The engineers learned from Chris Crowley, SANS Principal Instructor and SOC Course Author, who presented a lecture on SOC Use Case Development. His message centered on using the SOC effectively, by ensuring the business knows what the SOC needs to accomplish to achieve success.
Along with SANS lecture, there were talks given by Recorded Future, DomainTools, and Authentic8 on a variety of topics in the cybersecurity space.
“(Nick Espinoza of Authentic8) used a use case that involved a customer from the financial services industry and he walked us through a particular threat intel feed signal and what was done to follow that lead,” said Layth Batyne, an Archetype SC security engineer. “It was interesting to note that cookies and web analytics are being repurposed by the adversaries so your digital fingerprint needs to be taken into account when you are accessing adversary controlled infrastructure.”
Recorded Future’s Diana Granger gave an update on ransomware variants and campaign trends, which centered on hunting for malware, rather than monitoring and triaging events on the network. Granger’s premise of having a team of threat hunters as part of a SOC fell in line with being “proactive, not reactive” in cybersecurity.
Archetype SC’s engineers left the half-day conference with new ideas on how to improve a SOC and what it takes to have a comprehensive SOC offering, from responding to events to hunting out adversaries in a network.
“While this wasn’t a very long conference, it packed a lot of great information into a short amount of time,” said Archetype SC’s Brian Messier on the SANS SOC Solutions Brief. “It is always helpful to hear from other security professionals, to hear different methods and technologies that can help us in what we do every day.”
Along with the knowledge, Archetype SC’s engineers were able to network with other security focused peers and company representatives.