00am: Networking Break

11:00am - 11:45am: Finding the Signal in the Noise - David Hoelzer, Chief of Operations / Enclave Forensics, Inc.

  • How is it that despite millions of dollars in spending on security and monitoring, organizations are not only being compromised, but are compromised for months or more before realizing it? 'What more can we do? 'Is AI and Machine Learning the answer or is just InfoSec snake oil? 'In this talk, David Hoelzer will share some of the research and approaches that Enclave takes when monitoring large scale networks. 'Based on the information and lessons, you will leave with ideas that can be applied to monitoring and detection within your own environment, in addition to an understanding of the mounting challenges that technological improvements present over the next few years.

11:45am - 12:30pm: Finance Brief Panel - When Budget is Not the Problem

Moderator - Dave Hoelzer, Chief of Operations / Enclave Forensics, Inc.

Panelists - Ismael Valenzuela - McAfee, Carlos Dias - Cybersecurity Expert, Anne Marie Zettlemoyer - Director of Cyber Strategy, Architecture and Solutions

  • Hear our experts discuss key issues touching the Finance community. Topics include
  • - Why do you think that security operations fail when budget is not the problem?
  • - What is a definition of success for Security Operations?

12:30pm - 12:45pm: Closing Remarks