Threat Detection and Incident Response Summit

The Latest In Ransomware (and What to Do About It)

Emily Laufer
Director of Product Marketing, ThreatLabz

×

Emily Laufer

Emily Laufer has been in cybersecurity for seven years focused on advancing the fields of security analytics, orchestration, incident response, and threat research.

ThreatLabz tracks dozens of ransomware families as they monitor the 300B+ daily transactions across the Zscaler Zero Trust Exchange. Lately, ThreatLabz has observed an explosion in new ransomware families (with some groups suspected to be running multiple ransomware ‘brands’), threat groups doubling down on data extortion, and lots of innovation in tactics and techniques. Join Emily Laufer from Zscaler as she walks through the latest ThreatLabz discoveries, and learn:

• The latest ransomware innovations
• Predictions for the next wave of ransomware trends
• Guidance for maximizing your organization’s protections against evolving ransomware

SEARCH Party: Threat Hunting in the Clouds

Greg Foss
CrowdStrike, Security Leader

×

Greg Foss

Greg Foss leads an elite team of threat hunters, intrusion researchers, and technical content writers as part of CrowdStrike Falcon OverWatch’s 24/7 Managed Threat Hunting service. Foss has worked in varying roles across threat research and security operations throughout his career as a practitioner and leader. Having built a security operations program, consulted in offensive security, created detections across varying telemetry, and monitored networks as an analyst. Foss is a seasoned public speaker, having been interviewed across media outlets and delivering presentations at conferences internationally.

Delve into the world of cloud threat hunting at scale with lessons learned from the CrowdStrike OverWatch team. This session will focus on the experiences investigating and preventing intrusions into organizations of all sizes directly from the front lines. We will discuss practical lessons learned from our own threat hunting process, called SEARCH, and share insights into how organizations can implement practical threat hunting into their own cloud security operations. Through understanding and implementing truly proactive threat hunting, organizations can turn valuable insights into an effective security operations strategy that can be applied across the cloud and on-premise assets alike.

Deciphering the Unknown: Leveraging Knowns in Cyber Threat Detection

Tim Morris
Tanium, Chief Security Advisor

×

Tim Morris

Tim provides thought leadership for IT & Cyber Security for multiple industries. Prior to Tanium, he spent 22 years in IT Ops and Infosec at a large financial institution defending and protecting over 500K endpoints. He retired as an SVP, building and leading Cyber Operations, Engineering, & Research teams. Tim holds 21 US patents and has authored several cyber security articles. He is frequently cited in major publications as a subject matter expert, as well as a regular guest on web shows & podcasts.

In the realm of cyber security, visibility is key to managing and defending against threats effectively. Without clear and accurate data, or "visibility", we cannot discern truth from fiction. Risk in cybersecurity is commonly assessed in two dimensions: likelihood and severity. Both factors are contingent upon having complete visibility what is being protected. By having absolute clarity and visibility, we can detect better and make more acceptable risk decisions. The concept of "knowing what you know" helps us better identify the unknowns. This clearer perspective aids in distinguishing extreme risks from low risks, while dealing with threats.

Contrary to the approach of aggregating attack surface data from multiple sources, which often results in unreliable and erroneous derivatives, this session places a strong emphasis on the critical aspect of threat detection. It underscores the need for high-quality intel that enhances visibility into potential threats. Relying on these derivatives not only amplifies the risk, but also compromises effective threat detection.

In this presentation, we'll discuss what measures can be implemented to achieve improved visibility, enhance threat detection, and secure the most critical infrastructures around the globe. We'll outline the true sources of reliable data that offer enhanced visibility and delve into the pertinent questions that will offer the best intel for making superior cyber security and risk decisions

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

Cyber Resilience: The New Strategy to Cope with Increased Threats

Torsten George
Absolute Software, Cybersecurity Evangelist

×

Torsten George

Torsten is Absolute’s in-house cybersecurity evangelist with over 28 years of global experience. He is an internationally recognized IT security expert, author, and speaker, regularly providing commentary and publishing articles on data breaches, insider threats, compliance frameworks, and IT security best practices.

