DAY 01
DAY 02

Thursday, April 28th, 2022

09:00

Germany’s Cybersecurity Policy 2021-2025

Dr. Sven Herpig

Independent Cybersecurity Policy Professional

The new German government will mean a shift for the country’s cybersecurity policy. The joint coalition agreement of the three ruling parties lays out their plans for the next four years and signals changes of course in areas like encryption policy and “hackbacks”. In most fields the devil will be in the details. The country’s cybersecurity policy will also be affected by broader policy projects, such as a review of all governmental surveillance powers and the development of a national security strategy.

09:25

Ingredients for SOC-cess in 2022 and Beyond

Ben Smith

Field CTO

NetWitness, an RSA Business

Even though we are all focused on the “here and now” of our busy cybersecurity world, today’s modern security operations center (SOC) has deep roots going back more than 50 years! The concept of a SOC has constantly evolved over time to meet new challenges and new adversaries. And new technologies seem to arrive every year which manage to improve the SOC’s response time but also tend to complicate the SOC’s working environment. Join this keynote for some thoughts about the characteristics of a highly-tuned SOC, as well as a few predictions about the human-centric future of the SOC.

09:50

Preparation and Readiness? Nah, it’s just ad hoc Incident Response in a Pulp Fiction Reality.

Ralf Reinhardt

Principal Security Consultant, Managing Director and Owner

CYBEReinhardt GmbH

The house is on fire, things collapse, headless chicken mode gains traction, grown-up men start to cry, to laugh or to stare. Sometimes all at once. Management is terrified that NIMBY (also referenced as “Saint Florians Principle” in the German speaking world) did not work out as not outlined in the non existing business continuity plan…
It is Friday afternoon, shortly after half past four. Someone had some bad days (and nights), but obviously a successful speed run across all the states of grief: Denial, Anger, Bargaining, Depression, Acceptance. Now they ask for professional help.
It’s almost Saturday Night Fever, and we now shift up to Pulp Fiction! So please let me just grab my Mr. Wolf face and invite you to join me on the same old trip down a narrow and bumpy rabbit hole. Here Marvin (the perimeter), inevitably gets shot in the face and the whole show catches fire.

10:15

Promise vs Reality – can we measure AI and SOAR with purple teaming?

Gergely Lesku

head of business development, OT security consultant

SOCWISE

Everett Hulse

Cyber Defense Engineer

SOCWISE

It’s been a decade since vendors offer machine learning based tools, every year new innovations show up. We summarize what we know today from studies and add our own observations regarding these tools. Furthermore, there’s a great way to test the real level of development and step forward: that is purple teaming.

10:40

Coffe Break

11:00

How to prevent Cyber Attacks In Manufacturing Environments – The Anatomy of a Targeted ICS Ransomware Attack

Sean McCue

IACS / Enterprise Cybersecurity Consulting Architect

SCADAfence

I discuss the issue of protecting your manufacturing environment through the breakdown of an actual Cyber Attack that we investigated on behalf of a client.
This ‘Anatomy of a Cyber Attack’ looks into the processes employed by the threat actor as they seek to achieve action on their objective. Through investigation and incident response, we determine the best course of action and how to prevent further intrusions. Although this example in in Manufacturing, the event and processes are universally applicable.

11:25

NIS2 – refined to define the EU framework for critical infrastructure protection on an European level

Dietmar Rohlf

Sr. Director, Indirect Sales DACH & Eastern Europe

NetWitness, an RSA Business

The updated EU directive NIS2 defines the EU framework for critical infrastructure protection on an European level. After EU agreement this directive will need to be transposed into national law with EU operators in NIS2 scope are required to implement security measures to protect the IT and networks of their essential and important services – both beyond the scope of NIS as also impacting more enterprises and business segments than before.

11:50

How criminal hacker organizations create insider threats in Companies

Robert Ehlert

Vorstand/CEO

Quantum cyber lab, Ludwig Leuchten, Smart in culture

Morgan Alexander

Head of Cyber Forensics & Operations

QUANTUM cyber lab AG

During our services we learnt exactly how criminal mindset is working with the given IT environment to find its way to reach their goals. We will explain real life use cases, from the recent times how the attackers could achive a breach and caused damage to einterprises.
To uncover the kill chain of the attack we use forensic analysis tools and an investigation process, closely working together with the victim to understand the possible reasons of attackers and the considered crown jewels.
Quantum lab supports law enforcement thus you will get insights how forensic investigations are performed.

12:15

Lunch

13:00

XDR – Buzzword or Silver Bullet? 

Robert Wortmann

Senior Cyber Defence Architect

Trend Micro Germany

Is Endpoint Detection and Response (EDR) still sufficient or can I no longer guarantee adequate security without Extended Detection and Response (XDR)? In this presentation, we want to discuss various non-product-specific technologies, point out limitations and give our own view of the future of detection and response technologies.

