AppSec SOC Monitoring Visualisation
Capturing logs and visualising them in a SOC (Security Operation Center) is a key activity in the asymmetric arms race against malicious actors and bugs.
In addition to providing high-value actionable information, a good SOC will provide a wealth of valuable metrics and visualisations for the business, from user activities and behaviour to system performance.
The Working Session will assess the role, the work, and the importance of a SOC within a business.
- What are the key technical and operational components of SOCs?
- Map examples of SOC implementations (people, processes and technologies)
- What are the best practices in capturing logs and feeding them into central locations?
- What is the business case for a larger SOC which is sponsored by another business unit (i.e. not just Security)?
- What are the best practices for using tools like ELK or Splunk?
- How to secure SOCs data and infrastructure
- How to visualise the data collected in actionable/meaningful graphs
- How to use Machine Learning and AI to improve data capture and analysis
- How to use Business Intelligence Techniques and Big Data tools to improve analysis and visualisations
- Using AppSensor to feed data into SOC and to respond to analysis results
- Exploring specific security incidents:
- Malware infection
- Web Injection attack
- Account Brute Force attacks
- Login/activities from non-common locations
- Business logic exploitation
- Data extraction
- How does SOC help with GDPR requirements
- What to look for - tricks, tips and ideas.
The target audience for this Working Sessions is:
- SOC and Network Operations teams
- InfoSec and AppSec Professionals
- Business analysts
Related Working Session(s)
Back to list of all Working Sessions and Tracks
Edit this page here