Threat Intelligence Summit

SecurityWeek’s Threat Intelligence Summit is a virtual conference that allows attendees from around the world to immerse in a virtual world to explore and discuss the latest trends and insights on cyber threat intelligence (CTI). 

Watch Sessions On Demand

Featured Sessions:

  • The Inside Story of the Microsoft Exchange Hack | Josh Grunzweig, Threat Intelligence Analyst at Volexity
  • Open-Sourcing Threat Intelligence to Combat Sophisticated Threats | John Lambert GM, Microsoft Threat Intelligence Center
  • CISO Panel: Threat Intel and the Supply Chain
  • The Practitioner’s Panel: Threat Hunting and the Currency of IOCs

2021 Platinum Sponsors

Recorded Future

Gold Sponsors



Tuesday, May 25
  • May 26, 2021
    Watch Sessions On Demand

    All sessions are now available to watch on demand. Click Here to View Sessions on Demand.

  • May 25, 2021 11:00AM
    Fireside Chat With Thomas Rid, Professor, Johns Hopkins University

    The author of Active Measures: The Secret History of Disinformation and Political Warfare joins SecurityWeek editor-at-large Ryan Naraine for a live discussion on the threat-intelligence discipline, the nation-state connections to ransomware attacks, supply chain security implications, and the nuance of properly describing certain types of security incidents.

  • May 25, 2021 11:30AM
    Tracking an Insurrection: A Day in the Life of a Disinformation Analyst

    2020 brought many unexpected surprises: a pandemic, global lockdowns, vaccinations, a contested US election...and an insurrection of the US capitol. Take a journey through a day in the life of a disinformation analyst, a new and growing role in the intelligence industry today. Charity Wright, former NSA analyst and current threat intelligence expert at Recorded Future, uses real-life use cases and personal experience to shine a light on a dark year. See 2020’s milestone events through the lens of an influence operations analyst to reveal how disinformation is detected, tracked, and analyzed. Tradecraft, methodology, tools, and objectives are presented in a practical way that can be implemented immediately in your security program. Additionally, Charity will give her tips on how to maintain your sanity while doing this mentally tasking work.

  • May 25, 2021 12:00PM
    Needle in the Haystack: The Inside Story of the Microsoft Exchange Hack

    This exclusive presentation will detail the original discovery of the Microsoft Exchange vulnerability that was exploited by targeted attackers in early 2021. This is the inside blow-by-blow of how the vulnerability was originally discovered, how attackers leveraged it to accomplish their goals, as well as what happened in the preceding and subsequent days after Microsoft released patches for these vulnerabilities. Don't miss this Threat Intelligence Summit live keynote!

  • May 25, 2021 12:45 PM
    Break: Please Visit Sponsor Booths

    Please visit the virtual expo hall and explore the virtual conference center to learn and compete to win prizes!

  • May 25, 2021 12:15PM
    Threat Reconnaissance: The Evolution of Threat Hunting

    External threat hunting and Internet infrastructure analysis are wishlist items for most organizations. However, more and more organizations are establishing these capabilities and creating forward-leaning threat reconnaissance programs to leverage their security analysts in a more strategic way. These more advanced analyst teams are given on-demand access to global internet traffic telemetry, and as a result these teams are becoming tip-of-the-spear components of the security program, as opposed to reactionary tactical teams. Learn how this new model is delivering longer lasting outcomes that optimize an organization’s security program as a whole.
    In this session will discuss:
    • Threat hunting maturity model
    • Real-world examples of threat reconnaissance
    • Long-term benefits of external threat hunting

  • May 25, 2021 1:30PM
    Point the Camera at a Different Angle: Why it’s Critical to Pull Intelligence From Multiple Sources

    Join our live conversation with Chris Davis and Kurt Baumgartner as they discuss the importance of leveraging multiple sources of threat intelligence to better protect yourselves from complex, persistent threats. Kurt will share recent findings from the Kaspersky GREAT library where they have identified an extremely persistent group who use low-tech but highly effective tactics to attack organizations.

  • May 25, 2021 2:00PM

    Please visit the virtual expo hall and explore the virtual conference center to learn and compete to win prizes!

  • May 25, 2021 2:15PM
    CISO Panel: Threat Intel and the Supply Chain

    The recent Solarwinds and CodeCov security incidents have again put software supply chain on the front pages of newspapers and on agendas for boardroom-level discussions at organizations around the world. As threats grow in complexity and scale, major security weaknesses in the the software supply chain are leading to disruptive malware attacks with real-world implications.

