Presented at
BSides Austin 2016,
March 31, 2016, 4:30 p.m.
(60 minutes).
Security Operations Centers are a central place where security incidents flow through in an organization. They use technologies and ideas such as IDS, IPS, network flow monitoring, threat analysis and incident response to protect and secure an environment. However, the SOC of today is often out of date and out of touch with how we use our machines and data. The security perimeter is eroding and our information is expanding into other networks, making it a challenge to protect and secure.
This will be a discussion of practical changes that can be made to the current SOC model to improve visibility into the threats and risks for an organization.
We will address issues such as: devices and data outside the perimeter, services and data within cloud hosting, non-compliant users and more.
Attendees of this presentation will leave with realistic options that can be implemented quickly to improve their personal or professional security monitoring and detection platforms.
Presenters:
-
Josh Pyorre
Josh is a security researcher with OpenDNS. Previously, he worked as a threat analyst with NASA, where he was part of the team to initially help build out the Security Operations Center. He has also done some time at Mandiant.
His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible.
Recent presentations include:
Defcon (Las Vegas), Derbycon (Kentucky), DeepSec (Vienna, Austria), NASA, Source (Boston, Seattle), BSides (Los Angeles, San Francisco, Chicago, Austin)
Podcasts:
http://securityweekly.com/2015/09/21/security-weekly-435-interview-with-josh-pyorre/
Writing:
https://labs.opendns.com/2015/07/01/which-providers-have-the-most-phishing-content/
https://labs.opendns.com/2015/02/11/paypal-phishing-sophistication-growing/
https://labs.opendns.com/2015/01/30/anatomy-facebook-phishing-campaign/
Links:
Similar Presentations: