Threat Detection and Incident Response Summit

Threat Detection and Incident Response Summit

May 22, 2024 – Register

Register for Virtual Events

In an era where “assume breach” is the status quo, organizations are working on the maturity of threat detection and incident response programs to mitigate the barrage of incoming malware and ransomware attacks.

This event delves into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit brings together security practitioners from around the world to share war stories on breaches and the murky world of high-end cyberattacks.

Sponsorship Information

2024 Diamond Sponsor

NetWitness

Platinum Sponsors

SentinelOneOkta

Gold Sponsors

Cado Security

SecurityWeek's Threat Detection and Incident Response (TDIR) Summit will dive into Threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

This must-attend forum is designed to delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Expect robust debate on the use of AI/LLMs in incident response tooling, the cost (and) curse of the “log-everything” movement, the value of threat intelligence, and the blending of sophisticated APTs with cybercrime activities.

Key topics to be addressed:

  • The extension of Endpoint Detection and Response (EDR) systems beyond traditional parameters, advancing into the network layers to provide more robust defense mechanisms.
  • Detailed examination of various threat hunting tools and frameworks, including a look at the latest technologies and methodologies being used in modern security programs.
  • The critical role of threat intelligence data and trends around monetization of feeds and government-controlled data release.
  • Best practices in logging and monitoring to spot malware infections and sharing of IOCs (indicators of compromise) artifacts to secure the ecosystem.

Agenda

May 24, 2023 11:00

The Latest In Ransomware (and What to Do About It)

Emily Laufer
Director of Product Marketing, ThreatLabz

ThreatLabz tracks dozens of ransomware families as they monitor the 300B+ daily transactions across the Zscaler Zero Trust Exchange. Lately, ThreatLabz has observed an explosion in new ransomware families (with some groups suspected to be running multiple ransomware ‘brands’), threat groups doubling down on data extortion, and lots of innovation in tactics and techniques. Join Emily Laufer from Zscaler as she walks through the latest ThreatLabz discoveries, and learn:

  • The latest ransomware innovations
  • Predictions for the next wave of ransomware trends
  • Guidance for maximizing your organization’s protections against evolving ransomware

May 24, 2023 11:45

SEARCH Party: Threat Hunting in the Clouds

Greg Foss
CrowdStrike, Security Leader

Delve into the world of cloud threat hunting at scale with lessons learned from the CrowdStrike OverWatch team. This session will focus on the experiences investigating and preventing intrusions into organizations of all sizes directly from the front lines. We will discuss practical lessons learned from our own threat hunting process, called SEARCH, and share insights into how organizations can implement practical threat hunting into their own cloud security operations. Through understanding and implementing truly proactive threat hunting, organizations can turn valuable insights into an effective security operations strategy that can be applied across the cloud and on-premise assets alike.

May 24, 2023 12:15

Deciphering the Unknown: Leveraging Knowns in Cyber Threat Detection

Tim Morris
Tanium, Chief Security Advisor

In the realm of cyber security, visibility is key to managing and defending against threats effectively. Without clear and accurate data, or "visibility", we cannot discern truth from fiction. Risk in cybersecurity is commonly assessed in two dimensions: likelihood and severity. Both factors are contingent upon having complete visibility what is being protected. By having absolute clarity and visibility, we can detect better and make more acceptable risk decisions. The concept of "knowing what you know" helps us better identify the unknowns. This clearer perspective aids in distinguishing extreme risks from low risks, while dealing with threats.

Contrary to the approach of aggregating attack surface data from multiple sources, which often results in unreliable and erroneous derivatives, this session places a strong emphasis on the critical aspect of threat detection. It underscores the need for high-quality intel that enhances visibility into potential threats. Relying on these derivatives not only amplifies the risk, but also compromises effective threat detection.

