10:00 - 10:15 AM ET
Welcome & Introduction
|10:15 - 10:50 AM ET|
Identifying and Leveraging DNS Abuse with DomainTools Iris
Taylor Wilkes-Pierce, Senior Sales Engineer, DomainTools
|10:50 - 11:25 AM ET|
Ransomware Under Review: Leveraging Cloud Investigations when data is the hostage
In 2020, criminals took ransomware from a relatively simple crime that kicks off in an email message to a complex threat that originates – and deploys – in the cloud. This radical change demands a new approach to digital forensics and how we use vast amounts of cloud-based data, logs, and other clues to analyze and understand these dangerous, expensive attacks. In Ransomware under review: Leveraging cloud investigations when data is the hostage, join Keith Manville, Cisco’s own security architect, as he explores how cloud-based ransomware attacks happen today -- and the data needed to understand them.
Keith Manville, Technical Solutions Architect, Cisco Umbrella
|11:25 AM - 12:00 PM ET|
Threat Intelligence in the Mobile Space
Have you ever wondered what the mobile threat landscape looks like through the eyes of a research lab from a cybersecurity company with hundreds of millions of sensors? This talk will provide a glimpse into what we see on a day-to-day basis. From your usual spear-phishing, password stealers and even ransomware on mobile to complex APTs, detection evasion, and APT C2 servers.
Alex Jay Balan, Security Research Director, Bitdefender
12:00 - 12:10 PM ET
|12:10 - 12:50 PM ET|
Digital Forensics and the Enterprise Cloud: A Panel Discussion
The cloud: enterprise data is inevitably headed there. In fact, 81% of enterprises have at least one application or a segment of their computing infrastructure in the cloud today compared to only 51% ten years ago.
Join us as we delve into a panel discussion about the cloud and its role in digital forensics. Our panel of cloud experts will share their thoughts about:
Jessica Hyde, Director of Forensics, Magnet Forensics
|12:50 - 1:00 PM ET|
|1:00 - 1:35 PM ET|
Hunting Advanced Threats with Forensic Analysis
As threat actors and their attack methods become increasingly intricate, the demand for more sophisticated threat-hunting and analysis tools has increased.
Join this session to see how Devo Security Operations enable analysts to expedite the investigation and analysis of suspicious IOCs and help mitigate the risk advanced threats pose to your organization.
Jason Mical, Global Cybersecurity Evangelist, Devo
|1:35 - 2:10 PM ET|
Exploiting NDR to Cultivate Decision Advantage
As defenders, we deploy or develop a number of policies, procedures, tools and technologies to support our risk management strategy while struggling to maintain situational awareness. The regular outputs of detection and response activities rarely cross functional boundaries and result in missed opportunities to translate learnings into institutional memory. With an ever-evolving threat landscape, including the transformation to a hybrid work model; the power of decision and ultimately Decision Advantage is the most valuable tool in cyber-defense. In this talk, Bernard Brantley will discuss the exploitation of data-centric NDR as the coalescence point for tactical and operational outputs and, as a pathway to cultivating strategic decision advantage.
Bernard Brantley, CISO, Corelight
|2:10 - 2:45 PM ET|
Exploring Incident Response: Four Common Mistakes
Responding to a critical cyber incident can be an incredibly stressful and intense time. While nothing can fully alleviate the pressure of dealing with an attack, understanding these key tips from incident response experts will help give your team advantages when defending your organization. In this session, you will hear about the biggest lessons everyone should learn when it comes to responding to cybersecurity incidents, with practical advice from real-world experts who have who have responded to thousands of cybersecurity incidents.
Seth Geftic, Director, Endpoint Security Group, Sophos
2:45 - 3:00 PM ET
|3:00 - 3:35 PM ET|
Conducting Modern Digital Investigations in a Remote Workforce
COVID-19 forced many businesses to new work-from-home models, complicating the task of corporate investigators to investigate employee devices for evidence of insider threat, HR issues, or other internal investigations. Traditional endpoints have hardware limitations, and processing extreme volumes of evidence can cause unwanted delay. Investigators can now push evidence to the cloud for quick, efficient processing, alleviating the need for numerous forensic workstations. Learn how to process digital evidence, both on-prem and in the cloud, for complete and accurate findings.
James Kritselis, Senior Solutions Consultant, OpenText
3:35 - 4:10 PM ET
Death, Taxes, & Ransomware: Make the Inevitable, Avoidable
With all the recent headlines, it seems the risk of ransomware has become an added certainty to the daily lives of Cybersecurity personnel. Adversaries are automating the initial stages of the cyber attack lifecycle in order to identify the best bang for their buck. How do organizations with limited resources even keep up? Adding another tool to the defensive stack just isn't enough. How do you know it will reliably stand up against an actual threat? In this session, I will speak to specific techniques in identifying ransomware threats at different layers of the defensive stack that will help reduce risk & impact. Finally, we leverage the Pentera platform to automate a holistic view, emulating actual attacks to measure the resilience of all our efforts.
Arif Khan, Senior Director, NA Technical Services, Pentera
4:10 - 4:45 PM ET
Buff Your Cloud Game
Data is moving to the cloud at exponential rates and where data goes, cyber attackers follow. With this uptick in cloud-based attacks, incident responders need to conduct cloud forensics more frequently. But cloud breaches are hard. And a thorough investigation requires cloud data in addition to host-based data for full contextual awareness. Join James Campbell and Al Carchrie, life-long digital forensics incident responders with decades of experience fighting sophisticated state-based hackers and cybercrime groups. In this session, you’ll learn how to marry traditional host-based forensics with cloud data to buff your cloud game.
|4:45 - 5:00 PM ET|
Mari DeGrazia, SANS Certified Instructor