(registration will be closed June 14th, 2023)
Official Event Sponsor
Meet with and be inspired by like-minded peers who face a similar set of challenges. Share strategies for mitigating the most current information security threats. A friendly, relaxed and professional atmosphere will ensure that you leave this event with a new wealth of trust-based contacts and tangible takeaways.
The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a one-to-one environment.
This is a ‘must attend’ event for all security operation professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success. So do not wait and register!
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a one-to-one environment.
This is a ‘must attend’ event for all security operation professionals! We are confident that the relationships you develop here will prove to be crucial to your continuing success. So do not wait and register!
Looking forward to see you there,
your SIGS team
As always: sales peoples (incl. CEO's and Founders), vendors, consulting companies like the big4 and all peoples who just like to sell their products or services are not allowed to take part at SIGS events.
Location
Hilton Zürich Airport
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg
Hohenbühlstrasse 10
8152 Opfikon-Glattbrugg
DATE & TIME
June 15th, 2023, 1:30 pm - open end incl. dinner
Airport Transfer & Parking
There's a shuttle bus from and to the airport, but only at specific times.
Parking lots at the hotel are available for free.
Parking lots at the hotel are available for free.
Participation Fee
EUR 55.--
Schedule
1:30 pm
Registration
2:00 PM
Welcome & short introduction from Mark Beerends, Contributor at SIGS
2:o0 PM
Sylvain Hirsch, Cyber Security Professional at Mandiant (now part of Google Cloud)
Intelligence Driven Incident Response
The usage of Intelligence to efficiently identify, drive and respond to cyber-attacks
In today’s world, cyber criminals are leveraging ransomware and multifaceted extortion campaigns with unprecedented frequency. The sophistication and the complexity of cyber attacks are also increasing. Consequently, organization should implement processes and leverage intelligence to efficiently detect, identify, and respond to cyber threats.
This presentation will focus on Incident Response and Intelligence and will explain how the usage of effective threat intelligence enables organizations to efficiently identify and eradicate Advanced Persistent Threats (APTs.)
The first section will discuss the response processes that should be implemented to investigate, respond, and eradicate cyber threats.
The second section will focus on threat intelligence and how effective intelligence helps organizations to gain strategical, operational, and tactical advantage on the adversaries. It will also include best practices on how intelligence should be handled and processed to be integrated into the cyber defense functions.
The last section of this presentation will discuss a real-live engagement illustrating how accurate, timely, actionable intelligence permits to identify APT 39 cyber espionage activities while investigating an unrelated ransomware attack.
Intelligence Driven Incident Response
The usage of Intelligence to efficiently identify, drive and respond to cyber-attacks
In today’s world, cyber criminals are leveraging ransomware and multifaceted extortion campaigns with unprecedented frequency. The sophistication and the complexity of cyber attacks are also increasing. Consequently, organization should implement processes and leverage intelligence to efficiently detect, identify, and respond to cyber threats.
This presentation will focus on Incident Response and Intelligence and will explain how the usage of effective threat intelligence enables organizations to efficiently identify and eradicate Advanced Persistent Threats (APTs.)
The first section will discuss the response processes that should be implemented to investigate, respond, and eradicate cyber threats.
The second section will focus on threat intelligence and how effective intelligence helps organizations to gain strategical, operational, and tactical advantage on the adversaries. It will also include best practices on how intelligence should be handled and processed to be integrated into the cyber defense functions.
The last section of this presentation will discuss a real-live engagement illustrating how accurate, timely, actionable intelligence permits to identify APT 39 cyber espionage activities while investigating an unrelated ransomware attack.
2:30 PM
Marc Doudiet, Senior Director Global Incident Response at Kudelski Security & Julian Kanitz - Lead Sales Engineer DACH at Recorded Future
Staying Ahead of Cyber Threats: How identities are really compromised and protected
As cyber threats become increasingly sophisticated and prevalent, it's crucial for organizations to be proactive in their approach to cybersecurity. This presentation will discuss the importance of an identity-driven incident response strategy in staying ahead of cyber threats. We will explore how threat intelligence can be used to identify identity compromises, and how incident response can be tailored to be more effective by leveraging intelligence insights and improving resilience capabilities.
Key Takeaways:
- Proactive cybersecurity is crucial in today's rapidly evolving threat landscape
- Threat intelligence provides valuable insights to stay ahead of cyber threats
- Intelligence-driven incident response reduces the impact of cyber attacks
Staying Ahead of Cyber Threats: How identities are really compromised and protected
As cyber threats become increasingly sophisticated and prevalent, it's crucial for organizations to be proactive in their approach to cybersecurity. This presentation will discuss the importance of an identity-driven incident response strategy in staying ahead of cyber threats. We will explore how threat intelligence can be used to identify identity compromises, and how incident response can be tailored to be more effective by leveraging intelligence insights and improving resilience capabilities.
