I was invited to give a vendor sponsored talk at Blackhat USA 2017 on how to use agile methods to improve and extend the capabilities of a SOC (Security Operations Center).
This document discusses key concepts in identity and access management including:
- Objects, subjects, access control, identification, authentication, and authorization are the core components.
- Identification provides uniqueness, authentication provides validity, and authorization provides access control.
- Multi-factor authentication using something you know, have, and are is most secure.
- Directories, like LDAP, centrally manage digital identities and attributes to streamline access management.
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
This document discusses building a cyber security operations center (CSOC). It covers the need for a CSOC, its core components including security information and event management (SIEM), and integrating components like monitoring, alerting, and reporting. Key aspects that are important for a successful CSOC are people, processes, and technology. The roles and skills required for people in the CSOC and training needs are outlined. Developing standardized processes, procedures and workflows that align with frameworks like ISO are also discussed.
The document discusses building a security operations center (SOC) and provides information on why an organization would build a SOC, how to establish the necessary skills and processes, and technology solutions like HP ArcSight that can be used. It describes how HP consultants have experience building SOCs for major companies and can help customers establish an effective SOC to monitor for security events, ensure compliance, and protect the organization. It provides details on how to structure a SOC, including defining roles and processes, implementing a security information and event management (SIEM) system, and establishing performance metrics to improve over time.
ServiceNow Governance, Risk, and Compliance Jade Global
ServiceNow Governance, Risk, and Compliance (GRC) helps transform inefficient processes across your extended enterprise into an integrated risk program
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
The Next Generation of Security Operations Centre (SOC)PECB
The document discusses the key aspects of building a next generation Security Operations Centre (SOC). It emphasizes that skilled people, well-defined processes, and integrating new technologies are critical. Specifically, it recommends adopting automation and analytics to analyze large datasets, integrating threat intelligence from multiple sources, and establishing red and blue teams to continuously test defenses. The goal of a next generation SOC is to use predictive analysis of vast security data to improve threat detection, response, and the overall security posture of an organization.
This document discusses key concepts in identity and access management including:
- Objects, subjects, access control, identification, authentication, and authorization are the core components.
- Identification provides uniqueness, authentication provides validity, and authorization provides access control.
- Multi-factor authentication using something you know, have, and are is most secure.
- Directories, like LDAP, centrally manage digital identities and attributes to streamline access management.
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
This document discusses building a cyber security operations center (CSOC). It covers the need for a CSOC, its core components including security information and event management (SIEM), and integrating components like monitoring, alerting, and reporting. Key aspects that are important for a successful CSOC are people, processes, and technology. The roles and skills required for people in the CSOC and training needs are outlined. Developing standardized processes, procedures and workflows that align with frameworks like ISO are also discussed.
The document discusses building a security operations center (SOC) and provides information on why an organization would build a SOC, how to establish the necessary skills and processes, and technology solutions like HP ArcSight that can be used. It describes how HP consultants have experience building SOCs for major companies and can help customers establish an effective SOC to monitor for security events, ensure compliance, and protect the organization. It provides details on how to structure a SOC, including defining roles and processes, implementing a security information and event management (SIEM) system, and establishing performance metrics to improve over time.
ServiceNow Governance, Risk, and Compliance Jade Global
ServiceNow Governance, Risk, and Compliance (GRC) helps transform inefficient processes across your extended enterprise into an integrated risk program
Meet the Ghost of SecOps Future by Anton ChuvakinAnton Chuvakin
Meet the Ghost of SecOps Future by Anton Chuvakin
Meet the Ghost of SecOps Future
Today’s SOC has an increasingly difficult job protecting growing and expanding organizations. The landscape is changing and the SOC needs to change with the times or risk falling behind the evolution of business, IT, and threats.
But you have choices! Your future fate is not set in stone and can be changed: some optimize what they have without drastic upheaval, while others choose to truly transform their detection and response.
Join us as we show you a vision of what the SOC will look like in the near future and how to choose the best course of action today.
