Cyber Solutions Fest 2023: Threat Hunting & Intelligence

Going from responding to incidents to actively hunting threats is a stance shift that requires maturity in your cybersecurity journey. It also requires having access to the right threat intelligence, the right visibility across your environment, as well as the right tools to do the job.

Advances in data science and artificial intelligence can help organizations bridge the maturity gap, but we shouldn’t forget that it’s ultimately a human with financial or geopolitical interests who’s behind these attacks. Also the same technology is available to both sides, and just as quickly as new models become more effective at threat detection, malicious actors grow more capable at confusing those models.

Likewise, organizations now have access to threat intelligence sources through various vendors and platforms. Yet many are not necessarily seeing all the value threat intelligence can bring because they don't understand how to operationalize it or they are not taking advance of the tools that can help them automate and accelerate their threat-hunting programs.

At the same time many security practitioners still struggle with the basics, the three big “knows” that every organization should focus on: knowing your enemy, knowing your network, and knowing your tools. Why? In many cases they are too busy responding to alerts and false positives to do what's needed for a threat-hunting program to be successful.

What should organizations do in 2023 to take a more proactive stance, operationalize threat intelligence and focus on maturing their threat hunting program?

Join Ismael Valenzuela, SANS author and Senior instructor for the 2023 Cyber Solutions Fest - Threat Hunting and Intelligence Track, and hear talks on:

  • Enriching alerts with threat intelligence
  • Utilizing XDR and MDR services to help accelerate your threat-hunting program
  • Operationalizing threat intelligence
  • Automating threat hunting tasks with XDR, NDR, and threat intelligence solutions
  • Identifying the most actionable intelligence for the organization

Join in on the action! Connect with fellow attendees and our event chairs in the SANS Solutions Forum Interactive Slack Workspace. Sign in once and you'll be all set for the rest our of 2023 Solutions Forums. We'll see you there!

To view the full agenda for the Threat Hunting & Intelligence Track, please scroll down! Take note of your most anticipated presentations and favorite speakers below. Pro tip: You can visit our landing page to register for more than one track to truly take your cybersecurity skills to the next level!


Platinum Sponsors


Gold Sponsors

Palo_Alto_Networks.pngreversing-labs.pngVMRay Logo - Dark Blue

Silver Sponsors

Cisco_Umbrella_Transparent.pngCyborg Security Logo

Event Platinum Sponsors

Anomali-logo_lion-wordmark_RGB-color.pngCorelight_Transparent.pngEclypsium_Logo_Full_Color.pngendace_vert_logotagline-black-padding[34].pngPalo_Alto_Networks.pngsophos logosysdig_logo-black_with_tagline.png

Agenda | October 27, 2023 | 8:30 AM - 3:00 PM EDT

Timeline (EDT)
Session Details

8:30 AM

Welcome & Opening Remarks

Ismael Valenzuela, Senior Instructor, SANS Institute

8:40 AM

Session One | The Expanding Role of Generative AI in Accelerating  SOC Performance

GPT has become pervasive as an enabling technology. In this presentation, Anomali President Hugh Njemanze will discuss the adoption and implementation of GPT technology as a core driver of cybersecurity, what results have been delivered to date, and where this market is likely headed. In this webinar, Hugh will cover: -How GPT can be used to optimize your cybersecurity stack -The role of GPT in accelerating SOC performance and what can be done with the added visibility -Real-world examples of GPT in enabling SEC reporting compliance, and how this can be leveraged across other use cases.

Hugh Njemanze, President, Anomali

Erick Ingleby, VP of Product Management, Anomali

9:20 AM

Session Two| Operationalizing Threat Intelligence, why intel belongs in the sensor and the SIEM?

This 40-minute talk explores the essential role of threat intelligence in cybersecurity, emphasizing its integration into both network sensors and Security Information and Event Management (SIEM) systems. Topics include understanding threat intelligence, improving real-time detection with sensors, maximizing SIEM efficiency, operationalization strategies, practical insights, and building a resilient cybersecurity strategy. Real-world examples and best practices will illustrate how organizations can proactively defend against cyber threats, reduce response times, and strengthen their security posture through the strategic use of threat intelligence on sensors and SIEMs. Don't miss this opportunity to enhance your cybersecurity framework with evidence-based, intelligence-driven decision-making.

James Lagermann, Director of Technical Alliances, Corelight

10:00 AM

Session Three | Bridging the Gap: Infostealer Intelligence for the Analytical CTI Teams

Infostealer malware strains, including Amadey, RedLine, and Agent Tesla, have emerged as alarming threats in recent years, bolstered by underground markets and their tricky capabilities. The continual evolution of these threats have emphasized the critical need for context-rich, tailored threat intelligence to assist CTI teams. VMRay integrates with The Vertex Project, a central intelligence system designed for analytical teams, to shed light on strategies and insights essential for today's growing infostealer landscape.

In this collaborative session, our deep dive will illuminate how sandboxing outputs can be transformed into the most actionable intelligence, so that organizations can anticipate, understand, and act on threats with unmatched precision.

Join our session as we guide you through strategies to counter the infostealer onslaught effectively.

  • Current Infostealer Trends: Stay updated on the evolving behaviors and tactics of leading infostealers, ensuring you're not caught off guard.
  • From Data to Decisions: Learn how an analytical approach to sandboxing outputs can be a game-changer for CTI teams.

  • Synergy in Action: Experience the combined strength of VMRay TotalInsight and The Vertex Project's Synapse in enhancing threat intelligence and response strategies.

