SANS Cyber Solutions Fest: Level SOC/SOAR

Netenrich CISO Christopher Morales will share his insights on identifying and avoiding insider threats in today’s remote workforce age
  • Thu Oct 21, 2021
  • 08:30 am ET
  • Online | Virtual

About SANS Cyber Solutions Fest: Level SOC/SOAR

Security Orchestration, Automation and Response (SOAR) tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things. The challenge is that the tools are frequently bought to avoid the one thing that most organizations don’t seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of data from disparate tools.

Modern SOCs are comprised of four components monitoring and detection, incident response and threat hunting, threat intelligence, and detection engineering. With this construct, teams aim to constantly stay one-step ahead of attackers. In recent years, this has becoming increasingly more difficult due to a shortage of cybersecurity skills, too many alerts, and operational overhead.


Another problem is the lack of consistency among the data for use in SIEM/SOAR. SOC teams that do not process or enrich their data before putting it into their security tools are often disappointed to find they experience additional integration costs and challenges when they had expected clear sailing with their new SIEM/SOAR. At best, the task of data processing gets off-loaded on threat hunting teams, creating unexpected costs and strain because it lacks context and relevant details.

Investing in a SOAR platform is strategic and oftentimes a financially beneficial decision. SOAR systems can help define, prioritize, and standardize responses to cyber incidents. This process occurs when an organizations security team uses the platform to gain insight on an attackers tactics, techniques, and procedures (TTPs) and known indicators of compromise (IOC).

For more details on the e-conference or to schedule a time to speak with Netenrich, please contact [email protected]

About Netenrich

Netenrich delivers complete Resolution Intelligence to transform digital operations into smarter business outcomes. With fifteen years’ innovation across IT, NetOps and SecOps, Netenrich applies a dynamic mix of machine and expert intelligence across a wide range of products and SaaS-based offerings. The solutions integrate with more than 140 market-leading IT and security applications to drive digital transformation, mitigate brand exposure, increase efficiencies, and bridge skills gaps. More than 6,000 customers and organizations worldwide rely on Netenrich to gain increased visibility and actionable intelligence across their IT and cloud networks. The company is privately owned and based in San Jose, CA.

To learn more about Netenrich, visit and follow us on LinkedIn, Twitter, YouTube, and Facebook.

About The Speaker

Christopher Morales


One of the industry’s finest, Chris Morales, oversees the company’s security vision and strategy as Chief Information Security Officer (CISO) and Head of Security Strategy. He’s well known and respected in security circles as an innovative leader and technical expert. Throughout his career, he has advised and designed incident response and threat management programs for some of the world’s largest enterprises. Chris most recently led advisory services and security analytics at Vectra AI. He has also held roles in cybersecurity engineering, consulting, sales, and research at companies including HyTrust, NSS Labs, 451 Research, Accuvant, McAfee and IBM.