Threat Detection and Incident Response Summit

Join SecurityWeek editor-at-large Ryan Naraine for an exclusive fireside chat with Shane Huntley, head of Google's TAG (Threat Analysis Group). Attendees can expect a frank discussion on the science of threat intelligence, the cloudy nature of the APT landscape, the surge in big-game ransomware and nation-state malware activity worth tracking.

Organizations around the world and in all verticals are rapidly increasing the risk of successful cyber-attacks as they drive business innovation through the use of enterprise and industrial IoT services and devices. Threat actors recognize these types of devices as some of the least secure being put into production and they have made taking advantage of them part of their standard playbook. Section 52, Microsoft Defender for IoT's Security Research group, will share insights about Mikrotik device exposure risks as well as our recent discoveries how unpatched Mikrotik are actively being exploited. We’ll discuss a number of malware families, their persistency mechanisms, and the protocols abused to communicate with command-and-control centers. Finally, we will demonstrate a new open-source tool, which can be used to access your devices for the applicable vulnerabilities so that you can update your devices and become resistant to such attacks.

Few topics spark conversation like security automation. The challenge facing organizations in 2022 is how to automate not just the collation and data collection tasks where machines excel, but to automate the repetitive human decisions made daily to defend an enterprise. How do we know if this email is malicious or benign? How can we check if this file is a ransomware loader or an Excel file? Worse, threat actors specifically craft files to look benign to automated scans.

Threat actors have been using automation to attack companies for decades. In this foray into automation and intelligence, we’ll dive into each of these areas in order, by:

• Defining security orchestration and automation in simple terms
• Showing you the prerequisites for success in security automation
• Unveiling how dark web threat actors use automation to attack you
• Illustrating how intelligence supercharges automation success
• Highlighting how security automation is used to reduce analyst burnout

Please visit the virtual expo hall and explore the virtual conference center to learn and compete to win prizes!

Over the past few years, the cyber threat landscape has evolved away from more technically-sophisticated attacks and toward more basic social engineering attacks. Yet, most cyber threat reporting continues to focus on breaking down and extracting technical artifacts from attacks, rather than looking at the bigger picture or trying to communicate how to better defend against these attacks. This raises an important question: "So What?" In this presentation we'll discuss what threat intelligence is and why it's so important. We'll explore how malware analysis can be improved by looking at threats strategically rather than tactically. And finally, we'll look at the recent evolution of the cyber threat landscape and discuss how novel intelligence collection methods can be used to better understand the full cycle of these attacks.

Cybersecurity teams share many common challenges—talent shortages, a growing network driven by cloud and remote work, the increasing velocity of software development, growth in global cybercrime, and a proliferation of specialized tools, to name a few. While no single strategy will solve these issues, automation will almost certainly be needed to bring them down to human scale.

Despite this, most security automation, orchestration, and response platforms (SOAR) are only used to address a small set of security processes, leaving dozens or hundreds of critical workflows to manual handling. As a result, security teams are overworked, toiling to deliver protection at the speed of business.

It's time to rethink the promise of SOAR and reposition security automation as the central nervous system—not just for the SOC, but the entire security organization. In this talk, Torq Field CTO Marco Garcia will share practical advice for how security teams can improve defensive posture, reduce MTTR, and deliver better protection than ever before, all through the use of automation.

We'll cover:

• Why many organizations struggle to adopt SOAR outside of the SOC.

• Which processes are good targets for automation, and how to implement automation programs.
• How and why teams need to delineate between fully autonomous and "human-in-the-loop" automation.

For the modern CISO, it's impossible to avoid news headlines and warnings about 'cyberwar' and nation-state APT attacks that require urgent attention. From the latest zero day exploit discovery to advisories from intelligence agencies, security leaders are often overwhelmed and unable to filter through the noise to make informed decisions.

In this panel discussion, threat intel and detection and response practitioners will help explain the current threat landscape, the surge in zero-day exploit discoveries, the blurring of lines between APTs and ransomware attacks, and much more.

Paul Roberts (Senior Technical Specialist) walks us through Azure Defender for IoT, which allows continuous asset discovery, vulnerability management, and threat detection for your Internet of Things (IoT) devices and operational technology (OT) environment

Ransomware is a defining threat of our times, causing millions of dollars in damages and losses and disrupting the lives and going-ons of millions of people. Intelligence can help guide your defenses, increasing your resiliency to ransomware attacks while also strengthening your enterprise. Ransomware controllers are only one part of large network of criminal activity aimed at attacking your networks and costing you time and money. In this demonstration, we will show you:

• How ransomware actors find the easiest points of access to your system, like leaked credentials
• How ransomware actors buy access in bulk from botnet operators like Trickbot and others
• Where you can monitor the myriad of ransomware developers, affiliates, and criminal vendors
• How intelligence like our Insikt report on Cobalt Strike can help you defend against active attacks

Modern threats have evolved to bypass traditional email security. Watch this session to see how Abnormal Security blocks the attacks that matter most, and see why organizations worldwide have chosen an abnormal approach to email security.

In this Torq Demo we will show you how Torq's no-code solution can help you gain faster time to value to automate any part of your security response, incident handling, threat hunting, and vulnerability management.