Originally aired at https://cloudonair.withgoogle.com/events/2023-dec-security-talks
Video https://youtu.be/KbQbuFAPY2c?si=0llv1v_CkVtvsyms
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
The Next Generation of Security Operations Centre (SOC)PECB
The document discusses the key aspects of building a next generation Security Operations Centre (SOC). It emphasizes that skilled people, well-defined processes, and integrating new technologies are critical. Specifically, it recommends adopting automation and analytics to analyze large datasets, integrating threat intelligence from multiple sources, and establishing red and blue teams to continuously test defenses. The goal of a next generation SOC is to use predictive analysis of vast security data to improve threat detection, response, and the overall security posture of an organization.
Check Point is a cyber security company founded in 1993 that has adapted to meet customers' needs over the years. It offers a comprehensive portfolio of security products including threat prevention appliances, endpoint security, mobile security, network protection, security management, and public/private cloud solutions. Check Point aims to provide holistic security services and sees security as an integral part of business processes.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Building Business Service Intelligence with ITSISplunk
This document provides an overview of a presentation on Splunk IT Service Intelligence (ITSI). It discusses setting up the ITSI sandbox, the agenda which includes introductions, Splunk fundamentals, what ITSI is, and a hands-on session. It also covers service modeling best practices like starting with a problem, bringing together subject matter experts, and designing the service model before configuring. Additionally, it demonstrates how to configure a new KPI for database network utilization within the ITSI interface in about 5 minutes.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
The document discusses a CISO workshop agenda to modernize a security strategy and program. It includes:
- An overview of who should attend, such as the CISO, CIO, security directors, and business leaders.
- The agenda covers key context and fundamentals, business alignment, and security disciplines.
- Exercises are included to assess maturity, discuss recommendations, and assign next steps.
- Modules will provide guidance on initiatives like secure identities and access, security operations, and data security.
Strategy considerations for building a security operations centerCMR WORLD TECH
This document discusses considerations for building a security operations center (SOC) to better manage security threats. It describes the evolving threat landscape and increasing attacks faced by organizations. An enterprise SOC provides centralized monitoring, investigation of incidents, and reporting to improve protection of critical data assets. It assesses existing security capabilities, outlines five essential SOC functions, and discusses capacity management and moving forward with development. Consulting partners can assist with strategy and implementation of an enterprise SOC.
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
An introduction to SOC (Security Operation Center)Ahmad Haghighi
The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.
Effective Security Operation Center - present by Reza AdinehReZa AdineH
The document discusses how to effectively manage a cyber security operations center (SOC). It addresses questions about how to assess the effectiveness and maturity of a SOC, ensure sufficient threat detection capabilities through proper sensors and data collection, and utilize threat intelligence and data enrichment. The document also provides steps to implement threat management, incident response processes, and leverage machine learning and user entity behavior analytics to detect anomalous user behavior and insider threats.
Rothke secure360 building a security operations center (soc)Ben Rothke
Building a Security Operations Center (SOC) requires extensive planning and consideration of various organizational and technical factors. A SOC provides continuous monitoring, detection, and response capabilities to protect against cyber threats. It is important to determine whether to build an internal SOC or outsource these functions. Proper staffing, processes, metrics, and management are critical for SOC success.
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
The document discusses the need for a balanced approach to endpoint security that includes both prevention and detection. It argues that relying solely on prevention is not sufficient, as attacks will always get through, requiring detection capabilities to identify breaches. Likewise, detection alone is insufficient, as preventing attacks upfront reduces workload. The document outlines the key components needed to properly unify next-generation antivirus and endpoint detection and response, including complete visibility of endpoint activity, large-scale analysis capacity, and the ability to derive insights and indicators of attack from collected data. An integrated approach is advocated that allows prevention and detection to strengthen one another.
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk
This document provides an overview and tips for optimizing searches in Splunk. It discusses how to scope searches more narrowly through techniques like limiting the time range and including specific indexes, sourcetypes, and fields. This helps reduce the amount of data that needs to be scanned to find search results. The document also recommends using inclusionary search terms rather than exclusionary ones when possible to improve performance. Additional optimization strategies covered include using smarter search modes and defining fields on segmented boundaries.
