Cyber Solutions Fest 2023: Ransomware

Thursday, 26 Oct 2023 10:30AM EDT (26 Oct 2023 14:30 UTC)
Speaker: Matt Bromiley

There is likely no cyber threat that can cause as much panic, chaos, and concern amongst cybersecurity professionals as ransomware. Causing widespread damage and disruption to organizations of all sizes, ransomware is here to stay. It remains a profitable business for even the most inexperienced adversaries and has created a multi-billion dollar industry that continues growing. In this forum, we bring together experts and industry leaders to discuss the latest developments and best practices in ransomware solutions and security.

Topics for this forum include:

* The impact of ransomware on organizations

* The importance of backup and recovery strategies as it pertains to a ransomware intrusion

* The role of advanced security technologies in mitigating the risk of a ransomware attack.

* Steps that organizations can take to prevent or minimize the impact of ransomware.

Please join us for 2023 SANS Cyber Solutions Fest, on October 26^th, for an action-packed, can't-miss session on all things ransomware. We hope to see you there!

Join in on the action! Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest our of 2023 Solutions Forums. We'll see you there!

To view the full agenda for the Ransomware Track, please scroll down! Take note of your most anticipated presentations and favorite speakers below. Pro tip: You can visit our landing page to register for more than one track to truly take your cybersecurity skills to the next level!

