Threat Hunting Summit

Threat Hunting Summit

Threat Hunting Summit

SecurityWeek’s  2022 Threat Hunting Summit will present innovative strategies and tools that security teams use to detect, contain, and eliminate attackers present in or attempting to infiltrate enterprise networks. Attendees will learn how continually monitoring with a fine-tuned threat hunting strategy can help incident response teams detect attacks that may have bypassed enterprise defenses and reduce attacker dwell time. (Updates for 2022 event coming soon)

Register for Virtual Events

2021 Presenting Sponsor


2021 Platinum Sponsors

Recorded Future

Team Cymru

2021 Gold Sponsors



 Abnormal Security

Silver Sponsors


Cyborg Security

Join this exclusive fireside chat with Google security engineer and VirusTotal threat intelligence strategist Vicente Diaz and learn about hunting for big-game adversaries at scale. In this interview with SecurityWeek editor-at-large Ryan Naraine, Diaz will discuss the art and science of threat intelligence, the nation-state malware threat landscape, the ransomware epidemic, the importance of data-sharing, and how companies can incorporate threat hunting into modern security programs.

Whether your organization’s biggest threat is from ransomware threat actors, APTs or other financially motivated actors, proactive threat hunting focused on TTPs used during all stages of the attack lifecycle is critical. First, we will discuss how to identify the techniques threat actors are using, focusing on those used during ransomware attacks. We will highlight the opportunities for threat hunters to detect these tools; from initial access, to persistence, to lateral movement, focusing on how to look for malicious behavior occurring before the deployment of the final payload. Finally, we will talk about how to use Recorded Future Intelligence to create threat hunting packages to look for these TTPs that can be refined and incorporated into your security workflow.

In a hybrid world, visibility itself has become essential as work occurs outside traditional corporate controls. With all of the competing requirements at both the executive and operational level, endpoint visibility provides defensible, forensically sound data that can be leveraged beyond traditional security tooling. In this talk, JJ Cummings will discuss the benefits of many different levels of endpoint visibility. You will walk away with a stronger foundation to start leveraging greater endpoint visibility immediately.

REvil has been one of the most notorious ransomware gangs in recent years. From celebrity law firms to the Colonial Pipeline, to Kaseya, REvil has wreaked ransomware havoc on both businesses and ordinary citizens.
One tactic commonly used by REvil is to use system backups to gain access to critical infrastructure and data. Coincidently this same tactic was recently used by the FBI to gain access and take REvil down. Much can be learned by understanding how REvil maliciously leveraged malware and backup systems to compromise critical systems to protect your organization from future attacks.

This session, Andrew Yeates, ReversingLabs Solutions Architect, will cover how organizations can take an intelligence driven approach to prevent future ransomware attacks like Sodinkinobi Revil Ransomware. Andrew will walk through how to analyze, protect and hunt for ransomware to prevent the next attack.

In this session you'll learn:
• How to detect similar ransomware in backup systems, S3 buckets and SMB shares
• How to analyze ransomware samples like Sodinkinobi to understand how it behaves
• How to put ransomware intelligence to work through YARA rules to detect future attacks
• How to go on the offensive and hunt for hidden ransomware through advanced search, retrohunt and automated notifications

This talk explores covers the basics of the threat hunting process from hypothesis creation over data collection, visualization and coming to conclusions and reporting. It explains where machine learning comes in to speed up the hunting process, where in the Pyramid of Pain this sits, what benefits proactive threat hunting delivers and how to turn a one-off threat hunt into an automated process. Suggestions for a generic threat hunting process will be provided - as well as results from real-life threat hunts (APT detections) using machine learning.

In this session, we’ll look at three practical challenges that seriously impede an organization’s security strategy. In the 2021 State of Threat Hunting and the Role of the Analyst survey, 66% of 1,778 respondents said they lacked visibility into their own network and 56% said they lacked visibility across their supply chains.

Lack of visibility, the existence of legitimate business processes that cannot be blocked, and the fact that large organizations are plagued with alerting noise present challenges that can only be overcome by looking at your enterprise and third-party ecosystem from the perspective of the cyber attacker.