Key Takeaways:
- Proactive cybersecurity is crucial in today's rapidly evolving threat landscape
- Threat intelligence provides valuable insights to stay ahead of cyber threats
- Intelligence-driven incident response reduces the impact of cyber attacks
3:00 PM
Damien Schaeffer, Senior Malware Researcher at ESET
Unveiling the Sky: Decrypting the CloudAtlas APT Group
CloudAtlas, also known as the Inception framework, is a cyberespionage group active since at least 2014, when it was first publicly documented. It is also believed to be a spin-off from Red October, an older cyberespionage group.
CloudAtlas mainly targets governments and strategic companies (such as companies in the defense sector) in Russia, Europe and the Caucasus. In this talk, we will detail the recent activities of the CloudAtlas cyberespionage group, including information about the group’s modus operandi, toolset and victimology.
Unveiling the Sky: Decrypting the CloudAtlas APT Group
CloudAtlas, also known as the Inception framework, is a cyberespionage group active since at least 2014, when it was first publicly documented. It is also believed to be a spin-off from Red October, an older cyberespionage group.
CloudAtlas mainly targets governments and strategic companies (such as companies in the defense sector) in Russia, Europe and the Caucasus. In this talk, we will detail the recent activities of the CloudAtlas cyberespionage group, including information about the group’s modus operandi, toolset and victimology.
3:30 PM
Break
4:10 PM
Roundtable 1: Sylvain Hirsch, Cyber Security Professional at Mandiant (now part of Google Cloud)
From the Frontline to the Board
For the last decade, the pace of digitalisation has been increasing, along this growth the number of destructive cyber attacks and cyber espionage activities has been on the rise. To withstand and mitigate the impact related to cyber attacks, organisations have to develop a clear, realistic, and efficient cyber resilience strategy.
First, this roundtable discussion will discuss the benefits of leveraging frontline experience and threat intelligence to prioritise and enhance cyber capabilities, drive risk-management, and support cyber investment decisions.
Then, this roundtable will holistically cover the main factors to successfully build an efficient and realistic cyber strategy. Although there is no “one size fits all” cyber strategy, common factors for success and best practices enabling organisations to achieve their defined cyber maturity will be discussed. The “quick wins” to rapidly uplift organisations’ cyber maturity along with the development of long-term advanced capabilities will also be discussed.
This roundtable will finally cover the “human” factor that enables organisations to strengthen their cyber resilience overall. The benefits and methodologies that can be applied to raise the organisation’s cyber awareness, improve the cyber security teams’ skills through relevant targeted simulations, and enhance the top management’s cyber knowledge will be discussed.
Roundtable 2: Clemens Sauerwein, Assistant Professor of Security Engineering at Leopold-Franzens Universität Innsbruck
The Role of Information Quality in SOCs
SOCs obtain information about vulnerabilities, threats, and attacks from a variety of information sources. Although this information is used as input for resource-intensive or securing business-critical processes, the quality and reliability of the information collected varies greatly. For this reason, we want to discuss criteria and metrics for assessing the quality of security information used in SOCs. Finally, let us develop a practical framework for the quality assessment of security information.
Roundtable 3: Marc Doudiet, Senior Director Global Incident Response at Kudelski Security
XDR buzzword or reality?
XDR is a relatively new term in the cybersecurity industry that has gained significant attention in recent years. The goal of this round table is to explore the reality of XDR and determine whether it is a valuable tool in the fight against cyber threats or simply a buzzword.
During the round table, participants will be able to examine the various aspects of XDR, including its definition, capabilities, and potential benefits and limitations. They will explore how XDR differs from other security tools such as SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), and NDR (Network Detection and Response). The participants will also have the opportunity to discuss the practical implications of XDR, such as its ability to integrate and automate security tools across multiple environments.
Overall, the goal of the "XDR buzzword or reality?" round table is to provide an in-depth examination of XDR and its potential impact on the cybersecurity industry.
Roundtable 4: Pompeo D'Urso, Cyber Security Operations Manager at Octapharma
Are you ready to respond to a crisis and what is best way to test it?
Tabletop exercises, cyber ranges, automated simulation and many more. How can we identify among all the options the most fitting way to test the various teams involved in a crisis and how can we train our self’s and the relevant stakeholders to be ready when the action calls.
We’ll discuss about the various alternatives, the importance of the gamification aspect and how to consider the human element and account in testing the physical and psychological stress that can cumulate during the response.
From the Frontline to the Board
For the last decade, the pace of digitalisation has been increasing, along this growth the number of destructive cyber attacks and cyber espionage activities has been on the rise. To withstand and mitigate the impact related to cyber attacks, organisations have to develop a clear, realistic, and efficient cyber resilience strategy.
