Join Our Mailing List Here

INsecurity Conference 2018 Schedule Builder

View, browse and sort the list of sessions by pass type, track, and format. Sessions do fill up and seating is first come, first serve, so arrive early to sessions that you would like to attend. Check back as we add more sessions soon.

Leveraging Security Orchestration and Automation to Defend at Attacker Speed

Brian Genz (Threat Hunting Lead / Senior Engineer, Northwestern Mutual)

Date: Thursday, October 25

Time: 9:45am - 10:45am

Session Type: Track Session

Track: Operations and Practices

Vault Recording: TBD

Audience Level: Intermediate

At Black Hat USA 2017, two researchers highlighted advancements in targeted, automated attacks in their talk titled, "The Industrial Revolution of Lateral Movement." For the defenders sitting in the room, it was clear that we were facing a widening gap between attacker techniques and defenders' detection capabilities. The speed of offensive innovations has outpaced the defenders' ability to keep up, and this dynamic seems to be accelerating.

There are three common challenges for defenders: a shortage of qualified information security professionals, a high volume of security alerts with varying degrees of fidelity, and a dynamic threat landscape rapidly evolving toward sophisticated, automated attacks.

Security Orchestration, Automation and Response (SOAR) enables defenders to operate at attacker speed by codifying detection and response expertise into automation playbooks. This presentation will explore the core components of SOAR, the skills required to design and implement it in your organization, and common use cases focused on detection & response, threat hunting, and threat intelligence. We will also outline potential opportunities for security control testing in a defense-in-depth environment.

We'll use a case study approach, distilling lessons learned into actionable recommendations.

You will learn:
- How SOAR enables the organization to improve detection and response
- How Security Orchestration, Automation and Response can become a productivity multiplier for defenders
- How SOAR functions as the "connective tissue" between tools in your existing security stack
- The critical role that skilled information security professionals play in this activity
- How SOAR provides a mechanism for highlighting visibility gaps, thereby driving instrumentation and security architecture decisions
- Lessons learned from implementing SOAR in the Scaled Agile Framework (SAFe)
- How SOAR can provide unique opportunities to build meaningful metrics and reporting strategies