Agenda | November 7, 2024 | 8:30AM - 5:15PM ET
Timeline (EDT) | Session Details |
---|---|
8:30 AM | Welcome & Opening RemarksMegan Roddie, Co-Author, SANS Institute & Sr. Security Engineer, Datadog |
8:40 AM | Session One | Evolving Detection Strategies: Leveraging Incident Response Lessons to Strengthen SecurityAs cyberattacks grow in sophistication, security teams must constantly evolve their detection and response capabilities to stay ahead of adversaries. In this webinar, we’ll explore how lessons learned from real-world incident responses can significantly inform and enhance detection strategies, ultimately improving an organization's resilience to modern threats. Drawing on recent case studies, we’ll discuss how a proactive, dynamic approach to detection engineering—combined with insights gained from incident response—can lead to more robust detection mechanisms. This session will focus on the intersection of detection and response, highlighting the importance of adapting detection methods based on the tactics, techniques, and procedures (TTPs) observed during incidents. Spencer Brown, Senior Sales Engineer, Sophos |
9:20 AM | Session Two | Sysdig Title Coming Soon!Session Details Coming Soon! Speaker coming Soon! |
10:00 AM | Break |
10:15 AM | Session Three | How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across EnvironmentsAdvanced threat actors are compromising the identity infrastructure of some of the largest organizations in the world with ease. Upon gaining access to the identity provider, they are able to move laterally into Iaas, PaaS, and SaaS environments and steal data - all in the course of 2-3 days. Join Ian Ahl, SVP of P0 labs and former Head of Advanced Practices at Mandiant, as he shares knowledge stemming from responding to hundreds of breaches in his career. Ian will walk through how advanced threat groups target human and non-human identities for compromise, how they maintain persistence in environments, and provide some tips for detecting suspicious and malicious activity in identity providers, cloud service provides, and SaaS applications. He’ll also provide actionable steps security teams can take to prevent breaches or know about them as quickly as possible. Ian Ahl, Sr. Vice President, Permiso P0 Labs |
10:45 AM | Session Four | Detection Engineering: StreamlinedLet's face it: IOC-based alerting just isn't cutting it anymore and falls short, creating high alert volume noise and inefficient workflows. Using the ALPHV & Black Cat ransomware group as a case study, we'll reimagine David Bianco's Pyramid of Pain, demonstrating how to normalize data, utilize noisy signals, and incorporate adversary TTPs for actionable alerts. This session will demonstrate how Anvilogic can help you: - Establish a strong detection program foundation with data hygiene Join us to revolutionize your threat detection process and enhance your SOC's efficiency and effectiveness. Alex Hurtado, Senior Project Manager, Anvilogic |
11:15 AM | Session Five | Fool Me Once: The New Face of Deception and How DNS Can HelpIn today’s fast-evolving tech world, distinguishing truth from deception is tough, leaving users as the most vulnerable link. Attackers are capitalizing on high-stress situations and leveraging events like the Crowdstrike outages to create convincing traps. This talk will scrutinize how these deceptive tactics play out in real-world scenarios and why they’re more dangerous than ever. We’ll look at specific examples and explore how DNS provides a critical layer of defense against these threats. Lastly, you’ll learn about recent trends seen on DNSFilter’s own network which resolves over 130 Billion DNS queries daily. Brian Gilstrap, Associate Sales Engineer, DNSFilter |
11:45 AM | Break |
12:00 PM | Session Six | Keynote Session: Days of Future Past: The Impacts of GenAl on CybersecurityJoin Rob Lee for an in-depth, hour-long, thought-provoking session on Generative AI and how it is re-shaping cybersecurity and the professionals within it. You'll learn:• GenAl’s Cybersecurity Impact: GenAl is reshaping cybersecurity, creating both challenges and opportunities, especially in nation-state strategies like disinformation and cybercrime.• Evolving Cyber Tactics: Organizations must adapt their defensive and offensive strategies to keep pace with GenAI-driven changes.• Essential Up-skilling: Cybersecurity professionals need to up-skill to harness GenAl’s potential while addressing its new vulnerabilities. Rob Lee, Chief of Research and Head of Faculty, SANS Institute |
12:50 PM | Afternoon Kick-offMegan Roddie, Co-Author, SANS Institute & Sr. Security Engineer, Datadog |
1:00 PM | Session Seven | Level Up Existing Cybersecurity Defenses with Sophos MDRCybercriminals don’t break in; they log in. And they make a lot of noise. To avoid being blocked, today’s active adversaries increasingly deploy stealth tactics, exploiting unpatched vulnerabilities, leveraging stolen credentials, and outsmarting commonly used IT security tools. The solution? Round-the-clock detection and protection. But faced with hundreds of daily security alerts, many organizations using the Microsoft Security suite lack the time and in-house expertise to make the most of its multi-product capabilities. To counter advanced ransomware attacks and breaches, consider integrating Sophos MDR for Microsoft Defender. It not only consolidates all security events into a single dashboard, but it also extends protection 24/7 with human-led detection and response. It’s perfect for when IT teams are understaffed or off the clock. Join this session to discover cost-effective ways to fortify your Microsoft defenses and regain some well-deserved peace of mind. Spencer Brown, Senior Sales Engineer, Sophos |
1:20 PM | Session Eight | Sysdig Tech Talk Title Coming Soon!Session Details Coming Soon! Speaker Coming Soon! |
1:40 PM | Session Nine | Overcoming Technology Gaps of Traditional Purple TeamingPurple teams play an essential role in identifying the weaknesses of our defenses. A manual and labor-intensive process, traditional purple team exercises often take significant time and can be limited in their scope. By breaking down techniques into discrete parts, we can more efficiently and effectively evaluate security controls’ failure points at scale. During this session, Prelude will explore a practical application of its Detect platform to simulate the techniques exhibited by common threats and evaluate defenses against expected results to quickly identify gaps in controls and understand: - Has our defensive technology captured and observed the raw telemetry of malicious events? - Have we created detections that can appropriately classify and alert security operations teams that these events are malicious? - Are we so confident in our detection logic so as to enable our tools to act autonomously and prevent those events in the future? Matt Hand, Director of Security Research, Prelude Security |
2:10 PM | Session Ten | CardinalOps Session Details Coming SoonSession Details Coming Soon! Jay Lillie, VP Customer Success for CardinalOps |
2:40 PM | Break |
2:55 PM | Session Eleven | Your Secret Weapon for Detecting and Stopping Threats Faster: Your Decrypted Network DataHow do you find new and unknown threats lurking in your network? With attack surfaces expanding and becoming more complex, especially with infrastructures that are spread across multiple cloud and on-premise environments, you need full visibility and real-time access. Join ExtraHop’s Jamie Moles as he showcases how decrypted network data can be your secret weapon to detect new threats and stop them faster. You’ll learn: -The limitations of EDR and SIEM based data for threat hunting. Jamie Moles, Senior Manager, Technical Marketing, Extrahop |
3:25 PM | Session Twelve | Session Details Coming Soon!Session Details Coming Soon! Speaker Coming Soon! |
3:55 PM | Session Thirteen | Session Details Coming Soon!Session Details Coming Soon! Speaker Coming Soon! |
4:25 PM | Detection & Response PanelPanel Abstract Coming Soon! Moderator: Panelist: |
5:05 PM | Closing RemarksMegan Roddie, Co-Author, SANS Institute |