11:00 am - 11:30 pm - Registration Opens & Lunch
- Sign in and grab some RedLegg swag! We’ll also have lunch served for you to fuel up and meet some of your neighbors before we get started.
11:30 am - 2:30 pm - Operational Track
- Network Tools: Security vs Operational - Learn the differences between Security and Operational focused tools and the impact that both can have within your environment. Emphasis will be placed on knowing the use cases for each and how a mature practice implements both.
- Logging for Critical Visibility - Discussion will be focused around what you NEED to log to get the necessary visibility into the critical aspects of your logging environment. This includes potential sensitive information, risk platforms, and potential ingress/egress point.
- Designing for Growth - Planning the growth of your logging infrastructure is a long term plan, and while you may scope for your current logging environment, future growth and resource planning is critical to get the most out of an expensive SIEM investment.
- Windows Logging Fundamentals - With Windows logging, there is a lot of information that is collected and forwarded to a logging solution. This talk discusses the key points and values in collecting Windows logs and focusing on the key things to keep in mind so that valuable information does not slip through the cracks of the noise.
- Noise and Volume: Keeping Visibility and Sanity - One of the most daunting aspects of deployment and managing a logging solution is the prospect of tuning and managing the logging levels of the reporting sources. This discussion will explain best practices used to help end users tune in and calibrate their hosts to get the most confident information.
- Less CAN Be More: Best Practices - It can be difficult to know where to begin with enabling security rules within any logging solution. Our engineers will review best practices around LogRhythm and explain how a manageable ruleset can be attained (ex. in some cases, a “Less is More” approach with solidly built rules and following an appropriate framework).
2:30 pm - 4:30 pm - Threat-Based Track
- Quantifying Risk - This topic delves into the concept of mean-time to detect a potential security risk. Our team will explain how we utilize information to identify a potential risk more quickly and how much of a difference a timely response can make.
- What Are You Protecting? - You have to first know what you have and where it is before you can protect it. This discussion delves into properly identifying and classifying critical assets before designing the proper solutions to protect them.
- Regulatory Compliance Requirements - It can be overwhelming to understand what all you are responsible for with all the various governance and auditing bodies that exist today. This topic explores building a proper path for practical and repeatable compliance and audit preparation.
- Use Cases and Alarm Creation - To properly build effective alarms, it is important to understand the use cases they are monitoring for. This discussion explores the various risk use cases and appropriate thresholds for building strong security alarms.
- Threat Modeling - Knowing how to properly model a potential threat can go a long way to proactively preparing to prevent it. This discussion around how to build and apply threat modeling for proactive security is key for anyone involved in security or operations.
- The Importance of DNS Logging - One of the more non-obvious logs that can shed illumination on potential risks is DNS logs. This topic dives into how the proper integration of these logs into a logging platform can add value to your overall security posture.
- Threat Intel Time Sensitivity - With lots of options out there, our team will review the concept of Threat Intelligence and discuss some of the top providers and how they integrate with your security logging platform. Focus will be placed on the age of the data and how important reliable up-to-date intelligence is.
4:30 pm - 4:50 - Closing Remarks
- We'll wrap up with some final thoughts, but if you want to stick around, we're happy to help answer any questions.
5:00 pm - 7:00 pm - Happy Hour (Optional Fun)
- Join the RedLegg team to unwind and close the day out!