SIGS Special Interest Group – 12th SOC Forum

Save the DateKlick for the .ics file to save the date

Target Audience Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/ Integrators are only technical peoples (which are involved in the Security Operation Processes) allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 8th of March 2018
Further planned dates: 29th of May, 20th of September, 29th of November 2018
Language English
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and Apéro riche included



1:30 – 2:00 pm Registration & Coffee
2:00 – 2:30 pm Farah Rigal, Head of Global Architecture and Solutioning within Cyber Security at Atos

Prescriptive Security Operation Center: how it works and is Big Data Analytics the solution to predict security threats?
Detection and neutralization time needs to be improved significantly compared to today’s solutions to face the increasing number of ever more sophisticated cyberattacks. Security analytics and automated response to predict risks and neutralize cyberattacks are part of a prescriptive SOC which continuously learns from previous threats and manages to orchestrate automated responses in real-time.

Is this the future of today’s SOC? Can the detection time really be reduced to less than a minute, versus an average of 190 days with existing solutions? Is it possible to reduce the total response and recovery time to a few minutes compared to a couple of months today?

We will show you what todays technologies are able to deliver and how we see the future of today’s SOC.

2:30 – 3:00 pm Marc Cortesi, Chief Information Security Officer at Baloise Group

Assume Breach in the light of GDPR
In times of ever-increasing threats, a robust security incident response process is indispensable to respond quickly and accurately to incidents. With the announced General Data Protection Regulation (GDPR) new requirements and risks are approaching companies operating throughout Europe.

This presentation addresses these new requirements for reporting of data breaches (GDPR Art. 33 & 34) and shows valuable experience in operational implementation.

3:00 – 3:30 pm Gabi Gerber, Founder of Security Interest Group & Frank Lange, Principal Security Architect at Anomali

Project Shared Threat Intelligence Platform – SIGS-ISAC
Security Interest Group Switzerland could found a way and a sponsor for a Shared Threat Intelligence Platform. Get information about what’s planned, how we like to work on this project and why we need you to be part of it.

3:30 – 4:15 pm Break
4:15 – 6:00 pm Breakout Sessions (interactive sessions/talks)

Technical Breakout Session

by Daniel Plohmann (Malware Researcher) from Fraunhofer FKIE

DGArchive & Malpedia
In this workshop, we will have a look at DGArchive and Malpedia, two free services offered by Fraunhofer FKIE, a non-profit research organization located Germany.

DGArchive [1] is a project that started in 2013.
The basic idea is to maintain a database of Domain Generation Algorithms (DGAs) and their corresponding output.
The current data set constitutes of 63.699.402 unique domains, as generated by more than 600 seeds of almost 70 different DGAs.
Some common use cases involve checking suspicious domains for DGA identity or using the offered feeds for DNS-based alerting or blocking.

Malpedia [2] is a community-based collaboration platform intended to serve as a resource for rapid identification and actionable context when investigating malware.
Its foundation is a curated corpus of confidently labeled, unpacked reference samples for as many malware families and versions as possible.
The project has officially launched in December 2017 and currently tracks more than 700 distinct malware families with 2100 representative samples.

After a short explanation of each of the services, we will have a look at practical examples and how they can be operationalized in the SOC context.


Strategic Breakout Session

by Jan Brons, Lead Incident Response Cyber Defence Programme at Swiss Re

Roundtable discussion – Incident Response in the Cloud
(Security) Incidents will happen no matter if you are using cloud or on premise solutions solely. What also remains are regulatory requirements to report e.g. data loss to regulators and customers.

During this interactive roundtable discussion, we exchange expert knowledge on the topic of cloud Incident Response answering questions about interactions between your internal IR Team and teams from cloud providers, what kind of actions are triggered by which team, and more.

6:00 – open end Apéro Riche and Networking (so reserve as well the evening!)
The speakers will be onsite for Q&A

The Sponsor of this event is:

Main Sponsor

This is a ‘must attend’ event for all Security Operation Professional! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register or send us the application form by email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this platform. In addition, we share the contacts as well with the community itself.

Mobile Menu