Archived: Advanced Incident Detection: Protecting your business from state-sponsored actors

On-Demand Event

Earn up to 3 CPE credits by attending this virtual conference.

Through advanced techniques and a specific focus, cybercriminals — including nation-state actors – seek to gain access to heavily defended environments. Responding to these attacks as they happen is extremely difficult, which is why it’s essential to invest in and sharpen your incident detection and response strategy before an attack happens.

SC Media hosted a virtual event on August 10 that convened keynote speakers John Grim of Verizon Threat Research Advisory Center and Keatron Evans of InfoSec who specialize in combatting state-sponsored attackers. Discussions and presentations provided insight on how to detect and prevent such threats, including:

  • Understand who the threat actors are and the tactics, techniques and procedures they use
  • Learn what can be done to prevent, mitigate, detect and respond to these attacks
  • Hear from leading incident detection and response vendors about their offerings and strategies

Our Advanced Incident Detection curriculum will give you the perspective you need to position your defenses. Register for the On-Demand eSummit now!


10:45 AM ET 
Conference opens 
11:00 AM ET 
KEYNOTE | Cyber-espionage threat landscape 
John Grim, Head of Research, Development, and Innovation at Verizon Threat Research Advisory Center 

Cyber-espionage breaches pose a unique challenge. Through advanced techniques and a specific focus, cyber-espionage threat actors seek to gain access to heavily defended environments, laterally move with stealth, efficiently obtain targeted data and move out smartly (or even stay back and maintain covert persistence).  

To shed some light on the state of cyber espionage, Verizon released its 2020-2021 Cyber-Espionage Report. This keynote features insights from the report to identify:  

  • Targeted victims and the attributes, assets and data that are targeted 
  • Who the threat actors are and the tactics, techniques and procedures they use  
  • What can be done to prevent, mitigate, detect and respond to their attacks 

11:55 AM ET  
Effectively detect and respond to APT intrusions 
Lindsay Kaye, Director of Operational Outcomes for Insikt Group, Recorded Future 
Craig Terron, Sr. Manager of Insikt Group’s Global Issues Team, Recorded Future  

By their nature, APT campaigns are stealthy and hard to detect. Without an understanding of the tactics and techniques used by these threat actors, you will be stuck in the dark when it comes to defending against an attack. 

Join Recorded Future for a lively discussion about APT detection strategies and: 

  • Learn how you can implement procedures to efficiently observe activity 
  • Detect intrusions and respond 
  • Strengthen your security posture 

12:35 PM ET  
The importance of embedded expertise to help guide incident response 
Eoin Miller, Manager of Detection and Response Services, Rapid7 

During a response to an incident, the organization’s leaders can be confronted with several time-critical decisions. To maintain its reputation and the trust of its customers, as well as minimize the financial impact, leaders must ensure they are making informed decisions. To get these decisions right the first time, the importance of embedded expertise cannot be stressed enough. 

Join Rapid7 at this session to learn: 

  • Strategies to tackle deeply technical issues of what an attacker has done and had access to 
  • How the organization’s actions could impact the business and customers 
  • The common types of expertise that could be obtained from within the organization and from outside firms, if necessary 

1:15 PM ET 
Tales from the frontlines of nation-state attacks 
Dr. Saumitra Das, CTO Founder, Blue Hexagon 

In just Q1 of 2021, there were already more than 20 documented high impact state-sponsored attacks. These state-sponsored attackers have great operational security, are willing to lie low patiently and persist to find the victim’s crown jewels versus smashing and grabbing, and they are increasingly utilizing the software supply chain and even the security supply chain and even the security supply chain to gain initial access. 

This webcast covers key tactics being used by state-sponsored attackers in targeted intrusions with real battlefield examples including software supply chain infection, security supply chain exploits, evasive C2 and beaconing, AI and automation for malicious targeting and code generation, and lateral spread between on-premises to cloud to mobile. 

Understanding these tactics provides a framework for reasoning about the most effective countermeasures. To deal with a sophisticated adversary, a multipronged approach is needed for defense that includes: 

  • Focusing on detection and response of the unknown versus rules-based prevention 
  • Supercharging security staff with tools that have an opinion versus just visualizing a ton of log data 
  • Reducing attack surface proactively 

1:55 PM ET 
KEYNOTE | Tales from the SOC: Lessons any cyber team can learn from 
Keatron Evans, Principal Security Researcher, InfoSec 

While the security threatscape evolves every day, attacker tactics and techniques are often more predictable than creative. Join veteran incident responder and cybersecurity instructor Keatron Evans for first-hand accounts of the most challenging responses of his career — and what he and his clients learned along the way. You’ll leave this session with practical steps your SOC team can take now to prepare for the next attack, including how to:  

  • Assess your team’s skills 
  • Patch knowledge gaps to build defenses for tomorrow’s threats