WORKSHOP 3Monday 27 May 2019 - Focus Rooms, Sunninghill

Four Pillars for Effective Threat Management

Ashraf Abdelazim, Manager Threat Management – MEA,
Amr Awad, MEA Technical Leader,
Ahmed Hashem, Senior Principle Consultant, IBM

Today we’re facing serious risks. We’ve all got a ton of data, but amidst all this data we struggle to find things that really matter: stealthy adversaries lurking in the network, insider threats, critical vulnerabilities and privacy risks, just to name a few. When we look these challenges, the root cause in many cases is that despite having more than enough data, we lack the insights into data that are needed to address risks and threats. Just think about how many alerts you probably get today. What are they telling you? Are they actionable? Are they actually insightful, or are they just alerts?

In this workshop, we help you to identify the four pillars required to improve the current situation and effectively detect threats - these pillars are the key for an effective threat management. Firstly, you need visibility into the entire enterprise from a single place. This doesn’t mean you should get rid of existing solutions or data lakes. Keep doing what you’re doing today but feed all that siloed data into one centralised solution so that you can get a comprehensive view of the security state of your entire environment, including your on-premises environments, cloud environments and even operational or SCADA environments.

Secondly, automate your security intelligence. You’ve got too much data to NOT automate intelligent insights. By layering an analytics engine on top of your data, you can get actionable and prioritized insights into your most critical threats. Thirdly, orchestrate your response: having a consistent, repeatable, auditable and automated process is key to delivering the right orchestration. Also identify the automation opportunities that can help your teams response faster and smarter.

Fourthly, be proactive. The more you’re able to automate up front, the more time you’re able to free up so that you can transition from a solely reactive stance to a more proactive stance. With more time, you can proactively hunt threats to find attackers earlier in the attack cycle, respond faster and build those lessons learned back into your defences so you can continuously get better.

In addition, the workshop will include a demonstration of the discussed pillars as well as the following:

  • Consolidating alerts and having an automated escalation methodology
  • Building a consistent process for the incident type/capability
  • Automated/semi-automated enrichment for proper analysis and investigation
  • Automated/semi-automated remediation through a direct action on technology, orchestrating a process or a stakeholder whether he is an internal/external stakeholder

By attending this workshop you will gain:

  • What type of data to collect and how to see what data really matters
  • How to automate intelligence to have the right insights through a Detect, Connect, Prioritise and Investigate approach
  • How to build an orchestration and automation capability to allow a faster and smarter response
  • How to utilise additional apps to extend the capabilities of your threat management with advanced use cases, security frameworks, etc.

Who should attend:

  • CISOs
  • Security Managers
  • SOC Managers
  • Security Analysts
  • Incident Response Specialists

Previous experience in or knowledge of information security operations is desirable.

What to bring:

  • No additional items are needed, there will be a full demonstration platform available which will be used to showcase all the capabilities during the workshop.


Refreshments and networking
Close of workshop; lunch and networking

Event Sponsor

Diamond Sponsor

Platinum Sponsors

Security Survey & Executive Roundtable Sponsor

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Display Sponsors

Showcase Sponsor


Endorsed by


pDBException: [1]: Database not defined