Incident Response @ Scale - Building a Next Generation SOC

Presented at Black Hat Asia 2016, Unknown date/time (Unknown duration)

When the ratio of security personnel to endpoints/users/customers is so low, managing the amount of incidents that come in becomes impossible. In this talk we will discuss these Monitoring & Incident Response challenges, and how most of the processes can be (semi-)automated to lower the initial triage and full resolution timeline, increase visibility and over ability to protect your organization.

Presenters:

• Omer Cohen - IL-CERT/Yahoo
  Specializing in incident response and security architecture, Omer Cohen provides information security consulting services for Fortune 500 companies and other unique organizations. With years of experience in the field, Omer leads security research projects and focuses on implementing new technologies for various security related applications. Omer has extensive experience with system administration, network architecture design, software development, and enjoys a rich background in information security.

Links:

• https://www.blackhat.com/asia-16/briefings.html#incident-response-at-scale-building-a-next-generation-soc
• https://www.youtube.com/watch?v=kYCJXwBaZR4
• https://www.blackhat.com/docs/asia-16/materials/asia-16-Cohen-Incident-Response-At-Scale-Building-A-Next-Generation-SOC.pdf

Similar Presentations:

• Kernelcon 2022 / Keeping a cool head in the eye of the storm, my experience with Incident Response leadership
• GrrCON 2013 / Cloud Incident Response
• DeepSec 2018 „I like to mov &6974,%bx“ / Leveraging Endpoints to Boost Incident Response Capabilities