Threat Detection and Incident Response Summit

Threat Detection & Incident Response 2026 Summit

May 20, 2026 – Register

Register for Virtual Events

Call for Presentations (CFP) is Open!

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit brings together security practitioners from around the world to share war stories on breaches and the murky world of high-end cyberattacks.

This event delves into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Platinum SponsorsDropzone AI

Snyk Logo

Gold Sponsors

Wiz

 

Sponsorship Information

In an era where “assume breach” is the status quo, organizations must address the maturity of threat detection and incident response programs to mitigate the barrage of incoming malware and ransomware attacks.

Share This Event
time iconMay 21, 2025 11:00

Insights from the 2025 Unit 42 Global Incident Response Report

In a world where cyberattacks are intensifying daily, AI-driven techniques and calculated disruptions from adversaries are redefining how organizations must approach cybersecurity. In 2024, the Unit 42® Incident Response team handled 500+ of the world’s largest cyberattacks — 86% of which directly impacted business operations. Leveraging insights from these incidents, the 2025 “Unit 42 Global Incident Response Report” delivers an in-depth analysis of the evolving threat landscape and attacker's tactics and techniques. In this webinar, explore: -The increasing speed of attacks: Understand how attackers leverage AI and advanced tactics to reach exfiltration within an hour, leaving minimal time to respond. -Evolving attack techniques: Discover how 70% of incidents now span three or more attack surfaces, emphasizing the need for holistic security across endpoints, networks, cloud environments and human factors. -Key emerging threat trends: Explore the rise of disruptive extortion, supply chain vulnerabilities, insider threats and AI-assisted attacks, and how they impact organizations across industries. Gain critical insights, actionable strategies and learn how Unit 42 can help you stay ahead in 2025 and beyond.
speaker headshot

Michael Sikorski
Palo Alto Networks, Chief Technology Officer and VP of Engineering

speaker headshot

Sam Rubin
Palo Alto Networks, VP Global Head of Operations

speaker headshot

David Moulton
Palo Alto Networks, Director, Content Marketing

time iconMay 21, 2025 11:30

A Security Imperative: Identity Threat Visibility and Remediation

In today’s evolving threat landscape, staying ahead of Identity-related risks is critical to maintaining business continuity. Join us for an insightful session where we will share proven strategies to detect, respond to, and mitigate identity threats—with speed and efficiency.

What You’ll Learn:
How to harness the power of Okta and our technology partners to detect and address threats in real-time.
The role of advanced risk analytics, AI-driven tools, and automated response systems in enhancing security.
Actionable steps to secure both users and devices while minimizing disruptions.

This session is tailored for IT and Security professionals looking to strengthen their organization’s defenses. Attendees will learn the importance of implementing integrated solutions, like CrowdStrike, that enable real-time threat remediation and provide deeper visibility into potential Identity risks across the enterprise.

speaker headshot

Johnathan Campos
Okta, Senior Product Marketing Manager

speaker headshot

John Smith
CrowdStrike, Integration Solutions Architect,

time iconMay 21, 2025 12:00

Living Off the Cloud: How to Move Faster Than Attackers with CDR

Living off the cloud attacks are on the rise. Executing rapid, cloud-native techniques to escalate privileges, move laterally between environments, and access critical assets, attackers are targeting the cloud more effectively than ever.

This session will focus on a real-world living off the cloud attack case study, analyzing a step-by-step account of the attack as it unfolded from attackers’ perspective.

We will then switch gears and rewind the attack, explaining how effective detection and response methodologies could — and should — have prevented every step of the attack. Defeating these threats requires powerful centralized visibility and control of all cloud environments and resources. Our key takeaways will therefore be tailored to leveraging the best methodologies and tools to take back the initiative and stop even the most sophisticated cloud attacks.

speaker headshot

Lauren Place
Wiz, Sr. Product Marketing Manager

time iconMay 21, 2025 12:30

A CISO's Guide to Mastering Cyber Incident Response: Are Your Vendors Your Weakest Link?

