Agenda | January 21, 2022 | 10:30 AM - 3:00 PM EST
Welcome & Opening Remarks
Chris Crowley, SANS Senior Instructor
Getting to Better Implementation in the SOC
Defenders today are faced with a complex set of challenges resulting from the confluence of several key factors. The economics of attack tooling and the anonymity of cryptocurrency has driven the commoditization of threat techniques and greater specialization among bad actors, resulting in an explosion of what look like sophisticated attacks. This is compounded by the fact that defender tooling either does not provide adequate coverage as the attack surface grows, or requires a combination of tools that are operationally challenging to integrate. In this session we’ll present a technical perspective on how evaluating defensive tools and their efficacy, can help teams to ensure implementation requirements are met. The discussion will hone in on key technology elements used in the modern SOC and how they can help to build an understanding of what an attacker would see in the environment, important data to collect and analyze and why, analytics processing methodologies, the most common security tasks that can be automated without having to build out entire operational processes, how to scope potentially compromised systems with modern forensic techniques and tooling, and hunting tools -- and provide concrete recommendations on how to best leverage these in the context of your security architecture.
Bruce Hembree, Field CTO - Cortex, Palo Alto Networks
SOC Tour - See What It Takes To Protect Palo Alto Networks
As workforces become even more dispersed and widespread, cyber attackers are quickly taking advantage of these growing attack surfaces. Unfortunately, attackers are redoubling their efforts to compromise even the most secure organizations.
Join us for a virtual session showcasing a day in the life of our SOC team and see how they’re protecting the world’s largest cybersecurity company every day. We’ll share a unique view of how we built and operate the Palo Alto Networks SOC including a deep dive into our security stack and processes. You’ll learn:
Devin Johnstone, Sr Staff Security Engineer (SOC Ops Specialist), Palo Alto Networks
Best Practices for Stopping Ransomware
Ransomware attacks continue to evolve to bypass security and maximize impact. Adversaries are borrowing cyberwarfare techniques such as lateral movement and privilege escalation to infect as many endpoints as possible. Join Kasey Cross, Sr. Product Marketing Manager at Palo Alto Networks, as she delves into the top ransomware attacks of 2021.
Attend this session to learn about:
Kasey Cross, Manager, Palo Alto Networks
How Do I Protect My Attack Surface?
In this session, we'll cover how the internet has shrunk with the evolution of cheap computing power and easy access to bandwidth which has led to a more sophisticated attacker. We'll expand on the emerging Attack Surface Management category as a means to protect your organization and go over some of the best practices organizations can adopt to secure their attack surface. The presenters will also highlight stories from the field on how organizations are integrating ASM into their existing SOC workflows seamlessly.
Madhuresh Anur, Senior Product Manager, Palo Alto Networks
ASM for Remote Workers
Many organizations have no possible way of knowing the security status of their remote employee network. They’re unable to detect unknown exposures. They’re not warned of critical issues, and they’re unaware of vulnerabilities caused by employee laptops openly exposed to the public.
Organizations need to securely manage:
Enter the Cortex® Xpanse™ ASM for Remote Workers module. It combines endpoint details collected by Cortex XDR™ with public asset information discovered by Xpanse. It then identifies security issues and alerts SecOps specialists. In this session, we’ll cover use cases on:
5 Threat Hunting Secrets to Win the Battle Against Attackers
How many battles can you handle at once, when all your data is at risk? Adversaries today are targeting your users, cloud assets, and internal network simultaneously. They will try their best to pivot from the cloud instances into the network or vice versa to gain better persistence and reach your most valuable assets. But how can you automate your threat hunting efforts to discover them before any damage is done? Join me to learn:
Plus, you’ll hear a from-the-trenches threat hunting story that’s never been revealed before and find out tips, tricks and ideas you can implement today!
Alissa Torres, Senior Threat Hunter, Palo Alto Networks
Chris Crowley, SANS Senior Instructor