Insider Threat, Phishing and Malware Solutions Track

  • Friday, 17 Jun 2022 10:00AM EDT (17 Jun 2022 14:00 UTC)
  • Speakers: Jake Williams, Manoj Srivastav, Armaan Mahbod, Jonathan Care, Jeremy Brown, Adam Tomeo, Eric Howard, Ryan Whelan, Dan Kaiser, Brian Coulson, Sally Vincent, Grant Asplund, Ritesh Agrawal, Mark Brozek, Deepen Desai, Jithin Nair

Phishing has been a leading entry vector for threat actors for more than a decade - and that's not showing any signs of slowing down. Phishing will continue to be a threat primarily because it is the vector used most often by threat actors to deploy malware, which somehow is still evading many of our defenses (seriously, how are we still talking about this?!). But as if that isn't already enough to worry about, the last several years have shown that insider threats are compounding the attack surface organizations must monitor for. After all, if data is exfiltrated, stakeholders won't really care whether that's the result of a malware or an insider (or malware deployed by an insider, oh my!). Attendees will be leave armed with knowledge about how to better tackle threats in their environments.

Ransomware Summit Solutions Track Webcast Type Graphic.png.png


Airgap_Logo.pngCheck Point LogoLogoLockup_Horz_RGB_Blue_190103.pngDevo.pngDTEX_NewLogo_Positive_RGB.pngLogo_Graphus_Horizontal_magenta.pngLogRhythm LogoPalo_Alto_Networks.pngSANS Security Awareness LogoZscaler_BrandAssets_LogoLockup_Blue.png

Agenda | Friday, June 17th | 10:00 AM - 4:15 PM EDT

All Times Shown in Eastern Daylight (EDT)



10:00 - 10:15 AM EDT

Welcome & Opening Remarks

Jake Williams, SANS Instructor & Subject Matter Expert

10:15 - 10:50 AM EDT

Leveraging AI to Enhance Your Email Security

Did you know that 90% of incidents that end in a data breach start with a phishing email?That’s why it is imperative to have strong defenses to withstand today’s sophisticated email threats, such as phishing. Phishing messages can be kept away from employees by leveraging advances in AI technology to perform specialized tasks or operations. AI-powered automated email security gives your business an edge against cybercrime, providing a host of benefits like faster detection of phishing-related cyberattacks, better incident response capability, and improved cyber resilience.

In this session, you’ll learn:

  • The different types of AI and how they can be applied to email security
  • Why AI-based email security is more effective than conventional security or an SEG
  • How AI and machine learning bring major security benefits to the table
  • Real-life examples of how AI-based email security prevented cyberattacks

Manoj Srivastav, GM Security Products, Kaseya | Cofounder, Graphus

10:50 - 11:25 AM EDT

Insider Intelligence vs. Employee Surveillance - Why The Difference is Human

There’s one consistent and prevalent security gap in every enterprise. Whether your organization provides healthcare, processes financial transactions, or moves freight from one place to another, the common denominator remains the same: the human element.

Insider Risk Management Surveillance-based technologies have not only employed invasive content inspection, keystroke logging, and video capture capabilities but also often collect more data than necessary for their stated purpose. This has created unnecessary employee privacy issues, as well as significant costs associated with excess data storage and processing. This is why global organizations are turning to Insider Risk Management Intelligence-based platforms. To embrace employees as a source of intelligence rather than a subject of surveillance.

Join us to get a greater understanding of Insider Risk Management Power of the 7 — Privacy, Scalability, Behavioral Analytics, Reporting, Time to Value, Ecosystem Integration, and Total Cost of Ownership — and details numerous examples of how intelligence drives partnership, trust, engagement, and resilience across data, machines, applications, and people.

Armaan Mahbod, Director - i3 Insider Investigations & Research Team, DTEX Systems
Jonathan Care, Cybersecurity Expert, Gartner Veteran

11:25 - 12:00 PM EDT

The Big Business of Ransomware as a Service

In 2021 the average ransomware demand in cases handled by Unit 42 climbed 144% over 2020. At the same time, there was an 85% increase in the number of victims who had their names and other details posted publicly on dark web “leak sites'' that ransomware groups use to coerce their targets into paying. Unit 42 Security Consulting responds to hundreds of ransomware cases annually. Along the way, they have learned the art and science of dealing with ransomware attack groups. During this session, Unit 42 security consultants will provide insights about the cases they worked on in 2021 through a review of the case data, ransoms requested and paid, and analysis of ransomware gang data leak sites.

