AppSec SOC Monitoring Visualisation


Why

Capturing logs and visualising them in a SOC (Security Operation Center) is a key activity in the asymmetric arms race against malicious actors and bugs.

In addition to providing high-value actionable information, a good SOC will provide a wealth of valuable metrics and visualisations for the business, from user activities and behaviour to system performance.

The Working Session will assess the role, the work, and the importance of a SOC within a business.

What

  • What are the key technical and operational components of SOCs?
  • Map examples of SOC implementations (people, processes and technologies)
  • What are the best practices in capturing logs and feeding them into central locations?
  • What is the business case for a larger SOC which is sponsored by another business unit (i.e. not just Security)?
  • What are the best practices for using tools like ELK or Splunk?
  • How to secure SOCs data and infrastructure
  • How to visualise the data collected in actionable/meaningful graphs
  • How to use Machine Learning and AI to improve data capture and analysis
  • How to use Business Intelligence Techniques and Big Data tools to improve analysis and visualisations
  • Using AppSensor to feed data into SOC and to respond to analysis results
  • Exploring specific security incidents:
    • Malware infection
    • Web Injection attack
    • Account Brute Force attacks
    • Login/activities from non-common locations
    • Business logic exploitation
    • Data extraction
  • How does SOC help with GDPR requirements
  • What to look for - tricks, tips and ideas.

Who

The target audience for this Working Sessions is:

  • SOC and Network Operations teams
  • InfoSec and AppSec Professionals
  • Business analysts
  • CISOs

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here