SIGS Special Interest Group
8th SOC Forum Swiss Romande

Save the DateClick on the .ics file to save the date

Target Audience Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/ Integrators are only technical people (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS forum. Please request a confirmation.
Location EPFL Innovation Park
Building D – Room Uranus, Ground Floor
1015 Lausanne

Date of Event 19th of September 2019

Language English

Participation Costs CHF 55.–
Organization, presentations, beverages and apéro riche (almost dinner) included

Agenda

1:00 – 1:30 pm Registration & Coffee
1:30 – 1:30 pm Welcome from the moderator
1:30 – 2:15 pm Roman Hüssy, Head of abuse.ch

Fighting botnets with Open Source Threat Intel
abuse.ch is a non-profit project which operates various trackers with the goal of providing open source threat intelligence, helping internet service providers and network operators to protect their network from malware and botnets. T-Security researchers, vendors and law enforcement agencies rely on data from abuse.ch, trying to make the internet a safer place.

In this session we will explain you how abuse.ch, a non-profit project to fight cybercrime, works and how you can use the Open Source threat intelligence data it produces to protect your network.

2:15 – 3:00 pm Mathieu Louvet, Manager Cyber Operations at Philip Morris International Management SA
(Details will follow)

.
.

3:00 – 3:30 pm Mark Beerends, Head Technology at SIX Managed Security Services

Intelligence-Driven Threat Detection, Engineered for Speed and Quality
Organizations tend to spend lots of time and money on Intrusion Detection Systems that don’t detect, WAFs in monitoring mode without anyone monitoring for alerts, SIEMs that don’t correlate and Incident Response processes that exist on paper only. In this session, Florian will present SIX’s approach to treating incident investigation as a software project.

Topics will include:

  • Organizing for Detection
  • Engineering threat investigations for speed and quality
  • Integrating threat intelligence into the response process
3:30 – 4:15 pm Break
4:15 – 5:15 pm Workshop
by Adrian Cristian Pop, Cybersecurity Engineer SIX Managed Security Services

Intelligence-Driven Threat Detection, Engineered for Speed and Quality
Continuing the input talk, we’ll assemble a detection use case from end to end.

Topics will include:

  • Organizing for Detection
  • Engineering threat investigations for speed and quality
  • Integrating threat intelligence into the response process

5:15 – 6:15 pm Workshop
by Endre Bangerter
Endre Bangerter is co-founder of threatray, a startup in the field of code-based threat intelligence. He is also a professor of computer science at the Bern University of Applied Sciences and a lecturer at the Forensic Science Institute of the University of Lausanne.

Malware identification and contextualization
The detection of malware – using automated or manual forensics techniques – has been the primary focus of the cyber-defense community for many years. More recently the (complementary) disciplines of contextualization and identification of malware attacks have gained importance and popularity. Contextualization and identification often allow defenders to better understand their adversaries, to prioritize their reaction and to take more effective defensive measures. Contextualization is inherently based on finding similarities and correlation between attacks and thus necessities the availability of rich data sources (threat intelligence) on past attacks and adversarial activity.

In this workshop we’ll review malware contextualization and identification techniques using real world examples and discuss and compare the effectivity of various techniques. Finally, we’ll especially focus on code based malware correlation and contextualization techniques (e.g. using Yara rules) which in many cases turn out to be very effective.

6:15 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A.


The Sponsors of this event are:

Main Sponsor Host Sponsor Co-Sponsor

Registration

This is a ‘must attend’ event for all security professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

Register here!


With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it for use with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.

Earn CPE Credits for
attending SIGS Events
 

Registration here!

If it’s the first time you like
to attend, please send us in addition your application
email