Jeremy Brown, Director, Unit 42 by Palo Alto Networks

12:00 - 12:15 PM EDT


12:15 - 12:50 PM EDT

Phish or Fraud: See How XDR Can Stop Inside and Outside Threats

Insider threats and phishing campaigns can both lead to the exfiltration of your data. And yes, executive stakeholders are only interested in stopping the hemorrhaging without concern for the source. But what if you could stop the bleeding, and identify whether it came from an insider or a phish? XDR solutions can help you stop the leak and solve the mystery of origination. Having a strong endpoint solution is just the start. You also need cloud security for your users. Add in an advanced email protection offering and you have the trifecta. Join Cisco as we discuss and demonstrate the power of an integrated XDR solution through the integrated solutions of endpoint, cloud, and email security. We will showcase how each of those solutions contributes to stopping and identifying the source.

Adam Tomeo, Product Marketing Manager, Cisco Secure
Eric Howard, Technical Leader, Cisco Secure

12:50 - 1:25 PM EDT

Insider Threats: There’s More in the Ocean Than Just Phish

As the work-from-anywhere environment has evolved and employee turnover has increased, the potential for security breaches from within the organization has risen. Many security teams lack the visibility into the data activity required to detect and defend against insider threats.

Join this webinar to learn how to:

  • Learn to identify the different types of insider threats so you can increase awareness throughout the organization
  • Understand how attacks such as phishing impact everyone in the business
  • Learn about best practices to detect and mitigate insider threats by leveraging your SIEM

Ryan Whelan, Technical Product Manager, Devo

1:25 - 2:00 PM EDT

The Great Exfiltration: Employees Leave and Take the Keys

According to the 2022 Ponemon Institute Cost of Insider Threats: Global Report, insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million. Among the reasons for this increase is the rise of the "Great Resignation" per

A common thread, and often the most damaging aspect, of insider threat incidents is the exfiltration of company data. Detecting exfiltration activity is elusive since it resembles legitimate business activity and in recent years is even more challenging given the increase of cloud-first networks and users working from home. A variety of analytical methods and observational vantage points must be employed to provide the best detection posture against data exfiltration, from scenario-based rules and behavioral baselining to user and entity scoring. In this session, the LogRhythm Labs team will demonstrate techniques for detection of exfiltration in a variety of network topologies (work-from-home, cloud-only, on-premises) using the LogRhythm product line.

Dan Kaiser, Principal Threat Research Engineer, LogRhythm
Brian Coulson, Principal Threat Research Engineer, LogRhythm
Sally Vincent, Senior Threat Research Engineer, LogRhythm

2:00 - 2:15 PM EDT


2:15 - 2:50 PM EDT

Malware 2021 to Present Day - Building a Preventative Cyber Program

Malware has been around for years however, there has been a massive increase in malware activity since 2020. Two key contributing factors are 1) global shift to WFH/remote work. 2) significantly wider attack surface. Additionally, we’ve experienced supply chain attacks forcing organizations to re-evaluate their partners, suppliers, and even their own SDLC. Furthermore, increased malware has contributed to ransomware attacks that now employ double and triple extortion techniques.

This presentation will review the recent evolution of malware and how your organization can build a unified and complete cyber program focused on preventing current and future attacks.

Grant Asplund, Chief Cyber Security Evangelist, Check Point Software Technologies

2:50 - 3:25 PM EDT

The “Oh Wow” Moments with Zero Trust Network Access Anywhere

As OT continues to connect to IT systems and unmanaged assets are connected everywhere, your initially designed OT segregated networks have suddenly become flatter than you realized. Do you have vintage OS, vulnerable exposed ports, or users remote accessing into critical systems over unsafe protocols? How do you detect ransomware early? How do you respond to modern targeted Ransomware attacks purpose built for IT/OT converged infrastructure?

In this session, you’ll learn:

  • The fundamentals of a Zero Trust Segmentation
  • Day in the life of a Ransomware attack vector
  • Early indicators of Ransomware compromise
  • Three key pillars ransomware prevention – Zero Trust networks, workloads, and, identities
    Incident response with Ransomware Kill Switch™

Ritesh Agrawal, CEO and Co-Founder, Airgap Networks, Inc.

3:25 - 4:00 PM EDT

Deep Dive on Phishing Trends

Join us on to uncover the latest phishing attack discoveries, trends, and predictions revealed in the ThreatLabz 2021 Phishing Report. Experts from Zscaler ThreatLabz will analyze a year’s worth of phishing data from the world’s largest security cloud to teach you how to identify and defend against the leading tactics and techniques used by scammers today.

Join us to learn about:

  • 2021 top phishing targets by country, industry, and more
  • Overview of common phishing scams and attack types
  • The rise of phishing-as-a-service and other emerging attack vectors
  • Phishing predictions for 2022-2023
  • Zero trust strategies for ransomware defense

Deepen Desai, Chief Information Security Officer & VP Security Research, Zscaler
Jithin Nair, Sr Manager Security Research, Zscaler
Mark Brozek, Sr Manager Product Marketing, Zscaler

4:00 - 4:15 PM EDT

Jake Williams, SANS Instructor & Subject Matter Expert