SIGS Special Interest Group – 9th SOC Forum

Save the DateKlick for the .ics file to save the date

Target Audience Security Operations Center Professionals
CIO’s, CISO, IT Manager, Security Officer, Security Architects and Engineers – all from end customer side who are interested in IT Security

From Consultancies and Resellers/ Integrators are only technical peoples allowed to take part – max. one participant per company. Vendors and people with a Sales/Marketing role are not authorized as participants.

If you are not on the dedicated invitation list and you like to take part in this community and get the invitations, please fill out the application form.

CPE Credits Earn 4 CPE (Continuing Professional Education) for attending this SIGS event. Please request a confirmation.
Location Hilton Zurich Airport Hotel
Hohenbuehlstrasse 10
8152 Opfikon-Glattbrugg

There are a lot of free park places available.
Train: railway station Zurich Airport – take the Hotel Shuttle

Date of Event 13th of June 2017
Further planned dates: 31st of August and 23rd of November 2017
Language English
Participation Costs Fr. 55.— per participants
Organization, presentations, beverages and aperitif included

 
Agenda

 

1:30 – 2:00 pm Registration & Coffee
2:00 – 2:30 pm Manuel Suter, Coordinator for the National Cyber Strategy (NCS), Reporting and Analyseis Centre for Information Assurance (MELANI), Federal IT Steering Unit (FITSU)

National strategy for the protection of Switzerland against cyber risks (NCS) – on the road towards NCS 2.0
In 2012, The Federal Council adopted the five-year strategy for the protection of Switzerland against cyber risks (NCS). As the current strategy approaches its end, preparations for a follow-up strategy have started. Based on the results of a thorough evaluation on the results of the NCS until now, the federal administration – in close collaboration with experts and stakeholders from the private sector – is currently devising the NCS 2.0. Manuel Suter will present the current state of this work and will outline the strategic direction of the new strategy.

2:30 – 3:00 pm Joona Airamo, IT Operations & Otto Airamo, Network Security Team Lead at Forcepoint

Joona Airamo is the former CISO of Stonesoft with 20 years experience with computer attacks and how to defend against them. He has worked in both defense and ethical offense side of security. Joona holds a M.Sc. degree from the Helsinki University of Technology.

Otto Airamo has been working in the area of network security since 2001. He is the Network Security Team Lead for Forcepoint NGFW and also responsible for penetration testing and network attacks. His area of expertise lies in network security combined with software development skills. Otto holds a M.Sc. degree from the Helsinki University of Technology.

What Defenses Work Against Nation State Attacks?
Findings of what kind of attacking techniques nation state actors use. Defending against these is difficult, but not by all means impossible. Several recipes of survival are shown.

3:00 – 3:30 pm Maxim Deweerdt, Cyber Analyst at SANS

Maxim is a certified Incident Response and Digital Forensics (DFIR) expert. He has been involved in numerous APT and high profile incidents and has taken up various roles throughout his career.

Currently employed as DFIR lead at Belgium’s National and Governmental CERT, Maxim is constantly experimenting with new tools and techniques to ensure he and his employer are on top of their game.

Maxim has been an early adopter of the Threat Hunting mentality and has been helping clients, governments and SME’s to start with Threat Hunting activities.
By combining two passions of his – giving back to the community and Cyber Security – Maxim speaks passionately throughout his presentations and classes and is able to enrich them with real-world scenarios and examples.

You can find Maxim on twitter (@AlfaSec).

How to start Threat Hunting on a 4h/week budget
While the need for proactive threat identification is getting traction within the security industry, many still see this as something that can only be achieved by investing in intelligent (and expensive) threat hunting software. Following an effective methodology, starting with baselining a subset of the systems in your environment and automating analysis through scripting, has enabled the author to start threat hunting efforts on a 4-hour budget. During the session, hands-on tips and lesson learned will be provided.

3:30 – 4:15 pm Break
4:15 – 6:00 pm Story of a Black Hat

by Joona Airamo, IT Operations & Otto Airamo, Network Security Team Lead ad Forcepoint

Technical demo of how advanced adversary finds his way through multiple defenses and steals credit cards from his chosen target company. Hints for the security analysts of what traces to look for. Investigation, IoC hunting and enterprise wide clean-up. Watching real attacks and professional investigation is entertaining and eye-opening.Technical demo of how advanced adversary finds his way through multiple defenses and steals credit cards from his chosen target company. Hints for the security analysts of what traces to look for. Investigation, IoC hunting and enterprise wide clean-up. Watching real attacks and professional investigation is entertaining and eye-opening.

Description:
Ever wanted to see how APT attacks are planned and executed? Come and see a demo that covers attacking tools, methods and infrastructure. We’ll watch how a Black Hat evades through various defense controls, simulating zero-day attack capability. His target: credit card database.
After the attack is over we’ll switch the cameras into the defenders and start pointing out the traces inevitably left behind. You’ll get a concrete list of log entries worth watching in your own systems as well! We’ll spend the second half of the presentation in looking at the ways to detect the Indicators of Compromises (IoC) and how to automate the APT infection scan through the whole enterprise.
Although a story, the attack simulates real methods and real defenses seen at real customers.

Workshop:
Interactive discussion of industry best practices in detecting and responding to breaches. The idea is to focus on technical controls and monitoring items. Everyone is encouraged to participate and we will collect the best ideas together to be shared with all attendees.

6:00 – open end Apéro Riche & Networking
The speakers will be onsite for Q&A

The Sponsor of this event is:

The Co-Sponsor of this event is:

This is a ‘must attend’ event for all Security Operation Professional! We are confident that the relationships you develop here will prove to be crucial to your continuing success.

So don’t wait and register or send us the application form by email

With the registration for this event you accept, that SIGS may use the data entered for its own purposes and may share it with its event partners and event sponsors of this platform.

Mobile Menu