Login to Register

Platinum Sponsors

Gold Sponsors

Silver Sponsor

Event Platinum Sponsors

Agenda | October 26, 2023 | 10:30 AM - 4:45 PM EDT

Timeline (EDT)	Session Details
10:30 AM	Welcome & Opening Remarks Matt Bromiley, Certified Instructor, SANS Institute
10:40 AM	Session One \| The Future State of Ransomware Is Closer Than We Think Abstract Digital extortionists have learned how to continue to up the stakes by multiplying their leverage and reducing the time window of negotiation. Join Scott Scheferman, Office of the CTO at Eclypsium as he explores where they are headed, and ask the hard questions about what it will take to get ahead of them.In this session, we will cover: What is the future of digital extortion campaigns? What is the nature and magnitude of impacts associated with these? Where and how does firmware and device trust come into play here? How do organizations that have fully migrated to 3rd party cloud infrastructure and SaaS services, proactively mitigate risks in this new future? What can present-day research and attacker campaigns teach us about what is next to come? What is the next ‘North Star’ for us to aspire to? Is it still Zero Trust? Scott Scheferman, Principal Strategist, Eclypsium
11:20AM	Session Two \| Fighting Active Adversaries: Understanding the 2023 PaperCut Exploitation Campaign Ransomware actors are speeding up. The median dwell time in ransomware attacks is now just five days, down from nine days in 2022. With adversaries accelerating the execution of their attacks, defenders have less time to detect and stop them before files are encrypted. Join Sophos for an in-depth analysis of the 2023 PaperCut Print Manager exploitation campaign. They’ll dive into the tactics employed by threat actors and explore the significance of diligent post-incident review and the crucial need to monitor for malicious behavior. You’ll walk away with information that can help you make better decisions about how to deploy your limited resources to support corporate strategy while driving better protect your organization. Christopher Glick, Sophos
12:00PM	Break
12:15PM	Session Three \| Keynote Session You Are Enough: Mental Health Insights and Challenges in Cybersecurity Cybersecurity is a high-stress profession. Cybersecurity professionals are constantly under pressure to protect their organizations from cyberattacks, and they often work long hours in demanding conditions. This can lead to a variety of mental health challenges, including anxiety, burnout, and depression. During this session, we will explore the mental health challenges faced by cybersecurity professionals and discuss strategies for coping with these challenges. Megan Roddie and Amanda Berlin will share their personal experiences with mental health, as well as their professional insights on how to promote mental wellness in the cybersecurity workforce. This panel discussion will provide valuable insights for cybersecurity professionals who are struggling with mental health challenges. It will also provide guidance for organizations on how to create a supportive work environment that promotes mental wellness. Moderator: Danny Akacki, Business Operations Strategist, Trimarc Security Speakers: Amanda Berlin, CEO, Mental Health Hackers Megan Roddie, CFO, Mental Health Hackers Eric Lee, Chief Emotional Officer, Mental Health Hackers
1:15PM	Afternoon Kickoff Matt Bromiley, Certified Instructor, SANS Institute
1:25PM	Session Four \| Evolution of Threats: Analyzing Pre-Mortem Retrospective Lessons Security teams have taken great pains to improve their security posture, forcing attackers to evolve and adapt. Adversaries remain a potent threat by blending tried-and-true techniques with innovative new schemes. Palo Alto Networks Unit 42® is in the trenches daily, battling the latest and most complex attacks. Join us as we dissect a few common attack scenarios based on incident response engagements. Join us for an insightful session where we dissect common attack scenarios based on incident response engagements. We'll discuss the novel methods attackers used to worm their way past the victim's defenses. Then we'll dig into the controls that might have stopped these attacks in their various stages. Finally, we'll wrap up with what you can do to prevent your organization from ending up as the next incident response call. Kristopher Russo, Senior Threat Intel Researcher, Palo Alto Networks Unit 42
1:55PM	Session Five \| The Network: Cybersecurity’s Secret Weapon Against Ransomware In today's threat environment, the reality of ransomware is no longer 'if', it's 'when' you will experience an attack. Modern ransomware is incredibly sophisticated and many organizations haven't kept pace with adequate defenses against the attackers. Research from ExtraHop's 2023 Cyber Confidence Index shows that 85% of organizations have experienced a ransomware attack in the past five years. How can you best prepare for ransomware defense and recovery? Join us to learn how you can expose ransomware behavior within your network and reduce the blast radius helping to minimize damage and hasten recovery from an attack. Archana Ragothaman, Director of Sales Engineering, ExtraHop
2:25PM	Session Six \| Innovations in Sophos Endpoint Constant innovation that drives business value is at the heart of Sophos Endpoint. Join us to discover the latest enhancements that reduce cyber risk and accelerate strategic focus in our market-leading Sophos Intercept X Endpoint solution that protects Windows, macOS, and Linux systems against never-before seen ransomware, malware, phishing, web threats, and attacker-led behaviors. Sally Adam, Marketing Director, Sophos
2:45PM	Session Seven \| Trust Through Transparency: Finding Hidden Threats Through Integrity Verification When dealing with advanced threat actors compromising devices that cannot have standard security tools installed, or compromising firmware of devices, we are forced to use alternative techniques to establish trust in these devices. In this session, we will focus on ways to verify integrity in the firmware of equipment to expose any hidden threats. This technical session will focus on below-the-operating-system exploitation and how organizations can inspect, validate, and fortify against these sophisticated attacks. Adam Woydziak, Principal Engineer, Eclypsium
3:05PM	Break
3:20PM	Ransomware Panel \| Your Ransomware Wake-Up Call Threat actors aren’t playing around. We already know ransomware is a severe threat, escalating year after year. It keeps boards up at night, executives worried about breaches, and SOC analysts glued to their dashboards. However, despite everyone “taking it seriously,” ransomware ravages enterprise networks. Adversaries continue to refine their techniques, picking apart even the best-laid defenses.This is your wake-up call. This panel will analyze recent attacks, focusing on how adversaries have found success. We’ll look at what could have been done differently and perhaps even review areas for future prevention of attacks. We encourage our audience to contribute in this live panel, offering their thoughts and feedback in our Slack channel. Join us! Moderator: Matt Bromiley, Certified Instructor, SANS Institute Speakers: Jeremy Kopacko, Senior Channel Engineer, Sophos Scott Scheferman, Principal Strategist, Eclypsium
4:05PM	Session Eight \| Protective DNS Unleashed: A Ransomware Defense Strategy In today's ever-evolving threat landscape, securing your assets and infrastructure has become a formidable challenge. Traditional defense walls have fallen with rise on-the-go workforces and the relentless onslaught of cyber adversaries. But fear not, there's a beacon of hope—protective DNS. In this session, we'll break down the power of protective DNS as a pivotal element in safeguarding your business against ransomware and other insidious threats: Unmasking the Phishing Threat: How deceptive phishing tactics open the door to digital mayhem and how to spot them to keep your organization safe Multi-Layered Defense with DNS Filtering: Discover why the DNS layer is your first line of defense and how it can safeguard your assets and infrastructure from ransomware attacks DNS-Based Threat Intelligence: The importance of purpose-built intelligence can be used to better detect and prevent zero-day DNS-based threats before they strike Compliance and Security Frameworks: Protective DNS isn't just a nice-to-have; it's increasingly essential for staying compliant with big cybersecurity standards like ISO 27001, CMMC, and NIST Carl Levine, Manager, Sales Engineering, DNSFilter
4:35PM	Closing Remarks Matt Bromiley, Certified Instructor, SANS Institute

Related Content

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024

Cyber Defense, Digital Forensics, Incident Response & Threat Hunting, Industrial Control Systems Security, Penetration Testing and Red Teaming

January 29, 2024

A Visual Summary of SANS CTI Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS CTI Summit 2024

Cybersecurity Insights, Digital Forensics, Incident Response & Threat Hunting, Cyber Defense, Cloud Security, Open-Source Intelligence (OSINT), Cybersecurity Leadership, Security Awareness, Artificial Intelligence (AI)

December 18, 2023

Top 15 SANS Summit Talks of 2023

This year, SANS hosted 16 Summits with 209 talks. Here were the top-rated talks of the year.