Achieving GRC Excellence White Paper.pdfinfosecTrain
This comprehensive PDF outlines the journey to a successful career in Governance, Risk, and Compliance (GRC). Explore the key components of GRC, such as regulatory compliance, risk management, and corporate governance. Learn how to build the necessary skills, gain experience, and acquire relevant certifications to excel in this dynamic field. This roadmap equips individuals with the knowledge and strategies to achieve excellence in GRC roles.
Free GRC Archer Masterclass - https://www.infosectrain.com/events/grc-archer-masterclass/
This document provides an overview of governance of security operations centers. It discusses the impact of disruptive technologies on organizations and the need for security operations centers to manage security risks. It covers designing an effective SOC including defining threats, processes, technology and acquiring a SOC. Operating a SOC includes defining expectations, baselining normal activity, using threat intelligence and handling incidents. Qualities of analysts and measuring SOC success are also discussed. Sustainable SOC governance principles like investing in people and emphasizing teamwork are presented.
There are three main components of security assessment and testing: security tests, security assessments, and security audits. Security tests verify controls are functioning properly through automated and manual tests. Security assessments perform comprehensive reviews of systems and networks to identify risks and recommend mitigations. Security audits systematically evaluate controls to demonstrate effectiveness to third parties. Other topics covered include penetration testing, vulnerability assessments, code reviews, logging, and different testing methods.
The document discusses adopting an Agile approach to security operations. It describes Agile as an iterative software development methodology based on principles of collaboration and adaptation. Two common Agile frameworks are then explained - Scrum, which uses sprints, daily standups and retrospectives; and Kanban, which focuses on visualizing and limiting work in progress. Challenges of shifting to Agile are noted, such as cultural changes and maintaining business as usual, but benefits include improved workflow, predictability and resilience to change. Resources for implementing Agile using tools like Jira are also provided.
'Stakeholder Engagement Shortcuts': Ilan Goldstein @ Colombo Agile Conference...ColomboCampsCommunity
Change is difficult, and the reality is that in many organisations, an agile adoption means considerable change. Kickstarting a new initiative such as Scrum requires support from your senior stakeholders. This presentation outlines some powerful shortcuts to help engage with your stakeholder community to ensure that Scrum is given the best opportunity to flourish!
Check Point is a cyber security company founded in 1993 that has adapted to meet customers' needs over the years. It offers a comprehensive portfolio of security products including threat prevention appliances, endpoint security, mobile security, network protection, security management, and public/private cloud solutions. Check Point aims to provide holistic security services and sees security as an integral part of business processes.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Building Business Service Intelligence with ITSISplunk
This document provides an overview of a presentation on Splunk IT Service Intelligence (ITSI). It discusses setting up the ITSI sandbox, the agenda which includes introductions, Splunk fundamentals, what ITSI is, and a hands-on session. It also covers service modeling best practices like starting with a problem, bringing together subject matter experts, and designing the service model before configuring. Additionally, it demonstrates how to configure a new KPI for database network utilization within the ITSI interface in about 5 minutes.
Building a Next-Generation Security Operations Center (SOC)Sqrrl
So, you need to build a Security Operations Center (SOC)? What does that mean? What does the modern SOC need to do? Learn from Dr. Terry Brugger, who has been doing information security work for over 15 years, including building out a SOC for a large Federal agency and consulting for numerous large enterprises on their security operations.
Watch the presentation with audio here: http://info.sqrrl.com/sqrrl-october-webinar-next-generation-soc
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
The document discusses a CISO workshop agenda to modernize a security strategy and program. It includes:
- An overview of who should attend, such as the CISO, CIO, security directors, and business leaders.
- The agenda covers key context and fundamentals, business alignment, and security disciplines.
- Exercises are included to assess maturity, discuss recommendations, and assign next steps.
- Modules will provide guidance on initiatives like secure identities and access, security operations, and data security.