Of note, highly regulated industries, such as the pharmaceuticals industry, have seen a facet of third-party risk that many don’t realize exists; threat actors targeting an organization’s regulators with ransomware and other attacks

During this presentation, David Monnier will illustrate the operational and financial outcomes associated with making external threat hunting a strategic priority. He will also walk through a Cobalt Strike C2 mapping exercise as an example of what elite teams at many organizations are doing today to put themselves in a position to do the following:
• Block phishing attacks
• Identify impending attacks against themselves and third parties
• Detect compromises within supply chain enterprises
• Improve alert validation and prioritization
• Optimize incident response from root cause analysis to remediation

Ransomware is more dangerous than ever before. Why? It’s partly because successful attacks don’t just affect the victim anymore. Take the Colonial Pipeline attack as an example. What if you could stay safer from ransomware, however it may attempt to get into your network? Join this event to learn how to stop ransomware infections with a first line and last line of defense approach from the cloud edge to the endpoint. Learn how this layered defense approach can help provide ultimate visibility with ultimate responsiveness against ransomware.

Ransomware is a major problem, and it’s not going away. To understand it, we must understand why threat actors turn to it—and how it can be stopped. The best way to do that is to chat with the masterminds behind these attacks.

In mid-August, we identified a new attack where a Nigerian threat actor offered a million dollars in bitcoin to anyone who was willing to turn on their employer and deploy DemonWare—a type of ransomware— on their servers. Since then, we’ve had multiple conversations with this person, learning who he is and why ransomware is his attack of choice.

In this session, Director of Threat Intelligence Crane Hassold will discuss the ransomware problem and why it has increased in the last few years, as well as how we used threat intelligence tactics to find him. You’ll also hear directly from the source himself, as our Nigerian threat actor discusses his life of cybercrime.

Cisco will demonstrate the power of the Cisco Security integrated architecture that accelerates key security operations functions: detection, investigation, and remediation. Based on a real-world scenario known as the “Loda RAT”. This demonstration will show attendees how Security Operations Center personnel can conduct a security investigation using Cisco architecture.

In this new era of cyber-threat, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing - and the challenge has gone beyond one that is human-scalable. Organizations need to urgently rethink their strategy to ensure their systems, critical data and people are protected, wherever they are. Today’s Autonomous, Self-Learning defenses are capable of identifying and neutralizing security incidents in seconds, not hours - before the damage is done.
In this session, learn how self-learning AI:

· Detects, investigates, and responds to threats – even while you are OOTO

· Protects your entire workforce and digital environment - wherever they are, whatever the data

· Defends against zero-days and other advanced attacks – without disrupting the organization

SecurityWeek’s Threat Hunting Summit will present innovative strategies and tools that security teams use to detect, contain, and eliminate attackers present in or attempting to infiltrate enterprise networks. Attendees will learn how continually monitoring with a fine-tuned threat hunting strategy can help incident response teams detect attacks that may have bypassed enterprise defenses and reduce attacker dwell time.

Eric Howard
Eric Howard
Manager, Advanced Threats Solutions, Security Business Group at Cisco
Eric Howard is Manager, Advanced Threats Solutions, Security Business Group at Cisco
Max Heinemeyer
Max Heinemeyer
Director of Threat Hunting at Darktrace
Max is a Cyber Security professional who is currently working for Darktrace as the Director of Threat Hunting.
Crane Hassold
Crane Hassold
Director of Threat Intelligence at Abnormal Security
Crane Hassold is the Director of Threat Intelligence at Abnormal Security, where he leads a team responsible for researching enterprise-focused cyber threats.
Andrew Yeates, ReversingLabs
Andrew Yeates
Solutions Architect at ReversingLabs
Andrew Yeates is a Solutions Architect at ReversingLabs and an expert in Malware Analysis, Reverse Engineering and SDLC.
JJ Cummings
JJ Cummings
Principle - Threat Intelligence and Interdiction, Cisco
Mr. Cummings leads a group within the Cisco Talos Threat Intelligence & Interdiction team tasked with nation state, critical infrastructure, law enforcement and intelligence based concern
David Monnier
David Monnier
Fellow, Team Cymru
David has been with Team Cymru since 2007. Prior, he served in the US Marine Corps as a Non- Commissioned Officer. He
Lindsay Kaye, Recorded Future
Lindsay Kaye
Director of Operational Outcomes, Recorded Future
Here is Lindsday's bio and headshot: Lindsay Kaye is the Director of Operational Outcomes for Insikt Group at Recorded Future. Her primary focus is driving the creation of actionable technical intelligence - providing endpoint, network and other detections that can be used to detect technical threats to organizational systems.
Vicente Diaz, VirusTotal
Vicente Diaz
Threat Intelligence Strategist on VirusTotal Team at Google
Vicente is a specialist in Threat Intelligence and Threat Hunting, and on the VirusTotal team in Google as Threat Intelligence Strategist.
Ryan Naraine
Editor-at-Large at SecurityWeek
Ryan Naraine is Editor-at-Large at SecurityWeek
Event Details