Cyber Threat Intelligence Summit Solutions Track 2024

9:20 - 9:35 AM

Welcome & Opening Remarks

Ismael Valenzuela, Senior Instructor, SANS Institute

9:35 - 10:10 AM

Nowhere to Hide: Detect, Disrupt, and Defeat Modern Adversaries

Today’s increasingly fast and elusive threat actors employ tradecraft that too often bypasses both legacy and modern security defenses. To beat these adversaries at their game, threat intelligence must do more than understand the threats they face-- they must rapidly action threat hunters to disrupt and stop them.Counter Adversary Operations is a new model that integrates threat intelligence, threat hunting and dark web monitoring to place critical insight into the hands of teams on the front lines. In this presentation, we will discuss how CrowdStrike prepares organizations to implement this model and detect, disrupt and stop today’s sophisticated adversaries in their tracks.

Matthew Miller, Sr. Manager, Falcon Elite, CrowdStrike

10:10 - 10:45 AM

Unmasking Cyber Threats: Navigating Social Engineering Threats and the Trust Economy

In an era where the digital landscape is filled with risks, join us for an illuminating discussion on the escalating challenges posed by social engineering threats and fraud. As we delve into the intricacies of the trust economy, essential for digital transactions and social interactions, our experts will share actionable insights to help fortify your cyber defenses. Key Highlights: Understanding Social Engineering Threats: Explore the evolving tactics employed by threat actors to manipulate trust in the digital world. Uncover the latest trends and techniques used in social engineering attacks. Fraud in the Trust Economy: Delve into the world of cyber fraud within the trust economy. Gain insights into prevalent scams, fraudulent schemes, and how cybercriminals exploit trust for financial gain. Actionable Defenses: Learn practical strategies to enhance your cybersecurity defenses against social engineering threats and fraud. Discover proactive measures to safeguard your digital assets and personal information.

Sherrod DeGrippo, Director of Threat Intelligence Strategy, Microsoft

Sally Nguyen, Principal Security Engineering Manager, Microsoft

10:45 - 11:05 AM

Break

11:05 - 11:40 AM

How Central Agencies and Regulators Participate in the Operational Aspect of Cyber Threat Intelligence

Regulatory authorities and central agencies are pivotal in shaping the strategic aspect of Cyber Threat intelligence practices and have recently assumed an operational role. This presentation aims to dive deeper into how central agencies and regulators participate in the operational aspect of CTI, influencing its strategic direction. The discussion will explore the impact of geopolitical factors, long-term trends, automation and threat vectors on supporting central agencies or regulators in this context.

Sami Ayyash, Threat Intelligence Engineer, ThreatQuotient Inc

11:40 AM - 12:15 PM

Evolving your CTI function from a Promise Based Approach to an Evidence Based Approach Using Intel Requirements

Join this session to learn about why intelligence requirements are important, and some high level tradecraft about how to implement them. This session focuses on using intelligence requirements as a tool to justify the existence of the CTI program. We will demonstrate some ways to create and communicate both qualitative and quantitative value to internal intelligence customers (SOC, IR, Hunt, Vuln, Leadership, etc).

Andy Pendergast, EVP of Product, ThreatConnect

Toby Bussa, ThreatConnect

12:15 - 12:50 PM

CISO to Threat Hunter: How to Defend Enterprise Networks in Realtime with Threat Intel

It’s March 2021. The HAFNIUM group is targeting Microsoft Exchange. As a CISO, I get insider information on exposed servers around the state of Maryland with web shell back doors dropped by the attacker. Am I impacted? I have threat intel, but what do I do with it? CISOs struggle to weaponize threat intel against the adversary. Learn from real-world experience how a CISO can become a CTI analyst, define priority intelligence requirements (PIRs) at a 10-employee or 100,000-employee organization, and immediately hunt and block adversaries using AI-powered tools. Discover how to give your C-level executives relief before they read the next “cyber attack exploit” headline.

John Bruns, CISO, Anomali

12:50 - 1:10 PM

Break

1:10 - 1:45 PM

Strategic Prioritization: Applying Vulnerability Intelligence to CVSS and SSVC Frameworks

In this presentation, we will explore the intersection of vulnerability intelligence and prioritization frameworks such as CVSS and SSVC as a means for strategically and rapidly prioritizing vulnerabilities to stay ahead of exploitation risks. We will delve into the process of applying real-time threat intelligence tailored to the vulnerability landscape to enhance decision-making, optimize resource allocation, and ensure a precise and proactive defense against cyber threats.

Adam Dudley, Director of Strategic Initiatives, Nucleus Security

1:45 - 2:20 PM

From Malware to Mastery: Ahead of the External Threat Feeds

Join us to explore the essential shift from relying on external threat feeds to implementing tailored in-house malware analysis. This webinar focuses on how specific malware tracking and analysis give your organization a more relevant and proactive cybersecurity stance. We'll showcase a live analysis of a prevalent malware family, illustrating the process of extracting targeted threat intelligence. This hands-on demonstration will highlight the importance of understanding malware relevant to your industry, moving beyond the limitations of generic external intelligence. Moreover, the session will underscore the importance of comprehending the interplay between threat actors and their chosen malware. We'll discuss how focusing on the collection and analysis of specific malware families relevant to your sector can enhance future-oriented analytical assessments.

Fatih Akar, Security Product Manager, VMRay

Ertu Kara, Senior Product Marketing Manager, VMRay

2:20 - 2:55 PM

Decoding Threat Actors: Emotions in Cyberspace

Given the amount of intelligence available and the AI tool boom, how can cyber security teams use these innovations to their advantage? This presentation focuses on using AI to your advantage for threat actor mapping and mitigation. We will walk through a case study using one of the latest cyber attacks, asking Recorded Future AI for assistance throughout.

Kathleen Kuczma, Sales Engineer and Technical Marketing Manager, Recorded Future

2:55 - 3:10 PM

Break

3:10 - 3:45 PM

Tendrils in the Mist: Criminally Aligned Hosting Networks Seeking Legitimacy in the West

In a world complicated by sanctions and aggressive law enforcement, marked by a rise in malware-as-a-service offerings, demand for resilient hosting in the criminal underground is as high as ever. Today’s threat analysts are adept at analyzing criminal conspiracies with a cross-discipline approach, blending network indicators and endpoint analysis. How do illicit hosting providers fill this need while not looking immediately suspicious when they come on the internet? This presentation describes how Eastern European hosting operations emerge, seek offshore cover in Western countries, and provide services to criminal services operators. We additionally discuss tools and processes that are useful for tracking and combating these networks in our own intelligence programs.

Darren Spruell, Chief Intelligence Officer, InQuest

3:45-4:00 PM

Closing Remarks

Ismael Valenzuela, Senior Instructor, SANS Institute