Roundtable 1: David Grout, CTO EMEA at Mandiant (now part of Google Cloud)
Operationalise your Threat Intelligence
Threat Intelligence is a trendy topic but often misunderstood by vendors and cybersecurity actors. During this roundtable David Grout, CTO Mandiant, will moderate the discussions to encourage “best practices sharing”, “return of experiences” and interaction in between the participants. The aim of this session is not the what , or when but the HOW, how to use it, how to build a program , how to made it a success or how to share failure to be better on the next iteration. Come with your passion and willingness to share experience with your peers to help the entire community to improve the way to deal with CTI.
Roundtable 2: Andreas Mühlemann, Security Engineer at SWITCH
Open Source Intelligence Platforms for SOC Teams
Incident Handling needs fast answers to triage an event or decide if an incident response playbook should be applied to the current case.
Open source intelligence platforms can help to get a quick insight if an IP Address, Domain or file is already known to be malicious. This round table discusses various platforms and their advantages and disadvantages which help to simplify and speed up incident response teams processes.
Roundtable 3: Todd James, Vice President, Head of Cyber Detection Centre at Swiss Re
Are you prepared for Incident Response in the Cloud?
Are you and your team ready to perform incident response in a timely manner in your cloud environment? Have you thought about your tooling, logs, processes, and skills and how much they differ from your on-prem infrastructure and the commodity malware you normally deal with? Let's discuss these and others that you may have encountered to get you more confident with handling cyber security incidents in the cloud.
Roundtable 4: Clemens Sauerwein, Assistant Professor of Security Engineering at Leopold-Franzens Universität Innsbruck
The Role of Information Quality in SOCs
SOCs obtain information about vulnerabilities, threats, and attacks from a variety of information sources. Although this information is used as input for resource-intensive or securing business-critical processes, the quality and reliability of the information collected varies greatly. For this reason, we want to discuss criteria and metrics for assessing the quality of security information used in SOCs. Finally, let us develop a practical framework for the quality assessment of security information.