Get an 11 iPad Pro, Surface Pro, or $350 Off thru Dec 4 with OnDemand or vLive Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

SOARing beyond aggregation: How to achieve meaningful correlation and prioritization of security alerts and actions

  • Wednesday, November 13th, 2019 at 1:00 PM EST (18:00:00 UTC)
  • Nick Tausek and Jake Williams
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Swimlane

You can now attend the webcast using your mobile device!

Overview

Todays security operations centers (SOCs) do not have the time, energy, or resources to keep pace with the growing security skills gap and evolving threat landscape. Security operations (SecOps) need to be able to secure their organizations by doing more with less. This is where a security orchestration, automation, and response (SOAR) solution comes in. Using a SOAR platform, SecOps teams can ingest events, reports, and alerts from any number of sources, perform automated research and prioritization, correlate across platforms, events, and alerts, and coordinate our analysts response efforts.

In this presentation, attendees will learn strategies and techniques for navigating out of the perpetual quagmire of disparate events and alerts that most SOCs experience. Key takeaways include:

  • Active automation strategies for users who have SOAR.
  • Automation-friendly workflow and process designs for customers who are not yet using SOAR.
  • Strategies for prioritization of alerts and events using correlation and automated research.

Speaker Bios

Nick Tausek

Nick Tausek is a Security Research Engineer at Swimlane, where he's been working for a year. Before that, he was an information security analyst for Government, NGOs, Corporate space, and MSSPs for 8 years. In his pre-infosec life, he worked VOIP, Tech Support, Web Design, and Translation. He speaks English, Japanese, German, and a little French, and programs mostly in Python, but is comfortable in a handful of other languages as well, such as JS, VBA, HTML, CSS, etc.


Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.