Strategy considerations for building a security operations centerCMR WORLD TECH
This document discusses considerations for building a security operations center (SOC) to better manage security threats. It describes the evolving threat landscape and increasing attacks faced by organizations. An enterprise SOC provides centralized monitoring, investigation of incidents, and reporting to improve protection of critical data assets. It assesses existing security capabilities, outlines five essential SOC functions, and discusses capacity management and moving forward with development. Consulting partners can assist with strategy and implementation of an enterprise SOC.
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
An introduction to SOC (Security Operation Center)Ahmad Haghighi
The document discusses building a security operations center (SOC). It defines a SOC as a centralized unit that deals with security issues on an organizational and technical level. It monitors, assesses, and defends enterprise information systems. The document discusses whether to build an internal SOC or outsource it. It also covers SOC technologies, personnel requirements, and the five generations of SOCs. It provides resources for learning more about designing and maturing a SOC.
Effective Security Operation Center - present by Reza AdinehReZa AdineH
The document discusses how to effectively manage a cyber security operations center (SOC). It addresses questions about how to assess the effectiveness and maturity of a SOC, ensure sufficient threat detection capabilities through proper sensors and data collection, and utilize threat intelligence and data enrichment. The document also provides steps to implement threat management, incident response processes, and leverage machine learning and user entity behavior analytics to detect anomalous user behavior and insider threats.
Rothke secure360 building a security operations center (soc)Ben Rothke
Building a Security Operations Center (SOC) requires extensive planning and consideration of various organizational and technical factors. A SOC provides continuous monitoring, detection, and response capabilities to protect against cyber threats. It is important to determine whether to build an internal SOC or outsource these functions. Proper staffing, processes, metrics, and management are critical for SOC success.
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
The document discusses the need for a balanced approach to endpoint security that includes both prevention and detection. It argues that relying solely on prevention is not sufficient, as attacks will always get through, requiring detection capabilities to identify breaches. Likewise, detection alone is insufficient, as preventing attacks upfront reduces workload. The document outlines the key components needed to properly unify next-generation antivirus and endpoint detection and response, including complete visibility of endpoint activity, large-scale analysis capacity, and the ability to derive insights and indicators of attack from collected data. An integrated approach is advocated that allows prevention and detection to strengthen one another.
Presented at the DEFCON27 Red Team Offensive Village on 8/10/19.
From the dawn of technology, adversaries have been present. They have ranged from criminal actors and curious children to - more modernly - nation states and organized crime. As an industry, we started to see value in emulating bad actors and thus the penetration test was born. As time passes, these engagements become less about assessing the true security of the target organization and more about emulating other penetration testers. Furthermore, these tests have evolved into a compliance staple that results in little improvement and increasingly worse emulation of bad actors.
In this presentation, we will provide a framework complementary to the Penetration Testing Execution Standard (PTES). This complementary work, the Red Team Framework (RTF), focuses on the objectives and scoping of adversarial emulation with increased focus on the perspective of the business, their threat models, and business models. The RTF borrows part of the PTES, adding emphasis on detection capabilities as well as purple team engagements. We believe this approach will better assist organizations and their defensive assets in understanding threats and building relevant detections.
SplunkSummit 2015 - A Quick Guide to Search OptimizationSplunk
This document provides an overview and tips for optimizing searches in Splunk. It discusses how to scope searches more narrowly through techniques like limiting the time range and including specific indexes, sourcetypes, and fields. This helps reduce the amount of data that needs to be scanned to find search results. The document also recommends using inclusionary search terms rather than exclusionary ones when possible to improve performance. Additional optimization strategies covered include using smarter search modes and defining fields on segmented boundaries.
Achieving GRC Excellence White Paper.pdfinfosecTrain
This comprehensive PDF outlines the journey to a successful career in Governance, Risk, and Compliance (GRC). Explore the key components of GRC, such as regulatory compliance, risk management, and corporate governance. Learn how to build the necessary skills, gain experience, and acquire relevant certifications to excel in this dynamic field. This roadmap equips individuals with the knowledge and strategies to achieve excellence in GRC roles.
