SOAR Into 2024: Power Your Cloud Detection and Response

How do you mitigate a 10 minute cloud-native cyber attack? Automation is your only chance. Did you hear about SOAR (Security Orchestration Automation and Response) in 2014? It only took 10 years to be propelled into relevance by the technical innovation of public cloud infrastructure! Come and watch our industry experts show you how it's done, so you can keep your cloud-speed business innovation secure from cloud-speed exploitation.

This event will specifically focus on:

  • Industry thought leader perspectives on the ever-evolving cloud threat landscape and defense strategies
  • How to stop a real attack within the 5/5/5 benchmark by harnessing automation with CNAPP and SOAR
  • Security vision for 2024 through the lens of real customer data from the Cloud-Native Security and Usage Report

The above is reason enough to attend, but....If you register you will have the opportunity to win one of two SANS course credits (valued at $8400) that Sysdig is giving away!

Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest of our 2024 Solutions Forums. We'll see you there!


Thank You To Our Sponsor!


Agenda | February 29, 2024 | 9:00AM - 10:30AM PT


Session Description

9:00 AM


Dave Shackleford, SANS Instructor

9:05 AM

Security Operations at Cloud Speed

Is threat detection and response in the cloud keeping pace with the speed of innovation or the speed of attacks? Security operations centers are often ill-prepared to protect these new types of environments and may not be aware of the threats they face. We'll discuss how to balance the need for visibility with the battle against alert fatigue and how to harness automation to stay ahead of the bad guys.

Anna Belak, Director, Office of Cybersecurity, Sysdig

Ron Eddings, Co-founder and CEO, Hacker Valley Media

9:30 AM

The 5/5/5 Benchmark for Cloud Threat Detection and Response

Cloud attacks are fast. After finding an exploitable asset, malicious actors need less than 10 minutes to execute an attack. While preventive controls are common in cloud environments, no organization can stay safe without a threat detection and response program for addressing zero day exploits, insider threats, and other malicious behavior. Learn how to use the 5/5/5 benchmark to bolster your cloud defenses for 2024.

Anna Belak, Director, Office of Cybersecurity Strategy, Sysdig

9:45 AM

SCARLETEEL A Cloud Native attack in <10 min and Demo: SCARLETEEL Detection and Auto-response With Sysdig+Tines

SCARLETEEL, an ongoing operation analyzed by the Sysdig Threat Research Team, continues to evolve and adapt its tactics, with a focus on cloud environments. The attackers have developed new methods to bypass security measures and employ a stealthy command and control structure. Notably, the telecom and financial sectors are frequent targets, and attackers are increasingly using cloud services and exploiting misconfigurations. The speed of cloud attacks underscores the importance of swift detection to prevent severe damage.

SCARLETEEL can cause damage to a cloud environment in as little as 3 minutes and 42 seconds. Left unmitigated, this type of attack goes beyond basic cryptojacking and achieves account compromise and data theft. Watch our experts deploy the attack in real time and defend against it within the bounds of 5/5/5. A clever integration of cloud-native detections system and SOAR platform enable the auto-response required to defend at the speed of cloud.

Michael Isbitski, Director, Cybersecurity Strategy, Sysdig

10:05 AM

The Vision for 2024 Through the Lens of Real-World Production Data

The Sysdig Cloud-Native Security and Usage Report has delivered real world insights on how the most innovative companies in the world use and secure their cloud environments for 7 years. Our illustrious panel will share their hot takes on this year's threat detection and response data and make predictions for what they think it means for 2024.

Dave Shackleford, SANS Instructor

Ron Eddings, Co-founder and CEO, Hacker Valley Media

Crystal Morin, Cybersecurity Strategist, Sysdig

10:25 AM

Closing Remarks

Dave Shackleford, SANS Instructor