Name: Common and Best Practices for Security Operations Centers
Start: 2019-08-20T16:35:00Z
End: 2019-08-20T17:38:02.000Z
Location: BrightTALK
Rating: 5

CyberProof is a security services company that intelligently manages your incident detection and response. Our solution provides complete transparency and dramatically reduces the cost and time needed to respond to security threats and minimize business impact. SeeMo, our virtual analyst, together with our experts and your team automates and accelerates cyber operations by learning and adapting from endless sources of data and responds to requests by providing context and actionable information. This allows our nation-state cyber experts to prioritize the most urgent incidents and proactively identify and respond to potential threats. We collaborate with our global clients, academia and the technology ecosystem to continuously advance the art of cyber defense.

Security operations has become more difficult than ever before as rapid changes to business’ IT infrastructure create new attack surfaces. Security teams are being pressured to optimize and future-proof their cyber defense architecture, so in what should you prioritize your investments as you evolve your cyber defense architecture?

In this session, CyberProof’s CEO Tony Velleca and VP of Strategy Bruce Roton outline the key pillars of a modern SOC that will allow you to adapt as your business and threat landscape conditions change, including: cloud-native security monitoring infrastructure to scale to big data requirements of enterprises, adapting to new threats in an agile way with the Use Case Factory model, enabling collaboration between specialist teams in the SOC, and how bots can enable humans.

Pillars of a Modern SOC

How do the threat hunting team and the Cyber Threat Intelligence (CTI) team collaborate in real time during a ransomware attack? What are the key points that need to be investigated and what process is taken to obtain answers quickly when time is short?

In this session, we’ll look at how these two expert teams at CyberProof worked together in a recent ransomware incident to quickly get to the root of questions such as: What was the initial attack vector used? Was the exfiltration accomplished? Do the threat actors still have access to the network? Learn more in this session by CyberProof’s Asaf Haski, Senior Cyber Threat Intelligence Analyst, and Karina Daniel, Cyber Threat Hunter.

Responding to Ransomware: How to Leverage Threat Intelligence and Threat Hunting

Ransomware continues to be one of the most damaging forms of cyber crime being used by threat actors, but their approach has been changing in recent years. It is therefore crucial to understand how these attacks are executed and what subsequent measures should be taken. We have created a special simulation to show you how easy it is to fall victim to ransomware and will provide some best practices to help you prepare.

Understanding the Ransomware Threat

How can organizations adopt cloud-native cyber defense without the complexity and costs associated at two distinct stages of the transformation journey (migrating from legacy systems to Azure Sentinel or already invested in Microsoft Security stack but need to optimize)?

In this session, Microsoft's CSA Ken Malcolmson and CyberProof's Cloud Security Solutions Architect Team Leader Saggie Haim will discuss cloud security transformation, including: cloud-native vs on-premises and cloud-based, and key priorities when securing multi-cloud environments.

Driving the Next Generation of Cloud Security Transformation

To stay ahead of the ever-changing threat landscape, security teams need a way to continuously tune their threat detection and response capabilities. In this session, we’ll introduce an agile methodology that can be used to understand your current threat coverage and adapt detection and response workflows as your business and threat conditions change.

Adapting your Cyber Defense to the Ever-Changing Threat Landscape

In this webinar 42Crunch and CyberProof demonstrate how to proactively integrate API access logs into the Microsoft Azure Sentinel platform and actively defend APIs with the 42runch API Micro-Firewall

Actively Monitor & Defend Your APIs with 42Crunch & the Azure Sentinel Platform

Security operations teams are needing to extend their threat visibility into cloud environments but too often unable to turn their attentions away from simple log management, when they'd rather be focusing on taking action on validated threats. In this webinar we'll discuss how to move your daily activities from optimizing log collection to focusing on advanced threat detection and response activities leveraging Microsoft Sentinel, including:
•      How to avoid becoming a Cloud Storage Operations Centre?
• Defining and optimizing cloud security Use Cases
• Leveraging Microsoft Sentinel for cloud-native advanced analytics, automation and hunting
• Adopting a hybrid resourcing model to focus your staff on high priority tasks

Upgrade your SOC - from log collection to true threat detection & response

From an operational perspective, running attack simulations enables your cyber defense team members to sharpen their incident management and collaboration skills in detecting and responding to the most likely threats. But how should they be carried out in a typical organization?   In this presentation, Threat Hunter Aviel Golrochi and SOC analyst Nir Aharon discuss the need for and benefits of conducting attack simulations. Aviel will be representing “Blue Teaming” - the defensive side of attack simulations - while Nir will explore “Red Teaming” activities.

