The new German government will mean a shift for the country’s cybersecurity policy. The joint coalition agreement of the three ruling parties lays out their plans for the next four years and signals changes of course in areas like encryption policy and “hackbacks”. In most fields the devil will be in the details. The country’s cybersecurity policy will also be affected by broader policy projects, such as a review of all governmental surveillance powers and the development of a national security strategy.

Even though we are all focused on the “here and now” of our busy cybersecurity world, today’s modern security operations center (SOC) has deep roots going back more than 50 years! The concept of a SOC has constantly evolved over time to meet new challenges and new adversaries. And new technologies seem to arrive every year which manage to improve the SOC’s response time but also tend to complicate the SOC’s working environment. Join this keynote for some thoughts about the characteristics of a highly-tuned SOC, as well as a few predictions about the human-centric future of the SOC.

The house is on fire, things collapse, headless chicken mode gains traction, grown-up men start to cry, to laugh or to stare. Sometimes all at once. Management is terrified that NIMBY (also referenced as “Saint Florians Principle” in the German speaking world) did not work out as not outlined in the non existing business continuity plan…
It is Friday afternoon, shortly after half past four. Someone had some bad days (and nights), but obviously a successful speed run across all the states of grief: Denial, Anger, Bargaining, Depression, Acceptance. Now they ask for professional help.
It’s almost Saturday Night Fever, and we now shift up to Pulp Fiction! So please let me just grab my Mr. Wolf face and invite you to join me on the same old trip down a narrow and bumpy rabbit hole. Here Marvin (the perimeter), inevitably gets shot in the face and the whole show catches fire.

It’s been a decade since vendors offer machine learning based tools, every year new innovations show up. We summarize what we know today from studies and add our own observations regarding these tools. Furthermore, there’s a great way to test the real level of development and step forward: that is purple teaming.

I discuss the issue of protecting your manufacturing environment through the breakdown of an actual Cyber Attack that we investigated on behalf of a client.
This ‘Anatomy of a Cyber Attack’ looks into the processes employed by the threat actor as they seek to achieve action on their objective. Through investigation and incident response, we determine the best course of action and how to prevent further intrusions. Although this example in in Manufacturing, the event and processes are universally applicable.

The updated EU directive NIS2 defines the EU framework for critical infrastructure protection on an European level. After EU agreement this directive will need to be transposed into national law with EU operators in NIS2 scope are required to implement security measures to protect the IT and networks of their essential and important services – both beyond the scope of NIS as also impacting more enterprises and business segments than before.

During our services we learnt exactly how criminal mindset is working with the given IT environment to find its way to reach their goals. We will explain real life use cases, from the recent times how the attackers could achive a breach and caused damage to einterprises.
To uncover the kill chain of the attack we use forensic analysis tools and an investigation process, closely working together with the victim to understand the possible reasons of attackers and the considered crown jewels.
Quantum lab supports law enforcement thus you will get insights how forensic investigations are performed.

Is Endpoint Detection and Response (EDR) still sufficient or can I no longer guarantee adequate security without Extended Detection and Response (XDR)? In this presentation, we want to discuss various non-product-specific technologies, point out limitations and give our own view of the future of detection and response technologies.

Malware analysis is inevitable at some point in the life of all cyber security teams. Numerous technologies provide automation-aided support for the analysis. The challenge is caused when even further malware reverse engineering is required to support incident management. The presentation highlights the need for malware reverse engineering and its placement amongst SOC processes. Also collects the challenges of establishing this capability in-house and the benefits of utilizing it as a service.

On 24 September 2020, the European Commission published its draft regulation “Digital Operational Resilience Act (DORA)” as part of its digital finance strategy. The proposed legislation aims to create a regulatory framework on digital operational resilience to ensure that all participants in the financial system have the necessary safeguards in place to mitigate risk of cyber-attacks and other risks in the area of Information and Communication Technology (ICT).
In December 2021 the negotiations in the course of informal trialogues between European Parliament, European Council and the European Commission have started. Thus, we expect a final version of the regulation to come into force at the end of 1st quarter 2022, immediately after publication. We assume an implementation period of approx. 12 months.

Many companies can no longer efficiently use the extremely large amounts of data in the cybersecurity environment for their own effective defense strategy. Too many alerts and not enough people are leading to big blind spots. A radical rethink is needed to withstand modern cyberattacks. We are introducing the Autonomous Security Operations Center by Paolo Alto Networks.

Securing digital transformation without slowing down business is one of the most challenging missions organizations face today. The aim of the presentation is to give the audience a practical overview of how the different teams involved in application development approach security, the main factors generating tension and frustration between them, and the fundamental process and technology elements that reduce friction and increase speed and security in the development lifecycle.

Watch a short demo performed in our ICS Lab environment at EURO ONE and have a sneak peak in the process of a cyberattack’s detection in industrial networks. After describing the laboratory toolkit the scene considers a paint shop being attacked and shows the main viewpoints of the manufacturing engineer and the SOC team. The goal is to show how the industrial operators and the security operations team cooperates to react to threats – regardless if IT or OT is the target.

Panel discussion onsite about the demonstrations and key takeaways of Day 1 of SOC Summit. Participants are Ralf Reinhardt (CyberReinhardt); Sean McCue (SCADAFence); Robert Ehlert (Quantum cyber lab); Gerhard Günther (Metafinanz); Peter Sajó (SOCWISE); Robert Wortmann (Trend Micro).