In this presentation, we'll discuss what measures can be implemented to achieve improved visibility, enhance threat detection, and secure the most critical infrastructures around the globe. We'll outline the true sources of reliable data that offer enhanced visibility and delve into the pertinent questions that will offer the best intel for making superior cyber security and risk decisions

May 24, 2023 12:45

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

May 24, 2023 13:00

Cyber Resilience: The New Strategy to Cope with Increased Threats

Torsten George
Absolute Software, Cybersecurity Evangelist

Many security practitioners understand that it’s no longer a matter of ‘if’ but ‘when’ an organization will suffer a data breach. This means that instead of primarily focusing efforts on keeping threat actors out of the network, it’s equally important to develop a strategy to reduce the impact. In turn, many organizations have started adopting a new strategy to cope with today’s increased cyber threats, which is called ‘cyber resilience’.

Cybersecurity applies technology, processes, and measures that are designed to protect systems (e.g., servers, endpoints), networks, and data from cyberattacks. In contrast, cyber resilience focuses on detective and reactive controls in an organization’s IT environment to assess gaps and drive enhancements to the overall security posture. Most cyber resilience initiatives leverage or enhance a variety of cybersecurity measures. Both are most effective when applied in concert.

This session discusses the need for cyber resiliency and its benefits, as well as illustrates why it matters using the example of application resilience. It outlines how to establish cyber resilience across an organization’s device fleet to work as a preventive measure to counteract human error, malicious actions, and decayed, insecure software. Ultimately, the goal of cyber resilience is to aggressively protect the entire enterprise, covering all available cyber resources.

May 24, 2023 13:30

Attacker Mindset in the Cloud

Taylor Bianchi
Uptycs, Senior Offensive Security Researcher

Organizations can meet compliance/regulatory responsibilities in the cloud, but still be susceptible to a threat actor escalating privileges, exfiltrating data, targeting you for ransomware. Threat actors today have become cloud experts. Their TTPs are evolving quicker than most want to believe. Therefore it's time we start thinking like them and mimicking detection on their attack behavior.

May 24, 2023 13:45

BREAK

Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.

May 24, 2023 14:00

Mastering the Cyber Battlefield Your Guide to ICS/OT Incident Response Preparation

Hussain Virani
Dragos, Senior Industrial Incident Responder

Noah Hemker
Dragos, Senior Industrial Incident Responder

Join Hussain Virani, Senior Industrial Incident Responder, and Noah Hemker, Senior Industrial Incident Responder, as they outline the intersection of OT incident respond recommendations with incident management system principles. 

Join us as we provide actionable items to improve incident preparedness, including: 

  • Facilities, equipment, and personnel recommendations
  • Recommended procedures and communication tools
  • An Incident Response Preparedness Key Action Checklist

May 24, 2023 14:30

Zero Trust-Based Strategies to Optimize Cyber Threat Defense Across the Attack Chain

Mark Brozek
Zscaler, Product Marketing Leader

Reduce the attack surface. Prevent compromise. Eliminate lateral movement. Stop data loss. These are the four goals of a zero trust strategy that minimizes the risks and impact of attacks. Learn about these pillars and the capabilities you need within each to build effective defense-in-depth against cyber threats. See how the Zscaler Zero Trust Exchange can help you realize a robust and comprehensive zero trust strategy.

May 24, 2023 15:00

Fireside Chat: John Hultquist, Chief Analyst, Mandiant

John Hultquist
Mandiant, Chief Analyst

Ryan Naraine
Editor-At-Large

Join us for an engaging fireside chat with Mandiant Chief Analyst, John Hultquist, on the nation-state threat landscape, the fog of cyberwar, the use of threat-intel data to track malware actors, the implications for AI in cybersecurity, the U.S. government's national security strategy, and much more.

May 24, 2023 15:35

Zscaler: Use Deception to Stop Ransomware Attacks

Deception is a critical—yet grossly underutilized—defense strategy. Well-designed decoys allow you to lure and detect attackers with much higher fidelity than you can ever achieve with typical detection-based security controls. In this short demo, see how you can use Zscaler Deception to quickly deploy decoys that effectively disrupt a ransomware attack at multiple stages in the attack chain.

