Threat Detection and Incident Response Summit

Threat Detection and Incident Response summit

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and the murky world of high-end ransomware attacks.

Attendees can expect high-quality presentations and sessions on the following:

  • Extending Endpoint Detection and Response (EDR) to the network layers.
  • Threat hunting tools and frameworks.
  • The value of threat intelligence data in the defender’s security stack
  • Logging and monitoring for signs of infections
  • Open sharing of IOCs and artifacts to help with threat hunting
  • Managed services and best practices around outsourcing incident response
  • Much more!

Register for Virtual Events

2022 Diamond Sponsor


Platinum Sponsor

Tanium for Zero Trust



2022 Platinum Sponsors

Recorded Future

2022 Gold Sponsors


TorqAbnormal Security

2022 Silver Sponsor



  • May 18, 2022 11:00 AM ET
    Fireside Chat: Shane Huntley, Google Threat Analysis Group (TAG)

    Join SecurityWeek editor-at-large Ryan Naraine for an exclusive fireside chat with Shane Huntley, head of Google's TAG (Threat Analysis Group). Attendees can expect a frank discussion on the science of threat intelligence, the cloudy nature of the APT landscape, the surge in big-game ransomware and nation-state malware activity worth tracking.

  • May 18, 2022 11:30AM ET
    IoT in the Crosshairs: RouterOS Attacks in the Wild

    Organizations around the world and in all verticals are rapidly increasing the risk of successful cyber-attacks as they drive business innovation through the use of enterprise and industrial IoT services and devices. Threat actors recognize these types of devices as some of the least secure being put into production and they have made taking advantage of them part of their standard playbook. Section 52, Microsoft Defender for IoT's Security Research group, will share insights about Mikrotik device exposure risks as well as our recent discoveries how unpatched Mikrotik are actively being exploited. We’ll discuss a number of malware families, their persistency mechanisms, and the protocols abused to communicate with command-and-control centers. Finally, we will demonstrate a new open-source tool, which can be used to access your devices for the applicable vulnerabilities so that you can update your devices and become resistant to such attacks.

  • May 18, 2022 12:00PM ET
    Fight Ransomware Robots With Automation Intelligence

    Few topics spark conversation like security automation. The challenge facing organizations in 2022 is how to automate not just the collation and data collection tasks where machines excel, but to automate the repetitive human decisions made daily to defend an enterprise. How do we know if this email is malicious or benign? How can we check if this file is a ransomware loader or an Excel file? Worse, threat actors specifically craft files to look benign to automated scans.

    Threat actors have been using automation to attack companies for decades. In this foray into automation and intelligence, we’ll dive into each of these areas in order, by:

    • Defining security orchestration and automation in simple terms
    • Showing you the prerequisites for success in security automation
    • Unveiling how dark web threat actors use automation to attack you
    • Illustrating how intelligence supercharges automation success
    • Highlighting how security automation is used to reduce analyst burnout
  • May 25, 2021 12:45 PM
    Break: Please Visit Sponsor Booths

    Please visit the virtual expo hall and explore the virtual conference center to learn and compete to win prizes!

  • May 18, 2022 12:45PM ET
    So What? Why Threat Intelligence is Important in the Age of Social Engineering

    Over the past few years, the cyber threat landscape has evolved away from more technically-sophisticated attacks and toward more basic social engineering attacks. Yet, most cyber threat reporting continues to focus on breaking down and extracting technical artifacts from attacks, rather than looking at the bigger picture or trying to communicate how to better defend against these attacks. This raises an important question: "So What?" In this presentation we'll discuss what threat intelligence is and why it's so important. We'll explore how malware analysis can be improved by looking at threats strategically rather than tactically. And finally, we'll look at the recent evolution of the cyber threat landscape and discuss how novel intelligence collection methods can be used to better understand the full cycle of these attacks.

  • May 18, 2022 1:15PM ET
    Building a Security Automation Program: Where to start, How to implement

    Cybersecurity teams share many common challenges—talent shortages, a growing network driven by cloud and remote work, the increasing velocity of software development, growth in global cybercrime, and a proliferation of specialized tools, to name a few. While no single strategy will solve these issues, automation will almost certainly be needed to bring them down to human scale.

    Despite this, most security automation, orchestration, and response platforms (SOAR) are only used to address a small set of security processes, leaving dozens or hundreds of critical workflows to manual handling. As a result, security teams are overworked, toiling to deliver protection at the speed of business.

