SIGS Special Interest Group
4th SOC Forum Swiss Romande

Save the DateClick on the .ics file to save the date

Target Audience Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/ Integrators are only technical people (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location EPFL Innovation Park
Building C – Room Neptune 1st Floor
1015 Lausanne

Date of Event 26th of April 2018

Language English

Participation Costs CHF 55.–
Organization, presentations, beverages and apéro riche (almost dinner) included


1:30 – 2:00 Registration & Apéro
2:00 – 2:30 Malick Sy, IT Security Manager at World Economic Forum (WEF)

Operational Security of the defenders and the threat actors
Discussion about trends/issues around defender and threat actors operational security. As a defender, it is crucial to not send any signal to threat actors that an investigation has started. Query on third party website that might look passive can actually raise red flags for the threat actors. Threat actors also have the challenge to secure and hide their infrastructure.

We will share a real case on how the security of a highly exposed event was handled.

2:30 – 3:00 Omar Benjumea, Cybersecurity Architect at Kudelski Security

The rise of auto-spreading Ransomware
WannaCry, Notpetya or BadRabbit were the first examples of worm-style ransomware which affected organizations all over the world and used advanced lateral movement techniques to enable its spread.

In this presentation we will look into why and how this happened. Furthermore, we will discuss key controls one should consider in order to successfully protecting organizations from future similar incidents.

3:00 – 3:30 Cristian Zamfir, Co-Founder & COO at Cyberhaven

Toward data-centric security: the challenge to keep data safe when endpoints get breached
Today we know that despite our best efforts to detect malware, endpoint breaches happen through either sophisticated malware, social engineering, or even non-malware attacks. So how do we protect data even when breaches happen?

This talk argues for designing a security stack with data-centric security at its core and proposes some guidelines for implementing such a design. We’ll discuss how to reduce the window of opportunity for an attacker who managed to run code on corporate endpoints, what events to monitor in a SOC in order to better react and remediate such breaches, and what are the implications of such breaches on GDPR compliance.

3:30 – 4:00 pm Gabi Gerber, Founder of Security Interest Group & Marc Green, Threat Intelligence at Anomali

Project Shared Threat Intelligence Platform – SIGS-ISAC
Security Interest Group Switzerland could found a way and a sponsor for a Shared Threat Intelligence Platform. Get information about what’s planned, how we like to work on this project and why we need you to be part of it.

4:00 – 4:30 Coffee Break
4:30 – 6:00 Workshop with Dr. David Gugelmann, Security Analytics Researcher and the CEO of the ETH Spin-Off Exeon Analytics
Dr. David Gugelmann is a security analytics researcher and the CEO of the ETH Spin-off Exeon Analytics AG. Prior to founding Exeon Analytics in 2016, he was a postdoctoral researcher at ETH Zurich in the Networked Systems Group. His research interests are in big data analytics, digital forensics and machine learning for anomaly detection. He combines these areas by developing big data security analytics solutions to fight advanced cyber attacks.

Threat hunting using machine learning and big data analytics
Most organizations store network log data, such as web proxy logs, DNS logs and NetFlow data. However, often millions of benign network events happen every day, making it very difficult to reliably identify outliers in this data and detect ongoing cyber attacks.
In particular, HTTP(S) is an ideal covert command and control (C&C) channel for cyber attackers. Attackers can easily hide their activities among the regular Web browsing of employees by controlling infected devices via regular HTTP requests.

In this workshop, we show how machine learning and big data analytics approaches can extract valuable information from millions of data points.

First, we present a novel, unsupervised approach to detect C&C channels in Web traffic. Our approach is based on the observation that the HTTP requests triggered by malware are different from the Web request patterns occurring during regular Web browsing. Therefore, by reconstructing and filtering the activities occurring during regular Web browsing, we can identify Web requests that are related to malware without training a malware-specific model. Our evaluation shows that we can reliably identify the C&C requests of APT malware campaigns that had been active during years without being detected.

This talk is based on the research publication “Lamprakis et al. Unsupervised Detection of APT C&C Channels using Web Request Graphs”, which was published at the DIMVA 2017 security conference ( The research was conducted in collaboration between the Zurich Information Security and Privacy Center (ZISC) of ETH Zurich and armasuisse Science and Technology.

Second, we show various techniques for detecting malicious behavior based on DNS logs and NetFlow-like data, such as:

  • Identifying domain names generated by Domain Generation Algorithms (DGA)
  • Detection of covert DNS channels
  • Outlier detection in timeseries derived from NetFlow-like data

6:00 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A

The Sponsor of this event is:

This is a ‘must attend’ event for all Security Operation Professional! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register or send us the application form by email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.

Earn CPE Credits for
attending SIGS Events


Don’t wait and send
us your application
or register by