|Target Audience||Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security
From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.
If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.
|CPE Credits||Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.|
|Location||UBS Building VZVB
Max Högger-Strasse 82
|Date of Event||20th of September 2018
Further planned date: 29th of November 2018
|Participation Costs||Fr. 55.— per participants
Organization, presentations, beverages and Apéro riche included
|1:30 – 2:00 pm||Registration & Coffee|
|2:00 – 2:30 pm||Marco Rottigni, CTSO EMEA at Qualys
How visibility and actionable vulnerability intelligence help streamlining SecOps
The growing sophistication of attackers and an evolving cyberthreat landscape require to build new capabilities and to strengthen existing ones.
Security is more and more seen as a business enabler and as a competitive advantage, therefore the SOC operational efficiency is constantly challenged for skill and performance.
Technology alone will not suffice, but could represent an immense value to provide visibility across an ever-changing environment; intelligence to support tactical and operational decisions; awareness about exploitation of the vulnerable surface.
This allow SOC Team to prioritise actions, to detect the weak signals and respond to them to prevent breaches.
|2:30 – 3:00||Jeff Hamm, Technical IR Director at Mandiant
Jeff Hamm has been employed with Mandiant since 2010 and is a Technical Director assigned to the Europe region, where he manages a team that conducts forensic examinations and incident response. Response and examinations range from a single host to over 100,000 hosts on a network.
He also works part-time as an adjunct lecturer at NTNU (Norwegian Science and Technology University) in Gjøvik, Norway since 2011. There he provides intense practical labs based on real world computer forensic incidents using both Windows and Linux servers and attacker systems. He has co-authored “Digital Forensics” edited by Andre Arnes in 2017. The book is designed for academia and practitioners.
How Was that Breach Detected?
In this presentation, we will use international case examples Mandiant investigated to take a closer look at how the breach was discovered and what security lessons can be learned from the alerts – for example how a performance monitor on a domain controller spiked which led to discovery of credential harvesting. The take away will include actionable in many environments.
|3:00 – 3:30 pm||Gio Pecora, Lead EMEA Operation at Refraction Point
Build a SOC in 30’ at less than the cost of a coffee
|3:30 – 4:00 pm||Euan Ramsay, CSIRT Director at UBS
Designing operational responses to cyber threats
|4:00 – 4:45 pm||Break|
|4:45 – 6:30 pm||Workshop I (interactive sessions/talks)
by Leif Kremkow, Technical Director South EMEA & Marco Rottigni, CTSO EMEA at Qualys
A Hands-On Look at Feeding SOC with Vulnerability Data
|4:45 – 6:30 pm||Workshop II (interactive sessions/talks)
by Dr. David Gugelmann, Security Analytics Researcher and CEO of the ETH Spin-Off Exeon Analytics
Threat Intelligence Feeds vs. Machine Learning for Security Analytics
First, we show that applying freely available cyber threat intelligence feeds to network log data results in a surprisingly high false positive rate. We discuss causes for these false positives and present an unsupervised statistical approach for the identification of high value cyber threat intelligence feeds.
Second, we present multiple machine learning-based techniques for the detection of malicious behavior using HTTP(S), DNS and NetFlow-like connection logs, including:
Third, we show how a combination of intelligence feeds, machine learning and custom visualizations enables efficient threat hunting.
|6:30 – open end||Apéro Riche and Networking (therefore reserve as well the evening!)
The speakers will be onsite for Q&A
This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.
With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.