Dubbed “the grooviest event for security operations,” the inaugural SOCstock was a world-class virtual event featuring renowned and respected infosec speakers providing attendees with the very latest security operations trends, research and best practices. But it wasn’t just about what was happening on stage. SOCstock also featured funky swag, fun contests, talented entertainers and more (no mud involved).

SOCstock 2020 Keynote

SOC Chronicles: What Has Changed and What Has Stayed the Same

Cybersecurity luminary Anton Chuvakin delivers some self-styled groovy security operations tunes in the way of revelations about recent SOC trends and an update to the modern SOC concept. Included is an examination of whether the SOC as we know it is reaching its demise.

Taking Your Detection to the Next Level

We’ve gotten really good at collecting piles of data. Our customers send us plenty of it and they think every event from every device is being monitored. Are they? Our customers are harnessing an exploding set of cloud and non traditional IT. Past approaches of “slap a sensor on it and call it good” are no longer sufficient. We need to more carefully measure our monitoring coverage, make better use of the data we collect, and ensure our detection program is healthy.

In this presentation, Microsoft’s Carson Zimmerman describes he five essential elements of a successful SOC monitoring and detection program: planning, engaging with customers, leveraging commodity capability, creating custom detection and measuring detection effectiveness.

Unlock the SOC

What do you do after you gather the top talent in an industry in one place? Well, you can either host Woodstock… or you can figure out how to unlock the SOC within!

After assembling top talent in security you need to focus on freeing up analysts to work on challenging assignments including detecting and hunting advanced threats. This will not only improve your security profile but will also go a long way in employee fulfillment and satisfaction.

Join Relativity CSO Amanda Fennell as she walks through the process of unlocking the SOC.

Metrics on Steroids: Improving SOC Maturity Using the SOC-CMM

Building a SOC helps organizations increase their resilience to these cyberattacks and decreases their time to detect – and respond to security incidents. But simply having a SOC in place provides insufficient assurance of high quality cyber defense.

To track the SOCs progress, metrics are required. The SOC-CMM provides an extensive yet comprehensive framework for measuring the capability maturity level of your SOC. Using the outcome of a SOC-CMM assessment, a roadmap for improvement can be created. In this on-demand presentation, the SOC-CMM and its application are explained and positioned as part of a modern approach to monitoring and response.

The Hybrid SOC: Best Practices for MSSP/End User Collaboration (Panel Discussion)

The hybrid SOC model isn’t new. It is how many companies have been outsourcing IT services for years, as it offers flexibility, scalability and cost effectiveness. However, it does require careful planning and collaboration from your organization and the managed security service provider (MSSP) to ensure goals are achieved.

This panel discussion, which includes security practitioners from Fortune 500 organizations and MSSP leaders,  explores how to work better together.

Ransomware Defense and Response: Minimizing Risk of an Increasing Threat

Human-operated ransomware attacks are one of the most serious cyber threats facing organizations today. Many organizations have been impacted, from local governments to global corporations. In the height of this global pandemic, not even the health care sector has been spared, with recent attacks on a major U.S hospital system and a health tech company.

This talk, grounded in our real-world and hands-on experience, walks through how organizations can effectively prevent and respond to this significant, and growing, threat.

The State of Remote Security Operations (Panel Discussion)

This panel focuses on the impact of WFH and COVID-19 on security operations, which has resulted in a number of new challenges and disruptions for organizations, from addressing emerging and remote-specific threats to issues around team dynamics. The panel leans on fresh survey research Siemplify conducted in the field with security operations professionals on the topic of remote security operations.

Siemplify: SOAR Use Cases for the Age of a Pandemic and Beyond

Even before the pandemic, security orchestration, automation and response (SOAR) was used by security operations teams to respond to alerts more effectively at scale using repeatable playbooks, automation of repetitive tasks and orchestration of disparate tools. But the pandemic accelerated the need to collaborate while working remotely and to quickly build and deploy playbooks for this new reality,

This session examines practical use cases for SOAR that are relevant for security operations in this “new normal” of a remote workforce that organizations can implement today.