|Target Audience||Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security
From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.
If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.
|CPE Credits||Earn 4 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.|
|Location||Hilton Zurich Airport Hotel
There are a lot of free park places available.
|Date of Event||9th of May 2019
Further planned date in 2019: 3rd of September and 5th of December 2019
|Participation Costs||Fr. 55.— per participants
Organization, presentations, beverages and Apéro riche included
|1:30 – 2:00 pm||Registration & Coffee|
|2:00 – 2:00 pm||Welcome from the moderator|
|2:00 – 2:45 pm||Vladimir Had – UBS ISE Cyber Security – Attack Monitoring, Analytics and Tooling – Solution Architect
Marek Pietrzyk – UBS ISE Cyber Security – Attack Monitoring, Analytics and Tooling – Program Manager
Security Analytics Platform advancing SIEM to the next level
Traditional Cyber Security solutions (SIEM) have been mostly focusing on detection of known attacks utilizing various techniques such as rule-based, signature-based or heuristic approaches. Although it works fine for detection of known attacks, the gap exists when focusing on known unknowns – for example the detection of botnet communications, “sleeping” infected machines or cyber-attacks spanning over long periods – to name a few of critical persisting cyber threats. One of possible countermeasures to that is automated anomaly detection, by processing of security events with Big Data Analytics and Machine Learning technologies.
This session describes how Security Analytics Platform has been successfully implemented in the complex globally operating organization. It explains cyber security drivers, unorthodox setup of a project team, expandable platform’s architecture, technology challenges and the most important lessons learned – from technology, architecture and management perspectives.
|2:45 – 3:15 pm||Roman Hüssy, Head of abuse.ch
Fighting botnets with Open Source Threat Intel
In this session we will explain you how abuse.ch, a non-profit project to fight cybercrime, works and how you can use the Open Source threat intelligence data it produces to protect your network.
|3:15 – 3:45 pm||Maxim Deweerdt, Instructor at SANS
Goal Oriented Defense
Enter Goal Oriented Defense. Instead of trying to detect everything, let’s have a look at how Goal Oriented Defense could look like and how it will help you into tuning your detection and focusing on what’s important.
|3:45 – 4:30 pm||Break|
|4:30 – 6:00 pm||Workshop I (strategic sessions/talks)
by Maxim Deweerdt, Instructor at SANS
Follow-up of the previous session from Max: in the moderated panel discussion, I’d like to further discuss the MITRE ATT&CK framework and how organisations have implemented this practically.
|4:30 – 6:00 pm||Workshop II (technical sessions/talks)
by Lior Kolnik, Head of Security Research at Demisto
The Automated Playbook for Phishing Investigations
There are a variety of tools and information sources that go into such an investigation, and each team member may do things differently, unless you use a shared playbook built according to lessons learned as a team. Automating the investigation enables you to accelerate the time to response – so you can block the phishing link or attachment before other users who were targeted have a chance to interact with them.
In this technical workshop we will build and run a security automation playbook to tie all of those tools together to investigate and respond to phishing emails, based on our experience implementing phishing playbooks with Fortune100 blue teams worldwide.
|6:00 – open end||Apéro Riche and Networking (therefore reserve as well the evening!)
The speakers will be onsite for Q&A.
This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.
With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.