Fall Cyber Solutions Fest 2024: Detection & Response Track

In today's rapidly evolving cyber landscape, attacks are becoming more sophisticated and frequent, making robust detection and response capabilities critical for every organization. Join us for the Detection & Response Track at the Fall Cyber Solutions Fest, where you'll discover the strategies, tools, and insights that will empower your organization to stay ahead.

Whether you're looking to fine-tune your current operations or completely overhaul your approach, this session will equip you with actionable insights from top top industry experts.

What to Expect:

  • Building Detection Engineering Into Security Operations
  • Reducing Detection and Response Times
  • How EDR and XDR Solutions Can Help Organizations with Detection and Response
  • Automating Incident Response 
  • Leveraging Lessons from Response to Inform Detection

Additional Fall Cyber Fest Tracks:

Why Register?

  • Expert-Led Sessions
  • Flexible Attendance (Attend live or watch on your own time!)
  • On-Demand Access (Revisit sessions at your convenience!)
  • Connect with Industry Leaders
  • Build Your Professional Network
  • Exclusive Insights
  • Earn CPE Credits

SANS Slack

  • Get connected with our event chairs, guest speakers, and fellow attendees for our 2024 events --> GET CONNECTED

Detection and Response.jpg

Sponsors

Logo-main- black.pngCardinalOps-logo_(1).pngHorizontal Logo - Dark - Blue Swoosh.pngExtraHop Networks logoLogo_dark_RGB_(1).jpgOkta_New_Logo_Black.pnglogo-permiso-light.svgPrelude_Digital Logo.pngsophos logosysdig_logo-black_with_tagline.png

Agenda | November 7, 2024 | 8:30AM - 5:15PM ET

Register now for a cannot miss event!

Timeline (EDT)
Session Details

8:30 AM

Welcome & Opening Remarks

Megan Roddie, Co-Author, SANS Institute & Sr. Security Engineer, Datadog

8:40 AM

Session One | Evolving Detection Strategies: Leveraging Incident Response Lessons to Strengthen Security

As cyberattacks grow in sophistication, security teams must constantly evolve their detection and response capabilities to stay ahead of adversaries. In this webinar, we’ll explore how lessons learned from real-world incident responses can significantly inform and enhance detection strategies, ultimately improving an organization's resilience to modern threats. Drawing on recent case studies, we’ll discuss how a proactive, dynamic approach to detection engineering—combined with insights gained from incident response—can lead to more robust detection mechanisms. This session will focus on the intersection of detection and response, highlighting the importance of adapting detection methods based on the tactics, techniques, and procedures (TTPs) observed during incidents.

Spencer Brown, Senior Sales Engineer, Sophos

9:20 AM

Session Two | Sysdig Title Coming Soon!

Session Details Coming Soon!

Speaker coming Soon!

10:00 AM

Break

10:15 AM

Session Three | How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across Environments

Advanced threat actors are compromising the identity infrastructure of some of the largest organizations in the world with ease. Upon gaining access to the identity provider, they are able to move laterally into Iaas, PaaS, and SaaS environments and steal data - all in the course of 2-3 days.

Join Ian Ahl, SVP of P0 labs and former Head of Advanced Practices at Mandiant, as he shares knowledge stemming from responding to hundreds of breaches in his career. Ian will walk through how advanced threat groups target human and non-human identities for compromise, how they maintain persistence in environments, and provide some tips for detecting suspicious and malicious activity in identity providers, cloud service provides, and SaaS applications. He’ll also provide actionable steps security teams can take to prevent breaches or know about them as quickly as possible.

Ian Ahl, Sr. Vice President, Permiso P0 Labs

10:45 AM

Session Four | Detection Engineering: Streamlined

Let's face it: IOC-based alerting just isn't cutting it anymore and falls short, creating high alert volume noise and inefficient workflows. Using the ALPHV & Black Cat ransomware group as a case study, we'll reimagine David Bianco's Pyramid of Pain, demonstrating how to normalize data, utilize noisy signals, and incorporate adversary TTPs for actionable alerts.

This session will demonstrate how Anvilogic can help you:

- Establish a strong detection program foundation with data hygiene
- Achieve rapid detection coverage in days, not months - Develop better, reusable detections using the Detection Engineering Framework
- Automate maintenance, tuning, and health monitoring for hundreds of detections

Join us to revolutionize your threat detection process and enhance your SOC's efficiency and effectiveness.

Alex Hurtado, Senior Project Manager, Anvilogic

11:15 AM

Session Five | Fool Me Once: The New Face of Deception and How DNS Can Help

In today’s fast-evolving tech world, distinguishing truth from deception is tough, leaving users as the most vulnerable link. Attackers are capitalizing on high-stress situations and leveraging events like the Crowdstrike outages to create convincing traps. This talk will scrutinize how these deceptive tactics play out in real-world scenarios and why they’re more dangerous than ever. We’ll look at specific examples and explore how DNS provides a critical layer of defense against these threats. Lastly, you’ll learn about recent trends seen on DNSFilter’s own network which resolves over 130 Billion DNS queries daily.

