Panel - Fight Smarter, not Just Faster
Facebook Twitter LinkedIn

Panel - Fight Smarter, not Just Faster

Plenary Session
Tuesday, October 08, 2019 10:45—11:45
Location: Ballroom

Our community is adopting SOAR to speed up SOC processes. This leads to demonstrable improvements in response time, but is that enough? Can we ever get faster than the adversary? Is there a way to shift the advantage to the defender?

The makeup of this panel attempts to span different perspectives of what it means to scale network defenses and different realities or limitations that affect scalability. The intent is to offer a well-balanced multi-faceted perspective on using more scalable approaches to gain an advantage over the adversary, or at least narrow the gap. There will be plenty of time for Q&A because that is where the real potential of this panel lies – the ability to bring the participants into the conversation which in turn brings out more perspectives…and hopefully inspires individuals to come up with solutions.

Everyone keeps focusing on speed (or the lack thereof) in cyber operations. There is a desire to automate as much as possible, share as much as possible, and detect/respond as fast as possible – but it is unclear if this is going to have the impact or result that is desired. All of these need to be done, but how do you do them in a way that actually increases the effectiveness of operations (not just the efficiency)? How do you share threat intelligence that is consumable and usable by network defenders, in an automated manner? While current operations are overly reliant on human beings to make decisions there is a reason and need to have humans involved with the operations OODA loop. How can we shift operational processes and activities such that there is time to involve humans as appropriate and still impact the adversary? There is a need to think about scale when addressing cyber security operations – and discussing what that means and how to achieve it is an important first step. 

For example: There are millions of IOCs associated with known malware, hundreds of vulnerabilities exploited by that malware, but only 10-20 ways in which the adversary uses that malware to achieve objectives. It seems that finding a way to share these techniques or procedures, develop detection mechanisms for them, and provide processes for investigating and mitigating instances would have a lot more impact on the adversary than blocking IOCs. But how do we share this type of information and how do we make it actionable? What scales with respect to network defense and cyber security operations? 

The makeup of this panel attempts to span different perspectives of what it means to scale network defenses and different realities or limitations that affect scalability. The intent is to offer a well-balanced multi-faceted perspective on using more scalable approaches to gain an advantage over the adversary, or at least narrow the gap. There will be plenty of time for Q&A because that is where the real potential of this panel lies – the ability to bring the participants into the conversation which in turn brings out more perspectives…and hopefully inspires individuals to come up with solutions.

Key take-aways: 
The intent of this panel is to inspire participants to think differently about threat intelligence, automation, and orchestration in the hopes of spawning new ideas and implementations that are more scalable for net defense.

John Felker
John Felker
Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)
John Felker serves as the Assistant Director, leading the Integrated Operations Division (IOD) for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency...
Geoff Hancock
Geoff Hancock
Advanced Cybersecurity Group
Geoff Hancock is the CEO at the Advanced Cybersecurity Group. He leads the organization in the development of cybersecurity best practice for commercial and federal customers. Hancock has spent 25...
Harley Parkes
Harley Parkes
Johns Hopkins University Applied Physics Laboratory

Tickets

CyberNext Summit & Borderless Cyber
€700
€1000
 
All days: Oct
Two day ticket
€550
€750
 
Day 1 + Day 2
€550
€750
 
Day 2 + Day 3
€550
€750
 
Day 1 + Day 3
€550
€750
 
One day ticket
€300
€500
 
Day 1
€300
€500
 
Oct
Day 2
€300
€500
 
Oct
Day 3
€300
€500
 
Oct
CyberNext Summit & Borderless Cyber - Gov. rate
€360
 
Government rate, All days: Oct
Two day ticket - Gov. rate
€295
 
Day 1 + Day 2
€295
 
Day 2 + Day 3
€295
 
Day 1 + Day 3
€295
 
One day ticket - Gov. rate
€230
 
Day 1
€230
 
Oct
Day 2
€230
 
Oct
Day 3
€230
 
Oct
Have you participated in our events?
Contact us to get a special discount
Subscribe for updates
Please provide your email address