homepage
Open menu
Talk with an expert

2023 SOC/SOAR Solutions Forum

The pace of IT change has become difficult to keep up with for SOCs. The SOC team should use the SOAR platform to gain insight on what the SOC does and perform it with greater speed, precision, and consistency. The challenge is SOAR tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of data from disparate tools. The SOAR tool doesn’t replace SIEMs or analysts. It’s a tool to provide support to the analyst and enable the full power of a SIEM.

The SOC/SOAR Solutions Forum will explore best practices of selection, implementation, operations, and staff use of SOAR tools. Investing in a SOAR platform is strategic and financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. SOAR promises to reduce Security Operations Center (SOC) operating cost. If implemented properly, and with a commitment to ongoing operational adjustment, the SOAR can become an enabler, tracker, metrics collector, and procedure knowledge base.

Join in on the action! Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest our of 2023 Solutions Forums. We'll see you there!

Login to Register
SOC_SOAR_2023_-_Reg_Page.png

Sponsor

Anomali_Logos_Anomali Full Color Primary - NEW.pngGoogle_Cloud.pngPalo_Alto_Networks.pngrapid7.pngVMRay Logo - Dark Blue

Agenda | March 17, 2023 | 10:30AM - 1:30PM EDT

Timeline (EDT)

Session Details

10:30 AM

Welcome & Opening Remarks

Chris Crowley, Certified Instructor, SANS Institute

10:45 AM

Advanced Sandboxing – Supercharging your SOC

Join Michael Bourton and Andrew Maguire from VMRay on March 17th, 2023, to hear about the advances in modern sandbox technology and how SOAR playbook integration can meet the challenge of today’s most evasive malware threats. Learn how SOC teams can integrate advanced sandboxing into their existing SOAR solution to perform automated EDR malware alert triage. Discover how to extract and streamline the sharing of IOCs and artifacts to enhance threat intelligence repositories or assist in threat-hunting efforts. Finally, understanding the value of custom YARA rules and how STIX can be used to create firewall rules and detection signatures, shining new light on evasive threats breaching the perimeter.

Andrew Maguire, Product Marketing, VMRay

Michael Bourton, Senior Security Solutions Engineer, VMRay

11:20 AM

Uniting Data That Matters Using SOAR

The key to optimizing SOC performance? Extracting insights from your data via a SOAR platform. This session will offer a cheat sheet for harnessing the full power of your SIEM via SOAR in three critical areas: 1) Creating playbooks so you can orchestrate disparate tools, 2) leveraging business intelligence so you can identify gaps, reallocate resources, evolve existing processes, or identify where to automate manual processes and 3) Use case management to unite the information that matters so your analysts can focus on what’s important instead of drowning in data.

Andy Shepherd, Senior Solutions Engineer, Google Cloud

11:55 AM

Break

12:10 PM

What Does it Take to be Successful at SecOps Automation?

Alert volume is increasing. Analysts are burning out. You are considering SOAR to help you automate your workflows and ease the workload for your SecOps team. But finding value in a SOAR product can be challenging without direction. How do you determine if you are a candidate for automation? In this session, we will share some of the insights we have gained from our experience helping our customers deploy SOAR:

  • Top things to consider before you deploy automation
  • Breaking down a process into an automated workflow
  • Some "low-hanging fruit" use cases for immediate time savings
  • Insights from Cortex XSOAR customer telemetry to see how your peers are deploying automation

Jane Goh, Principal Lead, Product Marketing, Cortex XSOAR. Palo Alto

12:45 PM

Sustaining a Successful SOC: A Panel on Technology, Productive People, and Effective Strategy

Chris Crowley, Certified Instructor, SANS Institute

Andy Shepherd, Senior Solutions Engineer, Google Cloud

Michael Bourton, Senior Security Solutions Engineer, VMRay

Jane Goh, Principal Lead, Product Marketing, Cortex XSOAR, Palo Alto

1:30 PM

Wrap-Up

Chris Crowley, Certified Instructor, SANS Institute

 

Related Content

Blog
Why SANS - Blog - Zero Trust - Zero Trust Network Architecture- Ready for Prime Time__340 x 340.jpg
Cyber Defense
Zero Trust Network Architecture: Ready for Prime Time?
This infographic outlines the principles of implementing a Zero Trust architecture by focusing on strategies like micro-segmentation and continuous authentication.For a deeper dive into these topics, download the SANS Zero Trust Strategy Guide and watch the YouTube video to gain actionable...
SANS_social_88x82.jpg
SANS Institute
read more
Blog
Why SANS - Blog - Critical Infrastructure - Supply Chain Attacks- Why Security Leaders Must Act Now_340 x 340.jpg
Cyber Defense
Fortifying the Supply Chain: Strategies for Modern Security Challenges
This infographic emphasizes securing the supply chain against modern threats by distinguishing supply-chain risks from internal risks and recommending best practices for managing external dependencies.For a deeper dive into these topics, download the ICS Strategy Guide and watch the YouTube video...
SANS_social_88x82.jpg
SANS Institute
read more
Blog
Top_10_SANS_Summits_Talks_of_2021.png
Cybersecurity Insights, Digital Forensics, Incident Response & Threat Hunting, Cyber Defense, Cloud Security, Open-Source Intelligence (OSINT), Cybersecurity Leadership, Security Awareness, Artificial Intelligence (AI)
Top 15 SANS Summit Talks of 2023
This year, SANS hosted 16 Summits with 209 talks. Here were the top-rated talks of the year.
370x370-person-placeholder.png
Alison Kim
read more