May 24, 2023 15:40

Uptycs: The First Unified CNAPP & XDR Solution

Check out the first unified CNAPP and XDR solution! We’ll show you: - What a more cohesive enterprise-wide security posture looks like with CNAPP and XDR in the same UI - Real-life examples of how you can reduce risk, operating costs, and security failures - How to create YARA rules, explore MITRE ATT&CK chains, and investigate live and historical states - Why not both? For deployments in AWS, GCP, and Azure, you can start with instant-on agentless workload scanning, then add runtime protection with the Uptycs agent

May 24, 2023 15:50

Absolute Product Demo

Absolute is known as the pioneer of endpoint resilience, allowing you to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks, or compromises on endpoints and their installed, mission-critical applications.

This product demo showcases how Absolute Resilience™ delivers application self-healing and confident risk response, empowering you to strengthen your security and compliance posture through cyber resiliency. Absolute Resilience delivers a broad set of capabilities that allow you to gain granular insights, take actions from anywhere, and continue your business despite inevitable attacks via endpoint resilience. Join us to learn how Absolute makes security work

May 24, 2023 16:11

Dragos Demo

Dragos was founded by renowned ICS/OT practitioners who have defeated adversaries for the U.S. government, ally nations, and global firms. Today, Dragos is on a mission to protect the world’s most critical infrastructure and safeguard civilization. We know that’s a mission you can get behind.

Solutions Theater (On-demand)

[On-Demand] Zscaler: Use Deception to Stop Ransomware Attacks

Deception is a critical—yet grossly underutilized—defense strategy. Well-designed decoys allow you to lure and detect attackers with much higher fidelity than you can ever achieve with typical detection-based security controls. In this short demo, see how you can use Zscaler Deception to quickly deploy decoys that effectively disrupt a ransomware attack at multiple stages in the attack chain.

[On-Demand] Tanium Demo

TBD

[On-Demand] CrowdStrike Demo

TBD

[On-Demand] Uptycs: The First Unified CNAPP & XDR Solution

Saurabh Wadhwa
Uptycs, Senior Solutions Engineer

Check out the first unified CNAPP and XDR solution! We’ll show you: - What a more cohesive enterprise-wide security posture looks like with CNAPP and XDR in the same UI - Real-life examples of how you can reduce risk, operating costs, and security failures - How to create YARA rules, explore MITRE ATT&CK chains, and investigate live and historical states - Why not both? For deployments in AWS, GCP, and Azure, you can start with instant-on agentless workload scanning, then add runtime protection with the Uptycs agent

[On-Demand] Absolute Product Demo

Torsten Larson
Absolute Software, Senior Sales Engineer

Absolute is known as the pioneer of endpoint resilience, allowing you to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks, or compromises on endpoints and their installed, mission-critical applications. This product demo showcases how Absolute Resilience™ delivers application self-healing and confident risk response, empowering you to strengthen your security and compliance posture through cyber resiliency. Absolute Resilience delivers a broad set of capabilities that allow you to gain granular insights, take actions from anywhere, and continue your business despite inevitable attacks via endpoint resilience. Join us to learn how Absolute makes security work.

[On-Demand] Abnormal Demo

TBD

[On-Demand] Dragos Demo

TBD

In this keynote at SecurityWeek's 2021 Threat Intelligence Summit, John Lambert, GM of the Microsoft Threat Intelligence Center, discusses how it’s more important than ever for defenders and organizations to come together and better share information that can help the entire ecosystem protect against emerging threats. Lambert shares specific examples of how community resources such as GitHub, MITRE’s ATT&CK Framework, Sigma rules, CodeQL queries and Jupyter notebooks have all been used in recent months to “open-source” security to better defend against sophisticated threats such as NOBELIUM and others.

Register Now

Event Details