SIGS Special Interest Group – 11th SOC Forum
|Target Audience||Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security
From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.
If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.
|CPE Credits||Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.|
|Location||Hilton Zurich Airport Hotel
There are a lot of free park places available.
|Date of Event||23rd of November 2017
Further planned dates for 2018 will follow
|Participation Costs||Fr. 55.— per participants
Organization, presentations, beverages and Apéro riche included
|1:30 – 2:00 pm||Registration & Coffee|
|2:00 – 2:30 pm||John Salomon, Director Continental Europe, Middle East, and Africa at FS-ISAC
Threat Intelligence Automation – what do you need to know beyond the technology?
For example, how does my organization avoid duplicates and false positives? How do we focus on high-value indicators? Who should receive notification in the organization when something comes from outside? How can we avoid being overwhelmed by automated feeds? And how do I judge what I should subscribe to? And when sharing information out, how do we ensure we’re compliant with data protection and confidentiality rules?
This presentation will discuss several questions you should ask before planning an automated indicator feed subscription, and how to go about automated indicator sharing.
|2:30 – 3:00 pm||Leif Kremkow, Directeur Technique, EMEA Sud at Qualys
Your vulnerability management policy might be saturating your SOC unnecessarily
|3:00 – 3:30 pm||Dr. David Gugelmann, Security Analytics Researcher and the CEO of the ETH Spin-Off Exeon Analytics
Prior to founding Exeon Analytics in 2016, he was a postdoctoral researcher at ETH Zurich in the Networked Systems Group. His research interests are in big data analytics, digital forensics and machine learning for anomaly detection. He combines these areas by developing big data security analytics solutions to fight advanced cyber attacks.
Security Intelligence for Web Traffic: Unsupervised Detection of APT C&C Channels
There exists a number of supervised approaches to identify C&C channels. However, supervised approaches require the availability of malware samples for training. Since the malware used for advanced persistent threat (APT) campaigns is often custom-built and used against selected targets only, a collection of corresponding malware samples is often not available.
This talk is based on the research publication “Lamprakis et al. Unsupervised Detection of APT C&C Channels using Web Request Graphs”, which was published at the DIMVA 2017 security conference (https://itsec.cs.uni-bonn.de/dimva2017/). The research was conducted in collaboration between the Zurich Information Security and Privacy Center (ZISC) of ETH Zurich and armasuisse Science and Technology.
|3:30 – 4:15 pm||Break|
|4:15 – 6:00 pm||Breakout Sessions (interactive sessions/talks)
Technical Breakout Session
by Pierrick Prévert (Senior Software Engineer) and Rémi Le Mer (Product Manager, Web Application Firewall) from Qualys
Testing Apache for Struts vulnerabilities yourself
Attendees are encouraged to come with their laptops to put into practice what Pierrick and Rémi will demonstrate. WiFi will be provided but be prepared to have curl available on your machine.
Qualys publishes detailed reports how users can check findings themselves (such as https://threatprotect.qualys.com/2017/03/08/apache-struts-jakarta-multipart-parser-remote-code-execution-vulnerability/). This workshop will help attendees hone their skills in manual penetration testing against web applications that were deliberately left vulnerable.
Strategic Breakout Session
by Freddy Dezeure, former Head of CERT EU – today CEO of Freddy Dezeure BVBA
Freddy Dezeure graduated in 1982 as Master of Science in Engineering. He was CIO of a private company from 1982 until 1987. He joined the European Commission in 1987 where he held a variety of management positions in administrative, financial and operational areas. He was COO of the EU’s Joint Research Centre for three years. He set up the EU Computer Emergency and Response Team (CERT-EU) for the EU institutions, agencies and bodies in 2011 and made it into one of the most mature and respected CERTs in Europe. Until May 2017 he held the position of the Head of CERT-EU. Presently, he is an independent management consultant providing strategic advice in cyber security and cyber risk management and acting as Board Member and Advisory Board Member in several high-tech companies. He is a recognized thought leader in cyber security, risk and privacy and is much in demand as a speaker.
Intelligence driven prevention and detection
This workshop will provide strategic insights as well as hands-on advice. It will be followed by extensive opportunity to interact with the speaker.
|6:00 – open end||Apéro Riche and Networking (so reserve as well the evening!)
The speakers will be onsite for Q&A
The Sponsors of this event are:
This is a ‘must attend’ event for all Security Operation Professional! We are confident that the relationships you develop here will prove to be crucial to your continuing success.
So don’t wait and register or send us the application form by email
With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this platform.