With 98% of organizations experiencing vendor breaches, preparedness is critical. This webinar equips CISOs and security leaders with strategies to effectively manage third-party cyber incidents. Learn how to leverage a robust playbook to move from reactive scrambling to proactive resilience. Attend to learn how to: - Stop Scrambling: Implement rapid response frameworks. - Communicate Clearly: Develop winning crisis communication plans. - Become Proactive: Discover preventative best practices. - Ask the Right Questions: Vet vendor cybersecurity effectively. - Learn from the Pros: Gain insights from real-world scenarios. Don't let vendors be your vulnerability. Join us to streamline response, communicate effectively, and build a stronger digital ecosystem against escalating third-party threats.
speaker headshot

Steve Cobb
SecurityScorecard, CISO

time iconMay 21, 2025 13:00

Fighting Deepfakes: Transformative Approaches to Protect Your Business

Deepfake-related incidents worldwide increased over 245% in 2024, with some regions seeing alarming growth rates of over 3,000%. When it comes to identity crime, organizations are playing a brand new game with high stakes and uncertain rules. Accepting that human eyes and ears are simply not equipped to accurately discern what is and isn’t real in the digital sphere, is your organization prepared for these threats? Join us for this insightful session as we dive deep into the world of deepfakes; discuss common attack vectors across workforce, customer, and B2B identity use cases; demonstrate effective defense strategies; and recommend best practices to stay ahead of attackers and ensure your organization is protected in an increasingly AI-driven world. Key Takeaways:
--The state of deepfake identity threats and the associated business impacts
--Common attack vectors and points of weakness
--Sample scenarios across industries and use cases
--Existing and new approaches to mitigate deepfake-related fraud
--What’s on the horizon as this threat vector continues to evolve
speaker headshot

Darrell Geusz
Ping Identity, Product Lead, Neo

speaker headshot

Maya Ogranovitch Scott,
Ping Identity, Senior Solution Manager, Fraud

time iconMay 21, 2025 13:30

Leveraging ISP and ASN as New Indicators of Compromise (IOC) in Cyber Threat Intelligence

Traditional threat intelligence often relies on identifying malicious IPs individually, which can be reactive and slow. This session explores different KQL Queries to show how ISPs / ASNs can serve as powerful new IOCs, enabling security teams to proactively monitor entire IP ranges associated with suspicious activity. By tagging and tracking suspicious ISPs, organizations can accelerate threat detection and mitigation, reducing reliance on waiting for specific IP-based alerts. This proposal will help to discover how this approach enhances visibility, speeds up response times, and strengthens cyber defense strategies.
speaker headshot

Sergio Albea
Cloud Security Expert/Architect addicted to Threat Hunting

time iconMay 21, 2025 14:00

Agentic AI: The Next Frontier of Adversarial Threats and Incident Response

Agentic AI-AI systems capable of autonomous decision-making-are rapidly being integrated into enterprise workflows. This session explores how agentic AI blurs the lines between traditional cyberattacks and adversarial AI, introduces new attack vectors (such as phishing via agentic systems and local model tampering), and necessitates a new breed of incident response playbooks. Attendees will learn how to proactively test agentic AI for vulnerabilities, develop tailored incident response strategies, and foster resilience against evolving threats.

speaker headshot

Sanjoy Ghosh
Head of Digital Business & Engineering, BFSI, Apexon

SecurityWeek's Threat Detection and Incident Response (TDIR) Summit dives into threat hunting tools and frameworks, and explore the value of threat intelligence data in the defender’s security stack.

This must-attend forum is designed to delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and explore tools and tricks needed in a modern organization.

Expect robust debate on the use of AI/LLMs in incident response tooling, the cost (and curse) of the “log-everything” movement, the value of threat intelligence, and the blending of sophisticated APTs with cybercrime activities.

Key Topics to Be Addressed:

  • The extension of Endpoint Detection and Response (EDR) systems beyond traditional parameters, advancing into the network layers to provide more robust defense mechanisms.
  • Detailed examination of various threat hunting tools and frameworks, including a look at the latest technologies and methodologies being used in modern security programs.
  • The critical role of threat intelligence data and trends around monetization of feeds and government-controlled data release.
  • Best practices in logging and monitoring to spot malware infections and sharing of IOCs (indicators of compromise) artifacts to secure the ecosystem.

In this keynote at SecurityWeek's 2021 Threat Intelligence Summit, John Lambert, GM of the Microsoft Threat Intelligence Center, discusses how it’s more important than ever for defenders and organizations to come together and better share information that can help the entire ecosystem protect against emerging threats. Lambert shares specific examples of how community resources such as GitHub, MITRE’s ATT&CK Framework, Sigma rules, CodeQL queries and Jupyter notebooks have all been used in recent months to “open-source” security to better defend against sophisticated threats such as NOBELIUM and others.

Register Now

Event Details
Popular Virtual Events
Security Community
Stay Intouch
About Security Week
Wired Business Media
Copyright © 2020 Wired Business Media. All Right Reserved. Privacy Policy