    This panel of CISOs will discuss strategies to lessen the impact from supply chain collateral damage, how threat intelligence fits into the defender's arsenal, and the types of tools and processes needed to modernize enterprise security programs.

  • May 25, 2021 3:00PM
    Tracking and Responding to Advanced Threats

    SecurityScorecard has been on the hunt for APT groups and advanced threats with the Investigations & Analysis team. This team is the first in the security ratings industry to focus on tracking and responding to APT threat groups This session will provide insight into some of the work we are doing around threat actor group tracking and response to 0-days and highly pervasive vulnerabilities.

    Three key takeaways:
    - How we are tracking Nation State APT threat actor groups
    - Insiders view of Kimsuky: A North Korean APT
    - How SecurityScorecard’s Investigations &
    Analysis team utilizes global intelligence to respond to track and surface intelligence

  • May 25, 2021 3:30PM
    Expo and Networking
Wednesday, May 26
  • May 26, 2021 11:30AM
    Fortune 100 Case Study and Forrester’s Total Economic Impact Analysis

    Team Cymru spoke with a client that handles a massive amount of personal data and PCI, and has a large, global supply chain. This Fortune 100 company wanted to find more advanced methods of defending against repeat attackers, allowing its incident response team to focus the most critical threats, and helping its supply chain to defend against a burgeoning onslaught of ransomware attacks. The company implemented a threat reconnaissance program with a strategic analyst team, employing external threat hunting to get ahead of its attackers. This session will also look at Forrester’s study of the total economic impact of this new approach.

    This session will examine:
    - Common challenges
    - Novel approach to enterprise security optimization
    - Uncommon outcomes
    - Forrester’s Total Economic Impact results

  • May 26, 2021 12:00PM
    Keynote: Open-Sourcing Threat Intelligence to Combat Sophisticated Threats

    Cyberattacks from well-funded nation state and criminal organizations are regularly making news headlines. These attackers are increasingly sophisticated, using creative new techniques such as targeting weaknesses in supply chain or firmware. And they’re also getting better at using tried-and-tested methods such as password spraying and phishing. So how can defenders with finite resources hope to protect against adversaries with a seemingly bottomless pit of money and time?

    In this presentation, Microsoft’s John Lambert will talk about how it’s more important than ever for defenders and organizations to come together and better share information that can help the entire ecosystem protect against emerging threats. The good news is there are industry frameworks and sharing mechanisms already in place to facilitate actionable threat intelligence and defense collaboration. Lambert will share specific examples of how community resources such as GitHub, MITRE’s ATT&CK Framework, Sigma rules, CodeQL queries and Jupyter notebooks have all been used in recent months to “open-source” security to better defend against sophisticated threats such as NOBELIUM and others.

  • May 26, 2021 12:45PM
  • May 26, 2021 1:00PM
    Modern Threat Hunting

    Threat Hunting is one of the most popular techniques used by security analysts for all kinds of investigations. It is both science and, to some degree, inspiration. However in the last years the security industry has developed new tools and techniques that can dramatically improve the effectiveness and efficiency of our Threat Hunting. In particular, similarity and automatic Yara generation are key when dealing with large amounts of data. In this talk we learn what's new in the process of Threat Hunting and showcase how to leverage new techniques available for analysts to step research up to the next level.

  • May 26, 2021 1:35PM
    See Recorded Future in Action

    In this demo of Recorded Future, solutions engineer Conor Johnson first walks through what Recorded Future is, where and how we collect our data, and how our customers are able to consume our data. He then jumps into our portal and reviews two of Recorded Future's Intelligence Cards —one for an IP Address and one for a Vulnerability. The main goal in watching this demo is to see first hand just how easy it is to search and view contextualized, real time intelligence behind IOCs through our Intelligence Cards focusing on our risk scores, risk rules and ability to view validated related entities to the indicator in question.

  • May 26, 2021 2:00PM
    The Practitioner's Panel: Threat Hunting and the Currency of IOCs

    The news headlines are loud and clear: sophisticated malware attacks are escalating faster than defenders can get basic, foundational principles in place to protect enterprise data and assets. In the face of these attacks, defenders with finite resources are relying heavily on IOCs and other artifacts provided by open threat-intelligence data feeds and information-sharing mechanisms to help hunt for signs of malicious activity on networks.

    Is this enough? How can defenders get a leg up with IOCs have become currency and open-source threat intel data may not be enough. This panel of experts will debate.

Use the link below to watch the sessions on demand.

2020 Sponsors

Platinum Sponsors

Gold Sponsors

Event Details