First, this roundtable discussion will discuss the benefits of leveraging frontline experience and threat intelligence to prioritise and enhance cyber capabilities, drive risk-management, and support cyber investment decisions.
Then, this roundtable will holistically cover the main factors to successfully build an efficient and realistic cyber strategy. Although there is no “one size fits all” cyber strategy, common factors for success and best practices enabling organisations to achieve their defined cyber maturity will be discussed. The “quick wins” to rapidly uplift organisations’ cyber maturity along with the development of long-term advanced capabilities will also be discussed.
This roundtable will finally cover the “human” factor that enables organisations to strengthen their cyber resilience overall. The benefits and methodologies that can be applied to raise the organisation’s cyber awareness, improve the cyber security teams’ skills through relevant targeted simulations, and enhance the top management’s cyber knowledge will be discussed.
Roundtable 2: Clemens Sauerwein, Assistant Professor of Security Engineering at Leopold-Franzens Universität Innsbruck
The Role of Information Quality in SOCs
SOCs obtain information about vulnerabilities, threats, and attacks from a variety of information sources. Although this information is used as input for resource-intensive or securing business-critical processes, the quality and reliability of the information collected varies greatly. For this reason, we want to discuss criteria and metrics for assessing the quality of security information used in SOCs. Finally, let us develop a practical framework for the quality assessment of security information.
Roundtable 3: Marc Doudiet, Senior Director Global Incident Response at Kudelski Security
XDR buzzword or reality?
XDR is a relatively new term in the cybersecurity industry that has gained significant attention in recent years. The goal of this round table is to explore the reality of XDR and determine whether it is a valuable tool in the fight against cyber threats or simply a buzzword.
During the round table, participants will be able to examine the various aspects of XDR, including its definition, capabilities, and potential benefits and limitations. They will explore how XDR differs from other security tools such as SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), and NDR (Network Detection and Response). The participants will also have the opportunity to discuss the practical implications of XDR, such as its ability to integrate and automate security tools across multiple environments.
Overall, the goal of the "XDR buzzword or reality?" round table is to provide an in-depth examination of XDR and its potential impact on the cybersecurity industry.
Roundtable 4: Pompeo D'Urso, Cyber Security Operations Manager at Octapharma
Are you ready to respond to a crisis and what is best way to test it?
Tabletop exercises, cyber ranges, automated simulation and many more. How can we identify among all the options the most fitting way to test the various teams involved in a crisis and how can we train our self’s and the relevant stakeholders to be ready when the action calls.
We’ll discuss about the various alternatives, the importance of the gamification aspect and how to consider the human element and account in testing the physical and psychological stress that can cumulate during the response.
5:00 PM
Change the table for the second round of discussions
6:00 PM
Apéro riche incl. networking and know how sharing till open end
Contributors & Speakers
Below you will find our contributors and speakers to whom we say a big thank you !
Natalya Arbuzova
SOC Manager Threat Detection and Response, Swisscom
Natalya is an active contributor for SIGS.
Further information at Natalya Arbuzova | LinkedIn
Further information at Natalya Arbuzova | LinkedIn
Mark Beerends
Executive Security Consultant, Prusec
Mark is an active contributor for SIGS. Further information at Mark Beerends | LinkedIn
Pompeo D'Urso
Cyber Security Operations Manager at Octapharma
Further information at Pompeo D'Urso | LinkedIn
Sylvain Hirsch
Cyber Security Professional at Mandiant (now part of Google Cloud)
Further information at Sylvain Hirsch | LinkedIn
Clemens Sauerwein
Assistant Professor of Security Engineering at Leopold-Franzens Universität Innsbruck
Further information at Clemens Sauerwein | LinkedIn
Damien Schaeffer
Senior Malware Researcher at ESET
Further information at Damien Schaeffer | LinkedIn
Marc Doudiet
Senior Director Global Incident Response at Kudelski Security
Further information at Marc Doudiet | LinkedIn
Julian Kanitz
Lead Sales Engineer DACH at Recorded Future
Further information at Julian Kanitz | LinkedIn
Contributors & Speakers
Below you will find our contributors and speakers to whom we say a big thank you !
Natalya Arbuzova
SOC Manager Threat Detection and Response, Swisscom
Natalya is an active contributor for SIGS.
Further information at Natalya Arbuzova | LinkedIn
Further information at Natalya Arbuzova | LinkedIn
Mark Beerends
Executive Security Consultant, Prusec
Mark is an active contributor for SIGS. Further information at Mark Beerends | LinkedIn
Sylvain Hirsch
Cyber Security Professional at Mandiant (now part of Google Cloud)
Further information at Sylvain Hirsch | LinkedIn
Marc Doudiet
Senior Director Global Incident Response at Kudelski Security
Further information at Marc Doudiet | LinkedIn
Contact Us
If you have any questions or you like to get information about further events, please do not hesitate to contact us!