In-person: Red Hat Annex Building (near Red Hat tower in Downtown Raleigh), 190 E. Davie Street, Raleigh, NC 27601 : https://goo.gl/maps/V8EMcnh2gKWSsFyq6
Cisco's CSIRT team runs security operations (SOC) performing threat detection, incident response and vulnerability management for Cisco enterprise and cloud hosted offers. Cisco uses 5000+ cloud accounts on AWS, Azure and GCP. Numerous attacks in the cloud and managed service providers show that the cloud introduces new and amplifies traditional threat vectors.
The CSIRT team is responsible for protecting over a million assets owned by Cisco running both in data centers and cloud, 100+ thousand employees and partners that work for Cisco, and petabytes of Cisco and customer confidential and sensitive data. In this talk the author will outline how Cisco leverages data science and automation combined with security telemetry and tooling that includes Cisco's security products like Kenna, Duo, AMP, Umbrella, Talos etc. This has helped to boost the intelligent automation of Cisco's SOC on tasks related to monitoring, prevention, detection and response to threats and incidents.
Will highlight two key security innovations in our SOC:
Plays as Code: How we boost the performance and accuracy of traditional detection methods with code which can incorporate more complex combinations of data (including Umbrella, Duo and AMP), data science algorithms and complex logic to perform decision tasks such as ticketing/case-automation and alerting.
Attack Surface Automation: How we leverage Kenna, Talos and other vulnerability and threat intelligence data sources to build risk context and prioritization of the attack surface for vulnerability management and incident response. External exposure visibility improvement via external sources like Shodan and ERV (Bugcrowd), DNS Reconnaissance via Umbrella and cloud exposures via Cloud Connector information.
Vinay K. Bansal is CTO and Principal Engineer for Cisco's CSIRT/SVIC (Security Vulnerability and Incident Response) team. His current focus is automating, embedding data science in threat detection and incident response. He held various roles in Cisco including Chief Architect for cloud security focussing on Cisco's 80+ cloud offers, global security lead for Cisco’s “Web and Application Security Architecture Team”, that focuses on improving security of Cisco’s 2000+ IT Web Applications, databases, mobile services. Vinay has 29+ years of industry leadership experience in securing and architecting innovative solutions. Prior to Cisco Vinay has worked at various Fortune 500 companies including IBM, AT&T, Nokia, Experian, and Plessey Telecom (UK). Vinay holds a Master's degree in Computer Science from Duke University.
Shane McElligott is a Lead and SME in the practice of Data Science and Security. He currently focuses on Attack Surface Management and Vulnerability Triage as well as automating Threat Monitoring and Application Security. He is a member of Cisco’s Emergency Vulnerabilities Management (EVMP) team, which is an on-call rotation protecting Cisco from emerging urgent vulnerabilities. Additionally, he mentors colleagues on data science and practical applications of code and algorithms to solve security problems. A North Carolina State alumnus, Shane also is a GIAC certified Web Application Pen Tester (GWAPT) as well as a GIAC certified Vulnerability Assessor (GEVA). He holds several patents in artificial intelligence and security.