13:25

Verdict: Uncertain – When and How to Use Malware Reverse Engineering Skillsets in a SOC

Gábor Szabó

Cyber Defense Advisor

EURO ONE

Malware analysis is inevitable at some point in the life of all cyber security teams. Numerous technologies provide automation-aided support for the analysis. The challenge is caused when even further malware reverse engineering is required to support incident management. The presentation highlights the need for malware reverse engineering and its placement amongst SOC processes. Also collects the challenges of establishing this capability in-house and the benefits of utilizing it as a service.

13:55

DORA – a new European regulation for the IT sector in the financial system

Gerhard Guenther

Executive

Metafinanz GmbH

On 24 September 2020, the European Commission published its draft regulation “Digital Operational Resilience Act (DORA)” as part of its digital finance strategy. The proposed legislation aims to create a regulatory framework on digital operational resilience to ensure that all participants in the financial system have the necessary safeguards in place to mitigate risk of cyber-attacks and other risks in the area of Information and Communication Technology (ICT).
In December 2021 the negotiations in the course of informal trialogues between European Parliament, European Council and the European Commission have started. Thus, we expect a final version of the regulation to come into force at the end of 1st quarter 2022, immediately after publication. We assume an implementation period of approx. 12 months.

14:20

Coffe Break

14:40

The Autonomous SOC – The X-Factor for a modern and agile Cyber Security Architecture

Thomas Maxeiner

Sr. Manager Systems Engineering Cortex Germany & Eastern Europe

Palo Alto Networks

Many companies can no longer efficiently use the extremely large amounts of data in the cybersecurity environment for their own effective defense strategy. Too many alerts and not enough people are leading to big blind spots. A radical rethink is needed to withstand modern cyberattacks. We are introducing the Autonomous Security Operations Center by Paolo Alto Networks.

15:05

Pay Attention to Avoid Tension – a pragmatic framework to establish the culture of DevSecOps

Péter Szilágyi

Founder

Subscuto

Securing digital transformation without slowing down business is one of the most challenging missions organizations face today. The aim of the presentation is to give the audience a practical overview of how the different teams involved in application development approach security, the main factors generating tension and frustration between them, and the fundamental process and technology elements that reduce friction and increase speed and security in the development lifecycle.

15:30

Safeguarding my factory: a demo in EURO ONE’s ICS lab

Péter Hunyadi

OT Security Consultant

EURO ONE

Everett Hulse

Cyber Defense Engineer

SOCWISE

Watch a short demo performed in our ICS Lab environment at EURO ONE and have a sneak peak in the process of a cyberattack’s detection in industrial networks. After describing the laboratory toolkit the scene considers a paint shop being attacked and shows the main viewpoints of the manufacturing engineer and the SOC team. The goal is to show how the industrial operators and the security operations team cooperates to react to threats – regardless if IT or OT is the target.

15:55

Key takeaways of the first day of SOC Summit 2022

Panel discussion onsite about the demonstrations and key takeaways of Day 1 of SOC Summit. Participants are Ralf Reinhardt (CyberReinhardt); Sean McCue (SCADAFence); Robert Ehlert (Quantum cyber lab); Gerhard Günther (Metafinanz); Peter Sajó (SOCWISE); Robert Wortmann (Trend Micro).

Friday, April 29th, 2022 | Online Only

10:00

DEUTSCHE SITZUNG – Die deutsche Cybersicherheitsarchitektur – brauchen wir mehr Skalierbarkeit?

Dr. Sven Herpig

Independent Cybersecurity Policy Professional

In Deutschland wird viel über die Cybersicherheit gesprochen. Vergessen werden dabei jedoch häufig Kommunen, kleine und mittelständische Unternehmen und Organisationen der Daseinsvorsorge die nicht unter die KRITIS-Regulierung fallen. Per Holschuld werden zwar wichtige IT-Sicherheitsinformationen bereitgestellt, aber darüber hinaus sind diese Organisationen oft mit dem Thema alleingelassen. Ressourcenmangel und damit verbundene Schwierigkeiten notwendige Fachkräfte einzustellen führen zu einer großen Herausforderung bei der subsidiären Umsetzung von IT-Sicherheitsmaßnahmen. Braucht es mehr skalierbare Lösungen und Dienstleistungen für diese Art Organisationen?

