Security Operations team struggle to quickly prioritize their alert queues to find true positives and rapidly respond to minimize damage. Quickly finding the alerts that represent real attacks presenting the most risk, is key to reducing business disruption as attack surface increases with cloud and mobile, and alert surface increases with new tools like EDR. This session will demonstrate a practical approach to accelerate this process through thoughtful automation and risk scoring using a user-submitted phishing email use case. Attendees will see how the attack dwell time can be compressed using a Security Automation & Orchestration platform, that leverages the existing security stack and SOC tribal knowledge.
John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and voice systems “and the occasional ballistic armor installation.” John has testified before Congress about cyber security, was named one of the 15 most-influential people in security in 2008 and remains an NSA-certified cryptologic engineer.
JP Bourget, Founder and Chief Security Officer of Syncurity, has more than 10 years of experience in cybersecurity. With a passion to bring solutions to cyber security teams that saves time and makes life easier, JP works with Syncurity’s customers and market influencers to drive adoption of the company’s flagship IR-Flow platform. Prior to co-founding Syncurity, JP was a Network Security Manager at a $200 million global manufacturing company, where he redesigned the enterprise network, systems and security architecture from the ground up to better align with business needs and uptime requirements. He also previously served as an adjunct professor at Rochester Institute of Technology, teaching undergraduate classes in Network Security and Forensics. JP has a MS in Computer Security and Information Assurance and a BS in Information Technology from Rochester Institute of Technology and also has a bunch of those alphabetical things called Certs.