Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Incident Response & SIEM at RSA Conference 2016.
RSA Conference held its 25th annual event at the Moscone Center in San Francisco and brought together a record number of more than 40,000 attendees. Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars along with networking and social activities including the RSAC Codebreakers bash at AT&T Park featuring Sheryl Crow, Walk off the Earth and Tony Hawk. Keynotes, sessions and debates focused on the Internet of Things, industrial control systems, encryption, artificial intelligence and machine learning, crowdsourcing, healthcare, automotive, and more, with many reflecting current industry news. (Source: RSA Conference USA 2016)
1) The Incident Response Playbook for Android and iOS
Speaker: Andrew Hoog ( @ahoog42 )
What is your mobile device incident response plan? If you cannot answer that question, you should attend this session. The session will cover the challenges in mobile, how and why it is different from traditional incident response, and the building blocks you can use to craft your own mobile incident response plan.
2) Demystifying Security Analytics: Data, Methods, Use Cases
Speaker: Anton Chuvakin ( @anton_chuvakin )
Many vendors sell “security analytics” tools. Also, some organizations built their own security analytics toolsets and capabilities using Big Data technologies and approaches. How do you find the right approach for your organization and benefit from this analytics boom? How to start your security analytics project and how to mature the capabilities?
image courtesy: https://www.flickr.com/photos/123943225@N07/14380659947
3) The Rise of the Purple Team
Speaker: Robert Wood ( @robertwood50 ), William Bengtson ( @waggie2009 )
As attacker tactics, techniques and procedures evolve, so must the defenses and strategy used to defend against them. Traditional red teaming presents an opportunity to find gaps in security, but leaves more valuable information unabsorbed. Results and methodologies used in red team assessments can drive protections in place use by blue teams and a larger program and vice versa.
image courtesy: https://www.flickr.com/photos/111692634@N04/18495846450
4) Building a World-Class Proactive Integrated Security and Network Ops Center
Speaker: Hanna Sicker ( @SNOCgirl )
The SNOC (Security & Network Operations Center) is a cost-effective, world-class, proactive integrated function that leverages and optimizes your current NOC members while hiring a minimal number of additional security professionals. Learn how to use the SNOC framework to transform your existing NOC into a single effective team that is responsible for both network and security functions.
image courtesy: https://www.flickr.com/photos/jakerust/16649925388
5) Make IR Effective with Risk Evaluation and Reporting
Speaker: Justin Monti, Mischel Kwon
Today, determining risk of a cyberattack is the generic vulnerability or malware rating ignoring aspects of how the business is impacted. Understanding the vulnerability state of the network, reputational risk, business loss, cost of IR and reconstitution cost are rarely understood. This presentation will show a data-driven approach to IR prioritizing response based on risk and business impact.
6) Data Breach Litigation How To Avoid It And Be Better Prepared
Speaker: Ronald I. Raether, Jr. Andrea Hoy
Here's an overview of the presentation: Background: Where are the Data Breaches occuring?; How to Be Better Prepared for When Your Company Data is Brenched; How to Avoid it: Lessons Learned & Best Practices
7) Cloud Breach – Preparation and Response
Speaker: Monzy Merza ( @monzymerza )
Your next breach or insider attack will most likely have you digging for evidence in the cloud. Are you prepared? The old styles of imaging disks and tapping networks won't work! It won’t scale! This session will discuss response scenarios for cloud-enabled and cloud-dependent enterprises, a model for preparing for cloud response, and will show examples of cloud breach investigations.
8) Preserving the Privilege during Breach Response
Speaker: Jeff Kosseff ( @jkosseff )
When companies hire cybersecurity consultants to investigate incidents, those professionals’ reports and emails could be used against the company in court unless a privilege applies. This session provides an overview of the attorney-client privilege for post-breach investigations, and tips for increasing the chances that the privilege will apply and the data will remain confidential.
9) Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Speaker: Timothy Lee
This session will present a real case study of methodology and advanced cybersecurity tools used along with important tips and lessons learned on implementing an ISOC project at the second largest city of the nation. Topics include the critical success factors, advanced tools and technologies for ISOC, Situational Awareness, Threat Intelligence Sharing and cybersecurity collaboration.
10) Data Science Transforming Security Operations
Speaker: Alon Kaufman
Data science brings a huge promise to IT security and accordingly to the sprouting of DS teams across all enterprises, and numerous vendors. Indeed DS has the potential to transform the way security is done—yet, the secret sauce is how to do it in a way that actually provides clear value, embedded into the security workflow, and leverages the human knowledge in combined with the data.
Your Complete Guide To Top Talks @RSA Conference 2016 (USA)
Get your FREE Guide on Top Talks @ RSA Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.