Shubhendu Shubham
sudo rm -rf /problem
Bengaluru, India
Actions
Shubhendu is a seasoned cybersecurity professional with a specialization in cloud security,Red Teaming. With five years of experience, he has honed his skills in threat hunting, drawing inspiration from his survival instincts developed while watching Bear Grylls shows. Shubhendu is an active open-source contributor to popular repositories like Docker Extensions and Microsoft Sentinel, DevSecOps Repo.
He holds five Azure certifications and has been recognized as a Kusto Golden Awardee, earning the title of Principal Detective Agent. His blog was ranked 24th in the Azure Blog-A-Thon 2021 by Microsoft.
Shubhendu is also a community leader, organizing multiple meetups such as Docker Bangalore and the Azure Developer Community. As a subject matter expert on Hack The Box, he enjoys playing Capture The Flag (CTF) challenges.
Links
Area of Expertise
Topics
Shift Left : Code to Cloud Security
Microsoft Defender for Cloud is one of the best CNAPP tool which comes with Defender for DevOps features.
When it comes to ship secure code, organisation should adopt shift left mindset to reduce future vulnerabilities.
in this session I'll hands-on demonstrate Code Security, Dependencies Security & Secrets Protection with MDC and GitHub Advance Security and how to mitigate/fix those vulnerability while coding itself.
Prerequisites for workshop :-
Azure Subscription
Defender for Containers Plan enabled
GitHub Account
Building Next Generation SOC with Microsoft Sentinel .Azure OpenAI and Security Copilot
Why Security ?:
The average cost of a data breach was $4.35M last year, the highest average on record, whereas the average cost of a ransomware attack was $4.54M. (IBM) and it takes an average of 277 days — about nine months — to identify and contain a breach. (IBM)
Challenge :-
To over come this challenge Organisation can setup Blue team for defensive security aka SOC (Security Operation Center). These SOC team continuously scans possible threats, networks attack, Incidents. But the real challenge comes when attackers(APT) automate the attack scenarios using custom AI tools. Then it pattern becomes undetectable by normal Security rules, SOC analyst (Manual inspection) . Sometimes most of the SIEM solution bypass such threats. And while dealing with high volume of threat incidents, the average response time of a SOC analyst expands , which allows attackers enough room for attack.
Solution :-
To deal with such scenarios, SOC can build in house AI model & train with their own past attack data. To leverage this Microsoft comes with solution called security co-pilot which can be easily integrated with SIEM solution ,XDR,CNAPP. Apart from that SOC team can integrate Azure Open AI with MS sentinel , MDC as AI assistance for SOC.
Demo :-
In this hands-on section audience will build Azure OpenAI powered SIEM AI assistance
1. With onboard security tools like Microsoft Defender for cloud and map threat alerts to SIEM tool MS Sentinel.
2. Create Threat detection analytic rules
3. Onboard Azure Open AI (on request service) to Azure subscription
4.Connect with custom data source
5. Build Chat Bot using Chat-GPT-3.5 Model and map with custom prompt using own data source coming from SIEM events
6. Integrate inside Sentinel Incident page
Shubhendu Shubham
sudo rm -rf /problem
Bengaluru, India
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top