Many security practitioners understand that it’s no longer a matter of ‘if’ but ‘when’ an organization will suffer a data breach. This means that instead of primarily focusing efforts on keeping threat actors out of the network, it’s equally important to develop a strategy to reduce the impact. In turn, many organizations have started adopting a new strategy to cope with today’s increased cyber threats, which is called ‘cyber resilience’.

Cybersecurity applies technology, processes, and measures that are designed to protect systems (e.g., servers, endpoints), networks, and data from cyberattacks. In contrast, cyber resilience focuses on detective and reactive controls in an organization’s IT environment to assess gaps and drive enhancements to the overall security posture. Most cyber resilience initiatives leverage or enhance a variety of cybersecurity measures. Both are most effective when applied in concert.

This session discusses the need for cyber resiliency and its benefits, as well as illustrates why it matters using the example of application resilience. It outlines how to establish cyber resilience across an organization’s device fleet to work as a preventive measure to counteract human error, malicious actions, and decayed, insecure software. Ultimately, the goal of cyber resilience is to aggressively protect the entire enterprise, covering all available cyber resources.

Attacker Mindset in the Cloud

Taylor Bianchi
Uptycs, Senior Offensive Security Researcher

×

Taylor Bianchi

Taylor is a Senior Offensive Security Researcher at Uptycs with their Cloud Security organization. He focuses on researching, identifying, & validating cloud security threats targeting the Azure platform. Taylor is a current Navy Reservist and a former Security Architect at Microsoft.

Organizations can meet compliance/regulatory responsibilities in the cloud, but still be susceptible to a threat actor escalating privileges, exfiltrating data, targeting you for ransomware. Threat actors today have become cloud experts. Their TTPs are evolving quicker than most want to believe. Therefore it's time we start thinking like them and mimicking detection on their attack behavior.

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

Mastering the Cyber Battlefield Your Guide to ICS/OT Incident Response Preparation

Hussain Virani
Dragos, Senior Industrial Incident Responder

×

Hussain Virani

Noah Hemker
Dragos, Senior Industrial Incident Responder

×

Noah Hemker

Join Hussain Virani, Senior Industrial Incident Responder, and Noah Hemker, Senior Industrial Incident Responder, as they outline the intersection of OT incident respond recommendations with incident management system principles. 

Join us as we provide actionable items to improve incident preparedness, including: 

• Facilities, equipment, and personnel recommendations
• Recommended procedures and communication tools
• An Incident Response Preparedness Key Action Checklist

Zero Trust-Based Strategies to Optimize Cyber Threat Defense Across the Attack Chain

Mark Brozek
Zscaler, Product Marketing Leader

×

Mark Brozek

Mark is responsible for supporting Zscaler's advanced cyberthreat protection portfolio and the ThreatLabz threat research team of 125+ global researchers. He has over 10 years experience in research and tech, and his cybersecurity expertise centers on emerging cybersecurity threats and security operations strategies.

Reduce the attack surface. Prevent compromise. Eliminate lateral movement. Stop data loss. These are the four goals of a zero trust strategy that minimizes the risks and impact of attacks. Learn about these pillars and the capabilities you need within each to build effective defense-in-depth against cyber threats. See how the Zscaler Zero Trust Exchange can help you realize a robust and comprehensive zero trust strategy.

Fireside Chat: John Hultquist, Chief Analyst, Mandiant

John Hultquist
Mandiant, Chief Analyst

×

John Hultquist

John Hultquist is Chief Analyst at Mandiant and an adjunct professor at Georgetown University. He is the founder of CYBERWARCON. Previously, Hultquist served as the director of cyber espionage analysis at iSIGHT Partners. Prior to that, he worked as an intelligence analyst working with the U.S. government and industry information sharing and analysis centers. He is an Army veteran and a graduate of Maryville College. 

Ryan Naraine
Editor-At-Large

×

Ryan Naraine

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Join us for an engaging fireside chat with Mandiant Chief Analyst, John Hultquist, on the nation-state threat landscape, the fog of cyberwar, the use of threat-intel data to track malware actors, the implications for AI in cybersecurity, the U.S. government's national security strategy, and much more.

