SOARing beyond aggregation: How to achieve meaningful correlation and prioritization of security alerts and actions

  • Wednesday, 13 Nov 2019 1:00PM EST (13 Nov 2019 18:00 UTC)
  • Speakers: Jake Williams, Nick Tausek

Today's security operations centers (SOCs) do not have the time, energy, or resources to keep pace with the growing security skills gap and evolving threat landscape. Security operations (SecOps) need to be able to secure their organizations by doing more with less. This is where a security orchestration, automation, and response (SOAR) solution comes in. Using a SOAR platform, SecOps teams can ingest events, reports, and alerts from any number of sources, perform automated research and prioritization, correlate across platforms, events, and alerts, and coordinate our analysts ' response efforts.

In this presentation, attendees will learn strategies and techniques for navigating out of the perpetual quagmire of disparate events and alerts that most SOCs experience. 'Key takeaways include:

  • Active automation strategies for users who have SOAR.
  • Automation-friendly workflow and process designs for customers who are not yet using SOAR.
  • Strategies for prioritization of alerts and events using correlation and automated research.