Free GRC Archer Masterclass - https://www.infosectrain.com/events/grc-archer-masterclass/
This document provides an overview of governance of security operations centers. It discusses the impact of disruptive technologies on organizations and the need for security operations centers to manage security risks. It covers designing an effective SOC including defining threats, processes, technology and acquiring a SOC. Operating a SOC includes defining expectations, baselining normal activity, using threat intelligence and handling incidents. Qualities of analysts and measuring SOC success are also discussed. Sustainable SOC governance principles like investing in people and emphasizing teamwork are presented.
There are three main components of security assessment and testing: security tests, security assessments, and security audits. Security tests verify controls are functioning properly through automated and manual tests. Security assessments perform comprehensive reviews of systems and networks to identify risks and recommend mitigations. Security audits systematically evaluate controls to demonstrate effectiveness to third parties. Other topics covered include penetration testing, vulnerability assessments, code reviews, logging, and different testing methods.
The document discusses adopting an Agile approach to security operations. It describes Agile as an iterative software development methodology based on principles of collaboration and adaptation. Two common Agile frameworks are then explained - Scrum, which uses sprints, daily standups and retrospectives; and Kanban, which focuses on visualizing and limiting work in progress. Challenges of shifting to Agile are noted, such as cultural changes and maintaining business as usual, but benefits include improved workflow, predictability and resilience to change. Resources for implementing Agile using tools like Jira are also provided.
'Stakeholder Engagement Shortcuts': Ilan Goldstein @ Colombo Agile Conference...ColomboCampsCommunity
Change is difficult, and the reality is that in many organisations, an agile adoption means considerable change. Kickstarting a new initiative such as Scrum requires support from your senior stakeholders. This presentation outlines some powerful shortcuts to help engage with your stakeholder community to ensure that Scrum is given the best opportunity to flourish!
This document provides an overview of Scrum fundamentals including its values, principles, pillars, ceremonies, artifacts, and processes. It also introduces Large Scale Scrum (LeSS), which applies Scrum principles across larger organizations. The key Scrum ceremonies are Sprint Planning, Daily Standup, Sprint Review, and Sprint Retrospective. The main Scrum artifacts are the Product Backlog, Sprint Backlog, and shippable product increment. LeSS utilizes similar ceremonies but includes representatives from multiple teams to coordinate work across the entire system.
Choosing the right agile approach for your organizationInCycle Software
This document provides an overview of different Agile methodologies including Scrum, Kanban, and Scrumban. It discusses the benefits and processes of each approach and provides guidance on how to choose the right methodology based on factors like organizational culture, project types, and team skills. Tools like Team Foundation Server are presented as a way to support Agile planning and tracking across teams.
Feedbacks about implementation of agility at scale and DEVOPS in big companies: pros/cons, challenges and impacts.
More feedbacks on our blog: https://www.technologies-ebusiness.com/enjeux-et-tendances/safe-agilite-a-lechelle-devops-transformation-necessaire
This document provides an introduction to Agile development and Scrum methodology. It discusses that Agile focuses on iterative development with collaboration between cross-functional teams. Scrum is an Agile methodology that uses sprints, daily stand-ups, backlogs and emphasizes self-organizing teams. A Scrum team works in sprints to develop working software increments based on prioritized backlog items.
The document discusses key concepts in Agile development including Scrum framework. It compares traditional waterfall model with Agile approach. Some key Scrum concepts covered are roles, events, artifacts, empirical process control, transparency, self-organizing teams. It provides details on events like daily scrum, sprint planning and retrospective. Artifacts discussed are product backlog, sprint backlog and definition of done. Traditional vs Agile success rates are also shared.
- The client wants to build a new website and has a $100k budget and 12 month deadline
- The team will use an Agile methodology called Scrum to manage the project incrementally using short sprints
- Scrum uses cross-functional teams, prioritized backlogs, daily stand-ups, sprints, reviews and retrospectives to iteratively deliver working software
- Key roles include the Product Owner who prioritizes features, the Development Team who build the increments, and the ScrumMaster who facilitates the process
This document provides a brief introduction to several agile frameworks and practices, including Scrum, XP, Lean, and Kanban. Scrum is a framework that uses sprints, daily scrums, and retrospectives. XP focuses on programming practices like test-driven development and pair programming. Lean is a mindset aimed at eliminating waste. Kanban uses a board to visualize work and limit work-in-progress to improve flow. Each approach emphasizes values like customer collaboration, responding to change, and delivering working software frequently.
