Monday, June 24, 2019

2019 SOC Summit - Action Items

Slide decks for talks available here:
https://www.sans.org/cyber-security-summit/archives/cyber-defense

Youtube Video (duration: 8:35) of these items: https://www.youtube.com/watch?v=W-GGqx-q_Rg

=-=-=- Day 1 =-=-=-

Keynote: Lessons Learned Applying ATT&CK-Based SOC Assessments
Action Item: Plan for an ATT&CK based assessment to identify coverage, internal or third party.

 Use Case Development Utilizing an ARECI Chart
Action Item: Identify Gaps in coverage using ARECI charts built from use cases.

 Use Cases Development as a Driver for SOC Maturation
Action Item: Tune down the noise.

A SOC Technology/Tools Taxonomy – And Some Uses for It 
Action Item: Compare your deployed SOC infrastructure to the proposed taxonomy.

 Mental Models for Effective Searching
Action Item: Minimize time spent at the blank search bar by developing effective capability.

 Managing Security Operations in the Cloud
Action Item: Familiarize yourself with cloud defenses available and integrate into the DevOps cycle to leverage them.

 Virtuous Cycles: Rethinking the SOC for Long-Term Success
Action Item: Autonomy, Mastery, Purpose. Skills, Empowerment, Creativity, Growth. Automation->Efficiency->Metrics

2019 SANS SOC Survey Preview: Live Simulcast
Action Item: Download and read the 2019 SOC Survey when it comes out.


=-=-=- Day 2 =-=-=-

How to Disrupt an Advanced Cyber Adversary
Action Item: Focus on Network Awareness, Cyber Hygiene, and proper Device Configuration.

Breach -> ATT&CK -> Osquery: Learning from Breach Reports to Improve Cross-platform Endpoint Monitoring
Action Item: Whatever you choose to instrument your endpoints with, learn the granular differentiation of the host that will made detection and hunting meaningful.

Shared Security Services: How to Adjust to an Ever-growing Landscape of Security Operations Center Responsibilities
Action Item: Tell a good story about your SOC, and your internal collaborators.

The Call Is Coming from Inside the House: How Does Your SOC Respond When Attackers Are On-Site?
Action Item: Make people disappear. Think about how the physical matters.

How to Literally Think Like an Attacker to Become a Better Defender
Action Item: Think

Arming SecOps with a Special Forces Targeting Process
Action Item: Advance your thinking using intelligence

The Case for Building Your Own SOC Automations
Action Item: Automate good capabilities, that you already have or want. SOAR tools not required.

Rapid Recognition and Response to Rogues
Action Item: Know thy network (as much as you can).

This Will Never Work: Tales from Disappointingly Successful Pen Tests
Action Item: Demonstrate weakness to drive improvement. Take time to laugh.


Posted by at

1 comment:

  1. Best GuitarSeptember 29, 2019 at 5:01 AM

    SOC automation drives playbook execution of incident response workflows by formalizing best practices and then executing them through an automated sequence of tasks.

    ReplyDelete

Subscribe to: Post Comments (Atom)