Security Operations Summit

Security Operations Summit

December 6, 2022

In order to defend against today’s agile threat actors, efficient and effective Security Operations (SecOps) is essential. SecurityWeek’s Security Operations Summit will help address common security operations challenges and demonstrate how efficient workflow and collaboration can lead to improved decision making throughout the threat detection, analysis and incident response processes.

Register for Virtual Events

2021 Diamond Sponsor


2021 Platinum Sponsor

Recorded Future

2021 Gold Sponsors

Abnormal Security


Attendees can immerse themselves in a virtual environment to discuss the latest security operations trends and challenges, and gain insights into strategies that can maximize the efficiency of enterprise security operations centers (SOCs) . Through a cutting-edge platform, attendees can interact with speakers and sponsors, and visit networking lounges, specific zones & sponsor booths.

In this exclusive SecurityWeek virtual event, defenders from the trenches will share use cases, best practices, insights for adopting tools and processes, and war stories from the SOC to help make security operations centers more effective and efficient.

Topics for the summit will include:

• Modernizing the Security Operations Center (SOC)
• Managing Complexity and Reducing Attack Surface u Establishing Resilient Incident Response Plans
• Addressing the Cyber Skills Gap with Machine Learning and Artificial Intelligence
• Detection and Incident Response Use Cases
• OODA (Observe, Orient, Decide and Act) Loops for Security Teams
• Threat Intelligence and Supply Chain Considerations u Optimizing Scarce Resources and Managing
• Workflow to Detect and Respond to Threats Faster
• Improving defenses using threat intelligence and information sharing
• Evaluating and Leveraging Solutions for Security Orchestration, Automation and Response (SOAR), Security Operations and Analytics Platform Architecture (SOAPA), Extended Detection and Response (XDR), and Other
• Managing Product Bake-offs, PoCs and Demos

Most people believe that the SOC is on the front lines, defending the castles against the forces of darkness. And while that’s true, it’s never quite as heroic as we’d like it to be. In fact, most of our time is spent looking for needles in a haystack–trying to determine which emails are real phishing attacks, and which ones are spam.

In this presentation, Mick Leach, Security Operations Manager at Abnormal Security, will discuss why email attacks are increasing at an alarming rate, and why the solutions meant to solve that challenge often only increase the burden on the Security Operations team. Attend this talk to learn:

• Why secure email gateways and other log correlation tools are making it more difficult for SOC teams to do their work
• How security awareness training can cause more harm than good
• Which tools Mick uses to help his team keep the organization safe and stay sane
• How Abnormal Security uses the Abnormal platform to stop the most dangerous threats

With full insight into how Mick and his team stopped a $900,000 fraudulent wire transfer, this is a presentation you won’t want to miss.

In this keynote address, Jessica will explore with you what organizations should look for when evaluating a security platform, and why an open platform is so important.

Organizations love acronyms. Designed to communicate function faster, sometimes they devolve into another box on a checklist. When this occurs, the original purpose often gets lost. AV, NGFW, IPS, SIEM, SOAR, TIP, EDR, NDR, XDR, SOVP…we feel compelled to have all of them our SOC, but does that make us more secure? Especially if an acronym becomes yet another pane of glass and data silo.

Perhaps a better way is to focus on the outcomes we need to achieve: Combine detection from multiple sources, combine threat intelligence from multiple sources, combine response capability across multiple products, manage vulnerabilities, correlate inventory, include orchestration and automation capabilities, and have this all built into your existing tool set.

It is time for organizations rethink their security strategy, to take a more simplified, platform and architecture-based approach; versus the acronym and point-product trap, within which we too often find our Security Operations.

Security Intelligence is the most powerful tool we have for fighting both cyber and physical threats to our organizations. Intelligence is the key to unlocking the potential of security programs and reducing risk. Learn how the right intelligence, in the hands of the right people, at the right time, stops attackers in their tracks. Charity Wright, a former NSA Linguist and current Threat Intelligence Analyst at Recorded Future will summarize the top use cases for Security Intelligence, describe the difference between mere information and solid intelligence, and get you on the right track to implementing an intelligence program in your organization.

Organizations large and small typically consolidate detection and response functions into a Security Operations Center (SOC). For years, it made sense and allowed us to scale but, as we compiled data over the last decade, it has caused many to start looking for more efficient ways to achieve desired outcomes.

In this presentation, Sprinklr detection and response director Erik Bloch will make the case for the industry to say goodbye to the SOC once and for all, and embrace a Distributed Incident Response (D-IR) model.

Bloch’s presentation will cover the shortcomings of the modern SOC, the process and tools required for the proposed D-IR model, and how this new way of thinking makes security a team sport in every organization.

Speaker: Erik Bloch, Senior Director, Detection & Response, Sprinklr

Security professionals face more change, more alerts, and more attacks than ever before. They’re tasked with protecting increasingly complex environments from a multiplying range of threats, each and every day.

While automation is a powerful tool for staying ahead of increased complexity - for security teams, automation has been largely limited to the world of Security Orchestration, Automation, and Response (SOAR) platforms. This has limited the usefulness of automation to many security professionals and created a world where many teams are stuck between repetitive daily tasks and reacting to alerts.

In this session, Torq Field CTO Marco Garcia will share how to design and implement a modern security automation practice. He’ll highlight where SOAR platforms succeed - and where they fall short, and discuss how to bring powerful automation into the hands of every member of a security team. Attendees will learn how to start with automation at any size - and how to iteratively build out a security automation practice that reduces risks, saves time, and helps them stay ahead of threats.

Evolving Threat Hunting to Adversary Hunting: Using Dark Web and Closed Sources to Understand the Motivation, Social Network and Next Action of an Adversary

The threat hunting practice has helped security teams detect and reduce dwell time of stealth threats. But most hunting expeditions focus on threats - leaving the adversary free to launch another set of attacks with different tactics. We need to evolve threat hunting into a hunt for the adversary. The deep and dark web, and other closed sources, provide valuable insights into the motivations and activities of threat actors. Over the course of this session, we will understand the motivation behind the actions of these actors, their social networks, and how to anticipate their next steps.

Cisco is an official NOC partner for the global Black Hat conferences held yearly in the US, Europe, and Asia. That means that several Cisco technologies are implemented and staffed onsite to protect both conference devices used for registration and lead capture, and the attendee networks.

This session will outline how Cisco security technologies were integrated with other partner technologies, and the ways in which they supported both managed and unmanaged assets during Black Hat USA 2021 (in Las Vegas) and Black Hat Europe 2021 (in London).

Attendees will also hear overviews of specific incidents that happened during the conferences from Christian Clasen, Cisco Technical Leader who participated in the investigations.

Join this session to see Recorded Future's SecOps Intelligence module in action and learn how to:

• Integrate unprecedented, real-time security intelligence into your SIEM or SOAR to enhance your existing workflows
• Use the broadest set of external data sources available anywhere to rapidly contextualize alerts, speed triage, and accelerate prioritization
• View risk lists on IPs, domains, hashes, and malware to enable fast threat detection and response

Event Details
  • Days
  • Start Date
    December 6, 2022 11:00 am


  • End Date
    December 6, 2022 4:00 pm