Fall Cyber Solutions Fest 2024: Detection & Response Track

For people who don’t work in a SOC, or in cybersecurity at all, the image of a cybersecurity operations center is that of an all-seeing, all-knowing marvel of technology. For those of us who work in a SOC, we know the technology requires constant care and maintenance to preserve visibility into the systems we’re protecting. If we can preserve that visibility, we then strive to deploy appropriate and effective detections. Once we’ve tuned those detections due to excessive false positives, we flexibly adjust them based on changing data. We also tune them to attempt to keep up with adaptive threats. If we can manage to preserve visibility, and implement good detections, we can start to hunt in the various troves of data for undetected threats. As we’re hunting in the disparate data sources, we pursue the objective of fusion of information into that all-seeing, all-knowing marvel.

Wherever you are on this journey from wizard behind the curtain to fully-integrated multi-cloud, machine learning, optimized security operations; you can learn something from your vendors and peers in this SANS Cyber Solutions Fest SOC track.