BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.nsec.io//2026//ZRSPDZ
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-2026-DTUSDL@cfp.nsec.io
DTSTART;TZID=EST:20260515T133000
DTEND;TZID=EST:20260515T140000
DESCRIPTION:Security Operation Centers (SOCs) are used by companies to defe
 nd themselves against cyber-attacks. These SOCs monitor logs collected fro
 m the enterprise network such as process activity\, authentication events 
 and netflow\, to identify attacks or compromises. These security teams mus
 t navigate numerous alerts generated from a wide range of security control
 s using both rules and Machine Learning (ML) to identify malicious activit
 y. This is even more so the case in large-scale SOCs\, or for companies of
 fering Managed Detection and Response (MDR).  \n\nThis talk showcases a mu
 lti-step approach used in a modern large-scale managed SOC that manages th
 ousands of enterprise networks\, demonstrating how it can successfully ide
 ntify a real infostealer attack through multiple layers of filtering and p
 rocessing. Through a two-week period containing 9.7 trillion event logs\, 
 the presented approach combines alert deduplication\, individual rule-base
 d and ML based detectors\, alert suppression\, and a supervised ML based a
 lert prioritization model to dramatically reduce the noise\, so that secur
 ity analysts can pinpoint the infostealer activity.
DTSTAMP:20260507T203252Z
LOCATION:Ville-Marie
SUMMARY:A Needle in a Haystack: Identifying an Infostealer Attack Through T
 rillions of Events in a Large-scale Modern SOC - François Labrèche
URL:https://cfp.nsec.io/2026/talk/DTUSDL/
END:VEVENT
END:VCALENDAR