Brian Gilstrap, Associate Sales Engineer, DNSFilter

11:45 AM

Break

12:00 PM

Session Six | Keynote Session: Days of Future Past: The Impacts of GenAl on Cybersecurity

Join Rob Lee for an in-depth, hour-long, thought-provoking session on Generative AI and how it is re-shaping cybersecurity and the professionals within it. You'll learn:• GenAl’s Cybersecurity Impact: GenAl is reshaping cybersecurity, creating both challenges and opportunities, especially in nation-state strategies like disinformation and cybercrime.• Evolving Cyber Tactics: Organizations must adapt their defensive and offensive strategies to keep pace with GenAI-driven changes.• Essential Up-skilling: Cybersecurity professionals need to up-skill to harness GenAl’s potential while addressing its new vulnerabilities.

Rob Lee, Chief of Research and Head of Faculty, SANS Institute

12:50 PM

Afternoon Kick-off

Megan Roddie, Co-Author, SANS Institute & Sr. Security Engineer, Datadog

1:00 PM

Session Seven | Level Up Existing Cybersecurity Defenses with Sophos MDR

Cybercriminals don’t break in; they log in. And they make a lot of noise.

To avoid being blocked, today’s active adversaries increasingly deploy stealth tactics, exploiting unpatched vulnerabilities, leveraging stolen credentials, and outsmarting commonly used IT security tools.

The solution? Round-the-clock detection and protection. But faced with hundreds of daily security alerts, many organizations using the Microsoft Security suite lack the time and in-house expertise to make the most of its multi-product capabilities.

To counter advanced ransomware attacks and breaches, consider integrating Sophos MDR for Microsoft Defender. It not only consolidates all security events into a single dashboard, but it also extends protection 24/7 with human-led detection and response. It’s perfect for when IT teams are understaffed or off the clock. Join this session to discover cost-effective ways to fortify your Microsoft defenses and regain some well-deserved peace of mind.

Spencer Brown, Senior Sales Engineer, Sophos

1:20 PM

Session Eight | Sysdig Tech Talk Title Coming Soon!

Session Details Coming Soon!

Speaker Coming Soon!

1:40 PM

Session Nine | Overcoming Technology Gaps of Traditional Purple Teaming

Purple teams play an essential role in identifying the weaknesses of our defenses. A manual and labor-intensive process, traditional purple team exercises often take significant time and can be limited in their scope. By breaking down techniques into discrete parts, we can more efficiently and effectively evaluate security controls’ failure points at scale. During this session, Prelude will explore a practical application of its Detect platform to simulate the techniques exhibited by common threats and evaluate defenses against expected results to quickly identify gaps in controls and understand: - Has our defensive technology captured and observed the raw telemetry of malicious events? - Have we created detections that can appropriately classify and alert security operations teams that these events are malicious? - Are we so confident in our detection logic so as to enable our tools to act autonomously and prevent those events in the future?

Matt Hand, Director of Security Research, Prelude Security

2:10 PM

Session Ten | CardinalOps Session Details Coming Soon

Session Details Coming Soon!

Jay Lillie, VP Customer Success for CardinalOps

Dr. Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud

2:40 PM

Break

2:55 PM

Session Eleven | Your Secret Weapon for Detecting and Stopping Threats Faster: Your Decrypted Network Data

How do you find new and unknown threats lurking in your network? With attack surfaces expanding and becoming more complex, especially with infrastructures that are spread across multiple cloud and on-premise environments, you need full visibility and real-time access.

Join ExtraHop’s Jamie Moles as he showcases how decrypted network data can be your secret weapon to detect new threats and stop them faster. You’ll learn:

-The limitations of EDR and SIEM based data for threat hunting.
-How decrypting and analyzing network traffic can give your SOC the edge on detecting and stopping new emerging threats.
-Tips to hunt further and deeper with network analytics
- leveraging decrypting and decoding network protocols to spot bad actors as they move laterally, east/west across your environment.

Jamie Moles, Senior Manager, Technical Marketing, Extrahop

3:25 PM

Session Twelve | Session Details Coming Soon!

Session Details Coming Soon!

Speaker Coming Soon!

3:55 PM

Session Thirteen | Session Details Coming Soon!

Session Details Coming Soon!

Speaker Coming Soon!

4:25 PM

Detection & Response Panel

Panel Abstract Coming Soon!

Moderator:
Megan Roddie, Co-Author, SANS Institute & Sr. Security Engineer, Datadog

Panelist:
Brittany Deaton, Senior Sales Engineer - MDR, Sophos

5:05 PM

Closing Remarks

Megan Roddie, Co-Author, SANS Institute