Thank You To Our Sponsors
Full Agenda
| Timeline (EDT) | Session Details |
|---|---|
| 10:00am - 10:10am | Event Kickoff & Introduction Jason Jordaan, Event Chairperson & SANS Principal Instructor |
| 10:10am - 10:45am | Level Up Player One! - Use of AI technology for accelerating alert summarization and context generation This talk explores the integration of artificial intelligence (AI) models, particularly Chat and Completion Large Language Models (LLMs) like GPT-4 from OpenAI, with the open-source network monitoring tools of Zeek and Suricata. Supported by our extensive testing, this talk focuses on the potential benefits of using these seemingly disparate technologies together to aid in the triage and response of security alerts. It identifies three key areas where AI integration with network monitoring tools demonstrate promise: generating natural language summaries to better understand Suricata alerts, providing additional metadata for security alert categorization (e.g. Mitre ATT&CK coverage) and summarizing Zeek-generated data into supporting context. The talk will also look at some of the limitations encountered, including utilizing AI for creation of network detections. Overall, the talk underscores the potential and challenges of integrating AI models with network monitoring tools such as Zeek and Suricata, with the aim of lowering the barrier of entry to broader use of these powerful tools by more analysts. Vincent Stoffer, Senior Director of Product Management at Corelight |
| 10:45am - 11:20am | Agentless Source of Truth: Using Your Network to Identify and Investigate System Intrusions It’s no secret that intrusions and system compromises don’t happen in a bubble. While EDR, IDS, Firewalls, DLP, and the Zero Trust framework all play a role in defending against bad actors, one important element is often missing from the lineup. The network itself. In this session, we'll discuss how your network telemetry can: - Power your forensic efforts to identify the true source of a system intrusion - Support your existing security tools to close the gaps in the security stack - Serve as a single source of truth for all of IT Rob Mathieson, Director, Public Sector Sales Engineering at ExtraHop |
| 11:20am - 11:55am | Identity Threat Protection and AI: A Sympatico Relationship Let’s Solve Our Identity Problems with Acronyms: AI and ITDR Edition Identity compromise continues to account for the vast majority of all breaches. In fact, 68% of all breaches involve the human element, whether through error, privilege misuse, stolen credentials, or social engineering, as highlighted in the 2024 Verizon Data Breach Investigations Report. AI-empowered ITDR (Identity Threat Detection and Response) can significantly enhance security efforts by cutting through the signal-to-noise ratio. This advanced technology brings high-value targets to the attention of security teams, enabling them to stop attacks before they become headline-grabbing breaches. In this session, we will delve into the symbiotic relationship between ITDR and AI, exploring how leading vendors leverage these technologies to create easily consumable and actionable intelligence. This approach not only increases security but also proactively stops breaches, ensuring a more robust defense against identity threats. Join us to learn how AI and ITDR can transform your security strategies and protect against evolving threats. Jeff Carpenter, Principal Product Marketing Manager at Delinea |
| 11:55am - 12:10pm | BREAK |
| 12:10pm - 12:45pm | Responding to Pikabot: Gotta Evade'em All This session focuses on evasion tactics of malware as exemplified by Pikabot – a loader adept at circumventing the latest EDR tools. Recently disrupted by "Operation Endgame," the largest-ever operation against the botnet ecosystem, Pikabot's novel techniques are likely to be adopted by other attackers. This webinar will delve into Pikabot's sophisticated use of indirect system calls and other evasion techniques that challenge traditional endpoint detection methods, as well as the delivery methods employed by attackers. Commonly delivered via phishing, and used by threat actors like TA577 to provide initial access to ransomware groups, this specific malware family is worth peeling back the layers for the DFIR community. Join us to learn about: - Pikabot's Evasion Tactics and Strategic Implications: Explore how Pikabot’s use of obfuscation and its employment of sophisticated evasion techniques complicates detection and impacts organizational security strategies, potentially undermining significant investments in endpoint protection. - Delivery Methods and Attack Vectors: Investigate the techniques used by attackers to deliver Pikabot, including phishing and other methods, and how these strategies were employed to target victims. - Evasion-Resistant Automated Malware Analysis: Examine the role of advanced automated analysis tools in scrutinizing and understanding incidents, enhancing the capabilities of DFIR teams to respond to sophisticated threats effectively. Emre Güler, Senior Threat Reseacher at VMRay |
| 12:45pm - 1:20pm | Reducing Third-Party Application Risks: Shifting Correctly "Shift Left" or "Shift Right"? Which approach truly tackles third-party application risks? If you’re grappling with these strategies but still facing gaps, our upcoming talk sheds light on effectively navigating these practices. We’ll delve into both security methodologies, highlighting where they might fall short. Through a series of case studies, attendees will explore how “Shifting Correctly” can introduce an added layer of security to address the risks associated with third-party applications. Join us and learn how to Shift Correctly today! Sasiel Saadon, Director of Engineering at Vorlon Mike Cioffi, VP of Customers at Vorlon |
| 1:20pm - 1:55pm | Session Details Coming Soon |
| 1:55pm - 2:05pm | Event Recap & Closing Remarks Jason Jordaan, Event Chairperson & SANS Principal Instructor |
.PNG "DFIR_ICON_(1).PNG"){kind=icon}