10:20

DEUTSCHE SITZUNG – Wie kriminelle Hackerorganisationen Interne-Bedrohungen in Unternehmen errichten

Robert Ehlert

Vorstand/CEO

Quantum cyber lab, Ludwig Leuchten, Smart in culture

Durch unsere Dienstleistungen haben wir genau gelernt, wie kriminelle Denkweisen mit der gegebenen IT-Umgebung arbeiten, um ihre Ziele zu erreichen. Ich werde einige aktuelle Fälle vorstellen, die Aufschluss darüber geben, wie die Angreifer einen Einbruch erreichen und Schaden in Unternehmen anrichten konnten.
Um die “Kill Chain” des Angriffs aufzudecken, verwenden wir forensische Analysetools und einen Untersuchungsprozess, bei dem wir eng mit dem Opfer zusammenarbeiten, um die möglichen Gründe der Angreifer und die in Frage kommenden Kronjuwelen zu verstehen.

10:40

DEUTSCHE SITZUNG – Detektion von Log4Shell Angriff

Helmut Wahrmann CISSP

Advisory Systems Engineer

RSA Security GmbH

Vor nicht allzu langer Zeit wurde die Log4Shell Attacke bekannt – die Auswirkungen waren unmittelbar und tiefgreifend.
Um das Risiko zu minimieren, benötigt ein SOC die volle Sichtbarkeit auf alle Daten in einem Unternehmen, das durch die sich konstant ändernde Unternehmensarchitektur immer schwieriger wird.

Anhand einer Log4Shell Attacke wird gezeigt, wie Netwitness Network Detection und Response (NDR) verwendet wird, um die sofortige Sichtbarkeit zu erreichen und die Reaktionszeit des SOC drastisch zu verringern.

11:00

DEUTSCHE SITZUNG – DORA – eine neue europäische Regelung für den IT-Sektor im Finanzsystem

Gerhard Guenther

Executive

Metafinanz GmbH

Am 24. September 2020 veröffentlichte die Europäische Kommission ihren Verordnungsentwurf “Digital Operational Resilience Act (DORA)” als Teil ihrer digitalen Finanzstrategie. Die vorgeschlagene Gesetzgebung zielt darauf ab, einen Regelungsrahmen für die digitale operationelle Widerstandsfähigkeit zu schaffen, um sicherzustellen, dass alle Teilnehmer des Finanzsystems über die notwendigen Sicherheitsvorkehrungen verfügen, um das Risiko von Cyberangriffen und anderen Risiken im Bereich der Informations- und Kommunikationstechnologie (IKT) zu mindern.
Im Dezember 2021 haben die Verhandlungen im Rahmen eines informellen Trialogs zwischen dem Europäischen Parlament, dem Europäischen Rat und der Europäischen Kommission begonnen. Wir erwarten daher, daß eine endgültige Fassung der Verordnung unmittelbar nach ihrer Veröffentlichung Ende des 2. Quartals 2022 in Kraft treten wird. Wir gehen von einer Umsetzung von ca. 12 Monaten aus.

11:20

DEUTSCHE SITZUNG – Technologie muss genutzt werden – Cyber Defence in Zeiten des Fachkräftemangels

Robert Wortmann

Senior Cyber Defence Architect

Trend Micro Germany

Wie können sich Unternehmen vor der weiter ansteigenden Zahl von Cyberangriffen schützen? Der Einsatz von noch mehr IT-Sicherheitslösungen kann nicht die Lösung sein. Denn schon heute haben Unternehmen laut einer Umfrage von Trend Micro weltweit durchschnittlich 29 verschiedene Security-Tools im Einsatz.
Die Folge: Security Operations Einheiten können sich immer seltener auf die eigentlichen Kernkompetenzen konzentrieren, wenn sie versuchen, mehrere Lösungen gleichzeitig zu verwalten. Und auch die besten neuen Lösungen sind – wenn sie nicht adäquate Verwendung finden – keine Abhilfe gegen Angriffe. Wie können Unternehmen in Zeiten des Fachkräftemangels diese Herausforderungen stemmen, müssen wir Cyber Defence komplett neu denken und was sind die Vorteile, aber auch Limitierungen von Managed Cyber Defence Services?

11:40

DEUTSCHE SITZUNG – Geschichte über aktuelle Attacken

Ralf Reinhardt

Principal Security Consultant, Managing Director and Owner

CYBEReinhardt GmbH

Kommt bald!

11:55

DEUTSCHE SITZUNG – IT-SiG 2.0 aktuelle Herausforderungen, voraussichtliche Neuigkeiten

Gergely Lesku

head of business development, OT security consultant

SOCWISE

IT-SiG ist für die meisten Mitglieder der Wirtschaft keine neue Verordnung, aber es stehen wichtige Fristen an. Der Kreis der erfassten Unternehmen wird um die UBI/UNBÖFI erweitert. Was kommt noch in 2022 und 23?
Was bedeutet “Angriffserkennung” im Gesetz und wie können wir heute die Anforderung “Stand der Technik” in der Informations- und Cybersicherheit interpretieren? Dies sind wirklich Millionen-Dollar-Fragen, daher ist es wichtig, ein Gefühl dafür zu haben, wie die Verwaltung die Bewertung durchführen wird.