Cyber Threat Intelligence Summit Solutions Track 2023

Now more than ever, decision makers need actionable and contextualized threat intelligence to increase cyber resilience and to enable mission or business objectives.

How can contextual threat intelligence (CTI) allow heads of cybersecurity departments, security strategists, CISOs, SOC managers, threat detection engineers, analysts, hunters, and responders, to make better strategic, operational, and tactical decisions? How can CTI allow organizations to become more cyber resilient, and increase their ability to anticipate, withstand, and recover from ever-shifting attack tactics?

Join us for the Cyber Threat Intelligence Summit Solutions Track 2023 as we explore practical answers to these questions through invited speakers while showcasing the state of the art of threat intelligence solutions and their capabilities. Presentations will focus on CTI case studies and thought leadership using specific examples relevant to the industry.



Anomali-logo_lion-wordmark_RGB-color.pngCS_Logo_2022_In-Line_All-Red_RGB.pngPRIMARY_LOGO_Dragos_Logo_RGB_Transparent.pngExtraHop Networks logoLogo_dark_RGB_(1).jpgInterpres_Full_Logo.pngLiveAction_logo.pngnozomi-networks-logo-color.pngRTF_Logo_2022_color_Tra.pngthreatconnect-signature.pngtq_main-logo-color.png

Agenda | January 31, 2023 | 10AM - 2PM ET



10:00 AM

Welcome & Opening Remarks

Ismael Valenzuela, SANS Senior Instructor & Subject Matter Expert

10:15 AM

Automation for Anticipation

Orchestration and automation have been part of the cybersecurity landscape for several years now. The goal of this presentation is to show how to move from a reactive posture based on orchestration to an anticipatory posture based on automation.

We will discuss the importance of using data to better anticipate risks. How to protect yourself from future threats through automated retrospective analysis, and thus bring better efficiency, time savings and better coordination of Security Operations teams according to your level of maturity. Learn from our past to better understand our future.

Christopher Jacob, Global VP of Threat Intelligence Engineering, ThreatQuotient

10:50 AM

Unique Challenges and Opportunities in OT Threat Hunting

Hunting for threats across the ICS/OT industries comes with unique challenges and constraints - from industry-specific regulations to information-sharing limitations, and from telemetry gaps to potentially no threat activity at all. So how do you make each threat hunt successful even if they don't yield major discoveries at the time?

Brian Warehime, Director of Intelligence Analysis, Dragos

11:25 AM


11:40 AM

Maximizing Your Threat Intelligence Capabilities with Passive DNS, Attacker Infrastructure Tracking, and Advanced Network Behavioral Analysis

Effective threat intelligence relies on the ability to gather and analyze a wide range of data, including passive DNS, attacker infrastructure, and network behavior. In this presentation, we will explore the various capabilities of Passive DNS, Attacker Infrastructure Tracking, and Advanced Network Behavioral Analysis and how they can be used to enhance an organization's security posture. We will delve into the details of these tools and techniques and examine real-life examples of their successful implementation. We will also discuss the importance of automated event correlation and response integrations and the challenges and considerations of encrypted traffic analysis. This presentation is a must-see if you are looking to stay ahead of evolving threats and enhance your threat intelligence capabilities.

Daniel Smallwood, Threat Researcher and Sales Engineer, LiveAction

12:15 PM

Closing the Gap: Chaining Together Existing Frameworks to Synchronize Intelligence and Defense Operations

Frameworks are handy, but only if they work together to achieve a desired outcome. As a CTI professional responsible for influencing the security posture of your organization, it is essential to be familiar with different industry frameworks and how to use them to close the gap between intelligence requirements, actor TTPs, and defender actions. Using a real-life threat actor group case study, this session will demonstrate how to chain together frameworks, including the Cyber General Intelligence Requirements, MITRE ATT&CK™, D3FEND™, and NIST Special Publication (SP) 800-53, to achieve consistent and reliable intelligence production that can be operationalized by stakeholders.

Michael DeBolt, Chief Intelligence Officer, Intel 471

12:50 PM

CTI Panel Topic: Operationalizing Threat Intelligence Across IT and OT Environments

Turning threat intelligence into something actionable is essential to realize the value of CTI. But how do we do that? What are the challenges we must be prepared to face, and how are many organizations overcoming them across both IT and OT environments? Join Patrick Arvidson, Chief Strategist/Evangelist of Interpres Security, and Sandeep Lota, Field CTO of Nozomi Networks, in this panel moderated by Ismael Valenzuela, SANS Author and Senior Instructor, as they discuss some of the building blocks that allow organizations to operationalize CTI and bring tangible improvements to their cyber defense programs.

Ismael Valenzuela, SANS Senior Instructor & Subject Matter Expert

Patrick Arvidson, Chief Strategy Officer, Interpres Security

Sandeep Lota, Field CTO, Nozomi Networks

1:35 PMBreak

1:45 PM

The Theory of Everything (CyberSecurity): A Unified Framework for Effectively Operationalizing Threat Intelligence

A common challenge organizations face when implementing threat intelligence is effectively operationalizing their investment across different functions such as vulnerability management, threat hunting and incident response. If not done properly, each of these teams may formulate different understandings of their threat landscape. This disconnect can lead to uncoordinated strategies, tactics and remediation delays. This presentation will offer a framework that enables organizations to visualize their threat landscape in a comprehensive and unified manner to ensure all teams see problems in the same way. We will outline how this framework can be applied to build a unified, coordinated cross-team workflow so you can quickly determine which actions to take and better defend your organization.

Jason Rivera, Senior Director, Strategic Threat Advisory Group, CrowdStrike

2:20 PM


Ismael Valenzuela, SANS Senior Instructor & Subject Matter Expert