Vidas Vasiliauskas. Scrumban - mixing agile and lean for product manufacture ...Agile Lietuva
This document discusses Scrum-ban, which mixes agile and lean principles. Scrum-ban aims for minimum delivery time and fully loaded teams. It is event-driven and empowers team roles with lean principles. The document provides an overview of Scrum-ban practices like planning on demand, using a task board to visualize work, and emphasizing continuous delivery through techniques like limiting work-in-progress and focusing on cycle time.
The document provides an overview of the Scrum framework for agile software development. It describes the roles of the product owner, scrum development team, and scrum master. It also outlines the key artifacts in Scrum including the product and sprint backlogs, sprint burndown charts, and release burndown charts. It notes some limitations of Scrum, stating that products requiring large regression or safety testing per release are less suited for short sprints, and that global teams are less ideal than co-located teams with close interaction.
This document provides an introduction to agile methods. It begins with an overview of traditional waterfall project management and its low average success rate of 33%. It then discusses the agile manifesto which values individuals, collaboration, responding to change, and working software over comprehensive documentation and following a plan. Specific agile frameworks like Scrum and Kanban are covered. The document concludes with examples of scaling agile to large organizations.
This document provides an introduction to Agile and Scrum methodologies. It begins with an overview of the presenter and their experience. It then contrasts the traditional waterfall approach with Agile, noting that Agile values individuals, collaboration, working software and responding to change. The Agile manifesto principles are outlined. Scrum is introduced as an Agile framework, describing its roles, ceremonies and artifacts like sprints and product backlogs. Key Scrum concepts like user stories, estimation, and definitions of done are defined. The document concludes by noting that simply doing Agile iterations is not enough and that teams must embrace Agile values like collaboration and continual improvement.
Михайло Кравець “Використання Agile методології в AAA розробці ігор” GameDev ...Lviv Startup Club
The document discusses the use of Agile methodologies in AAA game development. It provides an overview of Agile principles and Scrum framework, including roles, ceremonies and artifacts. While some aspects of Scrum like cross-functional teams and customer collaboration do not directly apply to embedded game development teams, the speaker argues that an iterative approach, daily stand-ups, sprint planning and retrospectives can still benefit teams. The document cautions against adopting Agile practices without understanding how they apply specifically to one's environment or "cult-like" following.
Learn more about the most popular Agile framework - Scrum. This training should be paired with the pre-training learning materials in Trello. Learn more about the Scrum artifacts (product backlog, sprint backlog, etc.), Scrum roles (Scrum Master, Product Owner, and the team), and the Sprint.
Product Owner in Agile/Scrum is the single person responsible for maximizing the return on investment (ROI) of the development effort
Responsible for product vision
Constantly re-prioritizes the Product Backlog, adjusting any long-term expectations such as release plans
Final arbiter of requirements questions
Decides whether to release
Decides whether to continue the development
Considers stakeholder interests
May contribute as a team member
Has a leadership role
Must be available to the Team at any time
When Management Asks You: “Do You Accept Agile as Your Lord and Savior?"admford
So you’ve been told that your organization is going to implement Agile methodologies across ALL of IT, and not just in development. And you’ve been given the responsibility to implement it in Security Operations, and without a clear plan or measurable objectives other than “make the team more efficient”. While one can complain that someone in the C-Suite heard of the book “Scrum: The Art of Doing Twice the Work in Half the Time”, you still have a job to do. So the basics of Project Management, Agile, Scrum & Kanban are covered and how one can shoehorn these concepts into working in an operations context. Oh, and there will also be some finagling of where DevOps stands regarding Agile and Operations.
