Threat Hunting in the Cloud Solutions Forum 2023

Thank You to Our Sponsors

Agenda | August 25, 2023 | 10:30AM - 1:30PM EDT

Timeline (EDT)	Session Details
10:30 AM	Welcome & Opening Remarks Terrence Williams, Certified Instructor, SANS Institute
10:45 AM	Unmasking Linux Malware in the Cloud: A Journey from Theory to Practice Join us as we address the challenges and opportunities of threat hunting in Linux-based cloud environments. 96.3% of the top one million web servers globally use Linux, which makes Linux malware sandboxing an essential tool for identifying and understanding threats specific to the cloud environment. This helps preemptively hunt potential threats and minimize risks associated with cloud services. This webinar will delve into Linux-specific threats such as IoT botnets, crypto-mining, and ransomware, highlighting how cloud environments alter our perspective of the threat landscape. You'll also gain insights from a typical cloud threat-hunting scenario, where in-depth threat analysis is a crucial capability in the threat hunter's arsenal. The session will conclude with an in-depth look at a Linux malware analysis, providing a clear view for threat hunters in the cloud. Fatih Akar, Security Product Manager, VMRay Ertugrul Kara, Sr. Product Marketing Manager, VMRay
11:20 AM	The Threat Hunter's Playbook: Mastering Cyber Defense Strategies Greetings, Cyber Defenders and Security Champions! Are you prepared to defend your cyber turf against the threats lurking in every corner? In this session, our threat researchers will explore the world of weaponized cloud automation and other cunning tactics used by attackers. Learn how automation empowers attackers in lightning-fast cyber-attacks and discover the importance of reconnaissance alerts as your first line of defense. Unveil the secrets of cloud complexity and intercept hacker strategies with an aggressive defense. Equip yourself with Threat Hunter skills, navigate the cloud-native landscape, and bolster your organization's cyber defense. Ready to level up your cyber defense game? Don't miss this opportunity to stay one step ahead of the ever-evolving threat landscape. Remember, the Threat Hunter's Playbook awaits you! Michael Clark, Director of Threat Research, Sysdig Crystal Morin, Cybersecurity Strategist, Sysdig
11:55 AM	Break
12:05 PM	Demystifying Cloud Forensics: Investigating Virtual Machines, Containers, and Serverless Resources Cloud computing has become increasingly popular in recent years, and with it, the need for cloud forensics. But what is cloud forensics? There is a widely perceived perception that it's just log analysis - the cloud sure does have a lot of logs! While logs are important, they aren't everything when it comes to performing forensics in the cloud. Further, there are key differences to consider when responding in cloud, container, and serverless environments versus on premises. In this session, Chris Doman, CTO & Co-Founder of Cado Security will dig into the ins and outs of cloud forensics and how security teams can leverage the scale and speed of the cloud to expedite incident response without compromising on critical context. Chris Doman, CTO & Co-Founder, Cado Security
12:40 PM	Panel: Navigating Cloud Complexity: Modern Threat Hunting in AWS, Azure, and Google Cloud The ever-evolving landscapes of AWS, Azure, and Google Cloud continually redefine the challenges faced by threat hunters. With rapid service introductions and deprecations, along with varied logging levels under the Shared Responsibility Model, the journey of a threat hunter is intricate and demanding. This panel delves into these complexities, exploring critical decisions on data ingestion across multi-cloud environments, especially for businesses that aren't cloud-native. With adversaries constantly lurking, how do you strike a balance between automating mundane tasks and focusing on sophisticated threats? Uncover the vital log sources across different providers and the building blocks to craft an effective multi-cloud threat hunting program. Moderator: Terrence Williams, Certified Instructor, SANS Institute Panelist: Michael Clark, Director of Threat Research, Sysdig Kenneth Westin, Field CISO, Panther Chris Doman, CTO & Co-Founder, Cado Security
1:25 PM	Wrap-Up Terrence Williams, Certified Instructor, SANS Institute

Timeline (EDT)

Session Details

10:30 AM

Welcome & Opening Remarks

Terrence Williams, Certified Instructor, SANS Institute

10:45 AM

Unmasking Linux Malware in the Cloud: A Journey from Theory to Practice

Join us as we address the challenges and opportunities of threat hunting in Linux-based cloud environments. 96.3% of the top one million web servers globally use Linux, which makes Linux malware sandboxing an essential tool for identifying and understanding threats specific to the cloud environment. This helps preemptively hunt potential threats and minimize risks associated with cloud services.

This webinar will delve into Linux-specific threats such as IoT botnets, crypto-mining, and ransomware, highlighting how cloud environments alter our perspective of the threat landscape. You'll also gain insights from a typical cloud threat-hunting scenario, where in-depth threat analysis is a crucial capability in the threat hunter's arsenal. The session will conclude with an in-depth look at a Linux malware analysis, providing a clear view for threat hunters in the cloud.

Fatih Akar, Security Product Manager, VMRay

Ertugrul Kara, Sr. Product Marketing Manager, VMRay

11:20 AM

The Threat Hunter's Playbook: Mastering Cyber Defense Strategies

Greetings, Cyber Defenders and Security Champions! Are you prepared to defend your cyber turf against the threats lurking in every corner? In this session, our threat researchers will explore the world of weaponized cloud automation and other cunning tactics used by attackers. Learn how automation empowers attackers in lightning-fast cyber-attacks and discover the importance of reconnaissance alerts as your first line of defense. Unveil the secrets of cloud complexity and intercept hacker strategies with an aggressive defense. Equip yourself with Threat Hunter skills, navigate the cloud-native landscape, and bolster your organization's cyber defense.

Ready to level up your cyber defense game? Don't miss this opportunity to stay one step ahead of the ever-evolving threat landscape. Remember, the Threat Hunter's Playbook awaits you!

Michael Clark, Director of Threat Research, Sysdig

Crystal Morin, Cybersecurity Strategist, Sysdig

11:55 AM

Break

12:05 PM

Demystifying Cloud Forensics: Investigating Virtual Machines, Containers, and Serverless Resources

Cloud computing has become increasingly popular in recent years, and with it, the need for cloud forensics. But what is cloud forensics? There is a widely perceived perception that it's just log analysis - the cloud sure does have a lot of logs! While logs are important, they aren't everything when it comes to performing forensics in the cloud. Further, there are key differences to consider when responding in cloud, container, and serverless environments versus on premises. In this session, Chris Doman, CTO & Co-Founder of Cado Security will dig into the ins and outs of cloud forensics and how security teams can leverage the scale and speed of the cloud to expedite incident response without compromising on critical context.

Chris Doman, CTO & Co-Founder, Cado Security

12:40 PM

Panel: Navigating Cloud Complexity: Modern Threat Hunting in AWS, Azure, and Google Cloud

The ever-evolving landscapes of AWS, Azure, and Google Cloud continually redefine the challenges faced by threat hunters. With rapid service introductions and deprecations, along with varied logging levels under the Shared Responsibility Model, the journey of a threat hunter is intricate and demanding. This panel delves into these complexities, exploring critical decisions on data ingestion across multi-cloud environments, especially for businesses that aren't cloud-native. With adversaries constantly lurking, how do you strike a balance between automating mundane tasks and focusing on sophisticated threats? Uncover the vital log sources across different providers and the building blocks to craft an effective multi-cloud threat hunting program.

Moderator:

Terrence Williams, Certified Instructor, SANS Institute

Panelist:

Michael Clark, Director of Threat Research, Sysdig

Kenneth Westin, Field CISO, Panther

Chris Doman, CTO & Co-Founder, Cado Security

1:25 PM