Red vs. Blue: The Importance of Attack Simulations

Many organizations with investments in Azure are naturally looking to integrate Azure Sentinel and customize it for their unique needs. But those with complex, hybrid environments, or with large volumes of data and legacy technology stacks find it difficult to focus more of their time on enabling Azure Sentinel's advanced capabilities for more proactive, measurable threat management.  In this session, Saggie Haim will be joined by Microsoft's Azure Sentinel expert, Javier Soriano to show you what you can be doing now to further your cloud-native threat detection and response maturity.  In this workshop, you'll learn how to:  - Adopt an agile process for threat hunting with KQL query tricks - Create KPI-driven reports you never thought you could have - Optimize log ingestion and retention process and costs  - Enrich and correlating events with Watchlists - Enable faster deployments and configurations with a CI/CD model

Optimizing your Azure Sentinel Platform

With the adoption of XDR technology, security buyers are looking for clarity on how it compares with its EDR predecessor and how the SIEM and SOAR technologies will adapt to fit the market need of wider visibility.

In this session, we’ll take you a defined process for evaluating these technologies against common business requirements including:

- Data collection and normalization
- Use Case development
- Customizing response actions
- Measuring the success of XDR

Ensuring a Successful XDR Adoption

Threat Hunting has become an essential discipline for security operations teams, due to the persistence of attackers in evading perimeter controls and moving laterally within the network. So how can you integrate this capability efficiently into your SOC?

In this session, we’ll provide practical tips, techniques and a proven methodology that your analysts and threat hunters should use. We'll explore how to identify threats covering everything from developing hypotheses and locating infection evidence across environments to providing indicators for attack detection and mitigation strategies.

Planning a Threat Hunting Program

As security leaders plan their roadmap for OT Security, it’s important to understand how the Security Operations Center (SOC) will need to adapt their processes to OT-related environments. In this session, we’ll focus on what the top priorities should be for organizations looking to protect their OT/ICS assets.  We’ll also hear from the CISO of Radiflow on how he works with organizations to help them understand and manage OT risk.

Understanding and Managing OT Security Risk

Not all threat intelligence is created equal. Having the right people and processes in place is part of the solution to turn generic insights into targeted intelligence. But in order to collect, normalize and analyze the vast amounts of data available to us quickly, we need to bring in the power of automation as well.   Orel Pery of CyberProof’s Cyber Threat Intelligence (CTI) team, together with Dov Lerner will explore several scenarios on how to integrate automation into your CTI processes. She will discuss how to provide actionable threat intelligence to security operations teams from different sources - including the dark web - for faster, more effective incident response.

Obtaining Actionable Threat Intelligence Through Automation

SOC teams are being challenged with achieving two objectives – 1) Stay on top of new threats and 2) Cut operating costs. To achieve both, we need to empower the SOC to drive cyber defense priorities rather than being told to monitor what has already been implemented.In this session, we’ll share a proven framework with real-life examples of how the SOC can drive security spend while continuously adapting their defenses to new threats.

This will include:

- Getting out of the infrastructure-driven approach
- Aligning Risk and SOC teams
- Real-life examples of how the SOC can align spend to threat coverage

Empowering the SOC to Drive Security Spending

With security analysts acting as the frontline of cyber defense, it’s paramount to maintain team morale and vigilance. So how can you ensure continuous development and retention of your SOC personnel in an industry battling alert fatigue and employee burnout?  In this session, we’ll take you through some proven techniques and programs that help keep your SOC team motivated and fulfilled in their work. (Hint: it’s not Red Bull!)

Motivate Your SOC Team and Prevent Burnout

In this webinar, viewers will learn best practices on how individual security teams should collaborate within a SOC to mitigate threats effectively – including security analysts, SIEM engineers, vulnerability managers, threat intelligence analysts and threat hunters.

Real-Life Examples of How Security Teams Mitigated Attacks in 2021

Are you looking to build or mature your SOC? Unique challenges in 2021 have driven nuances in how to set up and optimize Security Operations functions such as remote working practices and new technologies. In this session, we’ll go through the essential steps involved in planning the teams, processes, and technologies that make up a modern SOC, including:  - Functional design of a SOC - Business alignment - Operational processes - Staff - Key metrics

Building a Modern SOC

Running the organization’s cyber defense operations requires a leader with both experience and skill sets in providing technical guidance to security leadership and motivation to the security operations team.   But what are the exact traits and scenarios security leaders will be looking for when hiring a SOC leader? Those looking to further their career or improve their SOC leadership skills should attend this session.

What to look for in a SOC leader

The 2019 SANS Security Operations Center (SOC) Survey is focused on providing objective data to security leaders who are looking to establish a SOC or optimize an existing one. This webcast will capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and highlight the key areas that SOC managers should prioritize to increase the effectiveness and efficiency of security operations.
Attendees at this webcast will learn:
- What types of SOC infrastructures are used most frequently
- How SOCs interact with network operations centers and incident response teams
- What activities typically define a SOC and how many of them are outsourced
- Which SOC-related technologies organizations are most satisfied with
- How organizations use metrics to evaluate SOC performance
- What challenges inhibit integration and utilization of a centralized SOC model

Common and Best Practices for Security Operations Centers

Security Operations

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful finance insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge that will help you to determine which financial factors build or erode value in your organization.

Finance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Common and Best Practices for Security Operations Centers

Presented by

About this talk

More from this channel