Zscaler: Use Deception to Stop Ransomware Attacks

Deception is a critical—yet grossly underutilized—defense strategy. Well-designed decoys allow you to lure and detect attackers with much higher fidelity than you can ever achieve with typical detection-based security controls. In this short demo, see how you can use Zscaler Deception to quickly deploy decoys that effectively disrupt a ransomware attack at multiple stages in the attack chain.

Uptycs: The First Unified CNAPP & XDR Solution

Check out the first unified CNAPP and XDR solution! We’ll show you: - What a more cohesive enterprise-wide security posture looks like with CNAPP and XDR in the same UI - Real-life examples of how you can reduce risk, operating costs, and security failures - How to create YARA rules, explore MITRE ATT&CK chains, and investigate live and historical states - Why not both? For deployments in AWS, GCP, and Azure, you can start with instant-on agentless workload scanning, then add runtime protection with the Uptycs agent

Absolute Product Demo

Absolute is known as the pioneer of endpoint resilience, allowing you to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks, or compromises on endpoints and their installed, mission-critical applications.

This product demo showcases how Absolute Resilience™ delivers application self-healing and confident risk response, empowering you to strengthen your security and compliance posture through cyber resiliency. Absolute Resilience delivers a broad set of capabilities that allow you to gain granular insights, take actions from anywhere, and continue your business despite inevitable attacks via endpoint resilience. Join us to learn how Absolute makes security work

Dragos Demo

Dragos was founded by renowned ICS/OT practitioners who have defeated adversaries for the U.S. government, ally nations, and global firms. Today, Dragos is on a mission to protect the world’s most critical infrastructure and safeguard civilization. We know that’s a mission you can get behind.

[On-Demand] Zscaler: Use Deception to Stop Ransomware Attacks

Deception is a critical—yet grossly underutilized—defense strategy. Well-designed decoys allow you to lure and detect attackers with much higher fidelity than you can ever achieve with typical detection-based security controls. In this short demo, see how you can use Zscaler Deception to quickly deploy decoys that effectively disrupt a ransomware attack at multiple stages in the attack chain.

[On-Demand] Tanium Demo

TBD

[On-Demand] CrowdStrike Demo

TBD

[On-Demand] Uptycs: The First Unified CNAPP & XDR Solution

Saurabh Wadhwa
Uptycs, Senior Solutions Engineer

×

Saurabh Wadhwa

Check out the first unified CNAPP and XDR solution! We’ll show you: - What a more cohesive enterprise-wide security posture looks like with CNAPP and XDR in the same UI - Real-life examples of how you can reduce risk, operating costs, and security failures - How to create YARA rules, explore MITRE ATT&CK chains, and investigate live and historical states - Why not both? For deployments in AWS, GCP, and Azure, you can start with instant-on agentless workload scanning, then add runtime protection with the Uptycs agent

[On-Demand] Absolute Product Demo

Torsten Larson
Absolute Software, Senior Sales Engineer

×

Torsten Larson

Torsten Larson is a Senior Sales Engineer for Absolute Software working with key Enterprise and Strategic companies across North America. With 30 years in the information technology space, Torsten spent much of his career as an information security professional before moving into sales. Torsten holds several information security certifications and continues to engage with customers and colleagues on information security topics in seminars and meetings and continues to be a member of multiple security focused professional organizations

Absolute is known as the pioneer of endpoint resilience, allowing you to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks, or compromises on endpoints and their installed, mission-critical applications. This product demo showcases how Absolute Resilience™ delivers application self-healing and confident risk response, empowering you to strengthen your security and compliance posture through cyber resiliency. Absolute Resilience delivers a broad set of capabilities that allow you to gain granular insights, take actions from anywhere, and continue your business despite inevitable attacks via endpoint resilience. Join us to learn how Absolute makes security work.

[On-Demand] Abnormal Demo

TBD

[On-Demand] Dragos Demo

TBD