The document discusses challenges that software development teams face after initially releasing their product and entering the maintenance phase. It argues that traditional agile methods like Scrum are not well-suited for this post-release phase due to varying work items, sizes, priorities and unpredictability. The document then introduces Kanban as an alternative approach that can help teams address these post-release challenges through principles like visualizing and limiting work-in-progress to manage flow and continuously improve. It provides an overview of the Kanban method and how teams can get started with its implementation.
This document provides an overview and introduction to Agile and Scrum concepts. It discusses what Agile is and its values and principles like test-driven development. It also describes Scrum roles like Product Owner and Scrum Master, events like the daily scrum and sprint planning, and artifacts like the product backlog. The document summarizes Scrum practices for requirements gathering, estimation, the definition of done, backlog refinement, and retrospectives. It also briefly touches on topics like cross-functional teams, team formation models, and conditions for high performing teams.
Similar to Scrum in Your SOC @Blackhat USA 2017 (20)
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Scrum in Your SOC @Blackhat USA 2017
1. Scrum in Your SOC
Get the most from your security team
2. AGENDA
✓ Who We Are
✓ What is it & Why
✓ Core Principles / Elements
✓ Why Change
✓ Real World Examples
✓ Challenges
3. About us
Justin Erdman
Security Engineer @ Cybereason
Unapologetic Blue Teamer
justin.erdman@cybereason.com
@elorionsec
Chris Bush
VP Security Services @ Cybereason
chris.bush@cybereason.com
4. AGILE…HUH?
✓ Set of principles for software development under which requirements
and solutions evolve through the collaborative effort of self-organizing
cross-functional teams
✓ Advocates adaptive planning, evolutionary development, early delivery,
and continuous improvement, and it encourages rapid and flexible
response to change
5. THE SKINNY
Responding to change Following a plan
Rapid iterations Big-Bang campaigns
Testing & data VS Opinions & conventions
Many small experiments A few large bets
Individuals & interactions One size fits all
Collaboration Silos & hierarchies
8. SCRUM!
✓ Iterative & incremental process for structuring work
✓ Leverages commitment as change agent
✓ Face-to-face communication / close online collaboration
✓ Gamification of work
9. SCRUM-PTIOUS
✓ Small team spending a short time building small things
✓ Time boxed & cross-functional teams
✓ Prioritized product backlog
✓ Three roles - product owner, scrummaster, & team
✓ Team velocity based
✓ No new items mid-sprint
✓ Scrum board reset every iteration
✓ Work only on those items that fit into the iteration
✓ Daily stand-ups
11. THE QUICK & DIRTY ON SCRUM
✓ Product owner creates a prioritized list
✓ team selects top item(s) from backlog
✓ Sprint (2-4 weeks) — team meets each day to assess progress
✓ Scrummaster keeps the team focused
✓ Hand work to customer / show to a stakeholder
✓ Sprint review & retrospective
✓ Rinse & repeat
14. KANBAN!
✓ Based on 3 basic principles
▪ Visualize what you do today (workflow)
▪ Limit the amount of work in progress (WIP)
▪ Increased tempo
✓ Plan – Do – Study – Adapt (PDSA) approach
15. YOU CAN KANBAN
✓ Work split into pieces
✓ Limited in progress items for a specific workflow
✓ Not timed boxed
✓ No prescribed roles
✓ New items can be added anytime within the pre-decided limit
✓ Board not reset & can be changed by anyone on team
✓ Story points & velocity not used
✓ No prescribed product backlog
✓ Daily stand-ups common
17. SCRUMBAN = SCRUM + KANBAN
✓ Transitional method to move from Scrum to Kanban
✓ Prescriptive work method of Scrum to be Agile
✓ Process improvement of Kanban
21. Change…Why?
✓ Better organization of process improvements
✓ Prioritization of high impact items
✓ Increased work throughput & (some) predictability
✓ Easier to track planned & handle unplanned work
✓ Better resilience to changes
✓ Minimized planning & coordination
✓ Greater ability to gauge growth over time
27. Challenges & Setbacks
✓ Moving to Scrum calls for a culture shift
✓ Establishing a groove – training is necessary
✓ Makes it difficult not to be a team player
✓ Breaking down classic silos
✓ Accountability
✓ Distraction from BAU – Discipline!