SANS SOC Summit:
SANS Security Operations Center (SOC) Summit. As we see regularly in the news, the number of successful data breaches continues to increase. Adversaries seem to have the upper hand, as many organizations fail to effectively detect and quickly respond to these breaches. Over 80% of all breach victims learn of a compromise from third-party notifications, not from internal security teams, and are often caught by surprise. As a result, executives are demanding that their security teams provide enhanced security posturing, monitoring, and detection to stop these threats. All of this is driving the need for organizations to put in place more formal and aggressive security operations, including a more robust and well-organized focus on security infrastructure, pre-breach posturing, detection, and response to attacks, and a more proactive approach to hunting for breaches. Many organizations are looking to either set up or outsource a Security Operations Center (SOC) and formalize Computer Incident Response Teams (CIRTs) in order to accurately and effectively detect and respond to data breaches.
Cybersecurity in organizations is often a silo distributed across different internal business units. The IT help-desk/operations support group, log management team, pen testing team, and forensics and incident response team are often ad-hoc or under different management, and do not always talk or work together. Many organizations do not even have an advance warning group such as a cyber threat team. To make matters worse, in many organizations, incident response plans are not routinely tested with the entire security team.
For security to work effectively, teams must be integrated across the entire organization, and they must work in concert when the detection team identifies a potential incident. Creating, developing, and formalizing a SOC provides a central command environment for all of the security teams to work together, share information and intelligence, and respond to breaches as a single effective group.
The SOC Summit brings together industry experts and peers to discuss ideas and solutions to facilitate effective security operations for any organization - from small businesses with limited IT security personnel to larger enterprises with a dedicated operations center. You'll learn from the best in the industry, and SANS' hands-on and participatory approach will enable you to immediately apply what you've learned and start implementing effective security solutions the first day you return to the office.
Every organization faces the challenge of how to properly monitor and analyze security. At the SOC Summit, professionals and experts will share their experiences with building out organizations' security operations and increasing the effectiveness of security as a whole. Attendees will learn not only what mistakes to avoid in implementing and running a SOC, they'll also come to understand the processes and capabilities that other SOCs are using to help create more wins against a variety of threat groups.
It is time that we do what the adversaries and threat groups have been doing for years: share information. A single organization or individual alone cannot figure out everything that needs to be done for effective security. You'll take away news ideas from the SOC Summit not only from the best minds in the business, but also from others who have faced similar challenges in increasing their enterprise's situational awareness and monitoring and responding to threats.
You will learn to:
Take a more integrated approach to security using the tips and tricks presented at the Summit.
Integrate the SOC so that it works effectively with the IT help-desk, IT operations, and management
Automate detection and response inside your SOC
Reduce chaos and increase effectiveness during a crisis
Properly identify, train, challenge, and retain SOC personnel and operators
Discuss how policies need to reflect operations and reality
Build trust inside the organization
Operationalize your security processes, reporting, metrics, and policies - that is, what works and what doesn't
Evaluate the tools and capabilities needed to make cybersecurity work effectively
Topics will include:
Critical security controls
Integrated security defenses
Enterprise network and host monitoring
Threat intelligence utilization and usefulness
Incident response team operations and management
Who should attend?
Chief Information Security Officers (CISO)
Chief Technology Officers (CTO)
Chief Information Officers (CIO)
SEC511: Continuous Monitoring and Security Operations - Eric Conrad
SEC503: Intrusion Detection In-Depth - Johannes Ullrich, Ph.D.
FOR508: Advanced Digital Forensics and Incident Response - Alissa Torres
Security Operations Center (SOC) Summit — Staff