Fatih Akar, Security Product Manager, VMRay

Visi Stark, Co-Founder, The Vertex Project

10:30 AM


10:45 AM

Session Four | Bonus Session with Palo Alto Principal Consultant, Incident Response, and SANS Sr Instructor Ryan Chapman

Ryan Chapman, Principal Consultant, Incident Response, Palo Alto Networks

11:15 AM

Session Five | Upping the Ante: Threat Actors are Eying your Software Supply Chain

As defenders have improved and the threat landscape has evolved, threat actors have turned their attention towards software supply chains. This emerging threat category includes attacks against open source and third-party libraries, infrastructure compromise, and the leak of sensitive secrets like signing certificates. SSC incidents are commonly misunderstood and undetectable until after a breach has already occurred. This talk details recent major software supply chain threats identified by ReversingLabs Threat Research teams, breaking them into vectors, common SSC TTPs, and mitigation strategies for this threat category.

Ashlee Benge, Director of Threat Intelligence, Reversing Labs

11:45 AM


12:00 PM

Session Six | Keynote Session: Unraveling the Security Web: A Unified Approach to Threat Intelligence, Incident Response, Cloud Security and Security Architecture

In today's fast-paced and evolving threat landscape, a holistic and adaptive approach to cybersecurity has never been more crucial. Join us for an extraordinary keynote panel discussion featuring some of the most renowned experts in the industry: Ashish Rajan, Lesley Carhart, Chris Cochran, and Ron Eddings. These cybersecurity advocates will explore the interconnected nature of threat intelligence, threat hunting and incident response (IR), cloud security, and security architecture in building a robust and resilient security ecosystem.

Throughout this panel discussion, our experts will connect the dots between the four essential pillars of cybersecurity: threat intelligence, threat hunting/IR, offensive security, and security architecture/solutions. They will share their experiences, knowledge, and vision to empower you and your organization to navigate the complexities of the cybersecurity landscape and stay ahead of emerging threats.

Take advantage of this exceptional opportunity to learn from the best in the industry and unlock the potential of a unified approach to cybersecurity. Register now and join us in this engaging and enlightening conversation that will undoubtedly reshape your understanding of cybersecurity unity!

Speakers:Ashish Rajan, Host, Cloud Security Podcast
Chris Cochran, Co-Founder of Hacker Valley Media and Advisory CISO at Huntress
Lesley Carhart, Director of ICS Cybersecurity North America, Dragos
Ron Eddings, Co-Founder and Host of Hacker Valley Media

1:00 PM

Afternoon Kick-off

Ismael Valenzuela, Senior Instructor, SANS Institute

1:10 PM

Session Seven | Unseen Dangers: Navigating the Cybersecurity Risks of Dark Data

In today’s cyber landscape, dark data has emerged as an intricate challenge, accentuated by the untapped potential of threat intelligence. While copious amounts of threat intelligence are at organizations’ disposal, many find themselves ill-equipped with the security tools needed to harness this vital information, relegating essential insights to the realm of dark data. Though promising, modern tools like Endpoint Detection and Response (EDR) systems and extensive network flow data sources present a financial hurdle for many enterprises. This often results in the formation of new dark data silos, as these vital data streams remain isolated and unanalyzed. The challenge is further intensified by projections suggesting that by 2025, data volumes will double every 12 hours. In such a rapidly evolving environment, AI emerges not merely as a tool but a necessity to monitor, analyze, and respond to this impending reality.

Attending this presentation, participants will delve into key advancements in technology that empower organizations to embark on threat hunting within the vast expanses of dark data. Furthermore, attendees will benefit from invaluable insights drawn from real-world experiences, shedding light on practical applications, challenges faced, and strategies employed by industry veterans. As we transition into this data-driven future, it's paramount for organizations to comprehend the confluence of threat intelligence, dark data, and AI.

Join us to navigate this evolving landscape and harness the intelligence wave while mitigating the expansive shadows of dark data silos.

Erick Ingleby, VP of Product Management, Anomali

1:30 PM

Session Eight | You got EDR in my NDR: Why chocolate and peanut butter really do go better together!

Learn how to use EDR and Corelight to ingest data and prioritize attacks on vulnerable systems to improve your vulnerability management program, and quickly hunt through EDR and NDR enriched logs with valuable insights from the Corelight Entity collection.

James Schweitzer, Director of Sales Engineers, Corelight

1:50 PM


2:05 PM

Threat Hunting & Intelligence Panel | Threat Hunting Today: AI's Role, Organizational Readiness, and the Path to Cyber Resilience

In a rapidly evolving world, proactive threat hunting continues to play a pivotal role in pre-incident preparedness. But how can organizations overcome the lack of speed and agility before and during an incident due to the large scope and scale of information, and the complexity of modern hybrid environments?

Join our distinguished panel of experts, chaired by SANS Senior Instructor Ismael Valenzuela, for a practical discussion on relevant topics like:

  • Pre-Incident Cyber Preparedness: We'll discuss strategies and tactics that fortify an organization's defenses before an attack, and how these activities contribute to cyber resilience, from network instrumentation to ready-to-go playbook and threat hunts to setting the right expectations with relevant stakeholders.
  • AI and Threat Hunting: As artificial intelligence progresses, its applications in threat hunting open a new realm of possibilities. We will dissect how AI can augment threat hunting both before and during an incident, allowing organizations to stay one step ahead.
  • Strategic Response During an Attack: Speed and accuracy are of the essence in the midst of an incident. We'll delve into the tactics that ensure a swift response, harnessing threat hunting capabilities to be able to match attackers' speed during an incident, rooting them out whilst assuring the business continues to operate.

Ismael Valenzuela, Senior Instructor, SANS Institute

Steve Benton, VP of Threat Research, Anomali

Ali Haidar, Chief Adoption Officer, Anomali

James Schweitzer, Director of Sales Engineers, Corelight

James Lagermann, Director of Technical Alliances, Corelight

2:50 PM

Closing Remarks

Ismael Valenzuela, Senior Instructor, SANS Institute