    It's time to rethink the promise of SOAR and reposition security automation as the central nervous system—not just for the SOC, but the entire security organization. In this talk, Torq Field CTO Marco Garcia will share practical advice for how security teams can improve defensive posture, reduce MTTR, and deliver better protection than ever before, all through the use of automation.

    We'll cover:

    • Why many organizations struggle to adopt SOAR outside of the SOC.

    • Which processes are good targets for automation, and how to implement automation programs.
    • How and why teams need to delineate between fully autonomous and "human-in-the-loop" automation.
  • May 18, 2022 1:45PM ET
    Break: Please Visit Sponsor Booths
  • May 18, 2022 2:00PM ET
    Panel Discussion: Should CISOs Care About Cyberwarfare?

    For the modern CISO, it's impossible to avoid news headlines and warnings about 'cyberwar' and nation-state APT attacks that require urgent attention. From the latest zero day exploit discovery to advisories from intelligence agencies, security leaders are often overwhelmed and unable to filter through the noise to make informed decisions.

    In this panel discussion, threat intel and detection and response practitioners will help explain the current threat landscape, the surge in zero-day exploit discoveries, the blurring of lines between APTs and ransomware attacks, and much more.

  • May 18, 2022 2:50PM ET
    Azure Defender for IoT [Solutions Theater]

    Paul Roberts (Senior Technical Specialist) walks us through Azure Defender for IoT, which allows continuous asset discovery, vulnerability management, and threat detection for your Internet of Things (IoT) devices and operational technology (OT) environment

  • May 18, 2022 2:50PM ET
    Intelligence-Led Defense Against Ransomware [Solutions Theater]

    Ransomware is a defining threat of our times, causing millions of dollars in damages and losses and disrupting the lives and going-ons of millions of people. Intelligence can help guide your defenses, increasing your resiliency to ransomware attacks while also strengthening your enterprise. Ransomware controllers are only one part of large network of criminal activity aimed at attacking your networks and costing you time and money. In this demonstration, we will show you:

    • How ransomware actors find the easiest points of access to your system, like leaked credentials
    • How ransomware actors buy access in bulk from botnet operators like Trickbot and others
    • Where you can monitor the myriad of ransomware developers, affiliates, and criminal vendors
    • How intelligence like our Insikt report on Cobalt Strike can help you defend against active attacks
  • May 18, 2022 3:15PM ET
    Abnormal Security Walkthrough [Solutions Theater]

    Modern threats have evolved to bypass traditional email security. Watch this session to see how Abnormal Security blocks the attacks that matter most, and see why organizations worldwide have chosen an abnormal approach to email security.

  • May 18, 2022 3:15PM ET
    Torq Demo: Automating Security Responses in Minutes [Solutions Theater]

    In this Torq Demo we will show you how Torq's no-code solution can help you gain faster time to value to automate any part of your security response, incident handling, threat hunting, and vulnerability management.

  • May 18, 2022 3:35PM ET
    Expo and Networking

SecurityWeek’s Threat Intelligence Summit is a virtual conference that allows attendees from around the world to immerse in a virtual world to explore and discuss the latest trends and insights on cyber threat intelligence (CTI).

Throughout this virtual event, sessions will include presentations and case studies from industry experts, analysts and end users, along with thought leadership and insightful strategy sessions.

Presentations and Workshops will focus on:

  • Methods and strategies for collecting threat data from various sources and producing actionable Cyber Threat Intelligence (CTI)
  • Mapping threat intelligence requirements
  • Case studies and innovative use of cyber
    threat intelligence strategies
  • Tools and technologies to help maximize the value of threat intelligence
  • Maximizing budgets and the value of threat intelligence
  • Leveraging Public & Private threat intelligence sharing
  • How to evaluate threat intelligence vendors

In this keynote at SecurityWeek's 2021 Threat Intelligence Summit, John Lambert, GM of the Microsoft Threat Intelligence Center, discusses how it’s more important than ever for defenders and organizations to come together and better share information that can help the entire ecosystem protect against emerging threats. Lambert shares specific examples of how community resources such as GitHub, MITRE’s ATT&CK Framework, Sigma rules, CodeQL queries and Jupyter notebooks have all been used in recent months to “open-source” security to better defend against sophisticated threats such as NOBELIUM and others.

Register for 2022

Event Details