Threat Intel: A key to demystifying network security

On-Demand Event

Earn up to 6.5 CPE credits by attending this virtual event.

The saying “easy to learn, difficult to master” fits network security to a T. We know tools like SIEM and SOAR can help prevent and mitigate system intrusions and other anomalous events. But these solutions are only as effective as the threat intelligence your SOC team is leveraging to create detection rules and response policies. And don’t forget: the bad guys have their own tricks up their sleeve to evade your defenses – meaning you must continually revise your network settings and strategies to keep up with the latest threat intelligence. This eSummit will restore some clarity for network defenders, helping them optimally leverage intel to devise the right strategy for them.

Join SC Media July 19-20 to hear cybersecurity experts discuss topics that will include:

  • CyberRisk Alliance’s exclusive threat intelligence research
  • The latest intel on how attackers are evolving ransomware — and how you can protect yourself
  • A look at how to configure and automate your SIEM and SOAR operations to make the most of your threat intelligence
  • Tips for translating CTI into better threat models and risk assessments
  • Abuse of machine identities and other TTPs that have been trickled down from APT groups to cybercriminal gangs



Day 1

11:00 AM
Opening Keynote:
Translating CTI into better threat models & risk assessments
John Sapp: Vice President, Information Security & CISO, Texas Mutual Insurance Company

Ideally, security teams should be regularly integrating up-to-date and reliable cyber threat intelligence directly into their threat models and risk assessments. That way, they can put themselves in the optimal position to take preemptive action against the latest relevant threats while reducing the risk of a damaging incident. But not every organization has the right processes, solutions or strategies in place to successfully translate CTI into meaningful models and assessments. This session will look what what’s working, and what’s not.

11:30 AM
Ransomware incident response: zero to full domain admin
Joseph Carson Chief Security Scientist and Advisory CISO, Delinea

Join Delinea’s Chief Security Scientist and Ethical Hacker Joseph Carson as he explains how a ransomware attack progresses from initial credential compromise to escalated privileges, exfiltrated data, and ultimately the ransomware deployment and ransom demand.
Watch a step-by-step example of how to:
• Effectively respond when an attack is detected
• Gather evidence to craft a contextual response that remediates the attack
• Better secure your environment against future attacks

12:00 PM
Elevate cyber resilience with relevant threat intelligence
Rob Aragao: Chief Security Strategist, CyberRes a Microfocus line of business

Is your SOC team drowning in alerts? In the world of exploding and ever evolving threats, your team needs to find and respond to what matters fast. The right threat intelligence plays a critical role in helping you preempt, withstand, and recover in less time. Join us and learn about how advanced and curated threat feeds can enable your SOC to achieve a higher level of cyber resilience while improving operational efficiency and effectiveness.

12:30 PM

12:45 PM
Research Session
Threat Intelligence — Where Security Teams Stand
Bill Brenner, VP of content, CyberRisk Alliance
Dana Jackson, VP of research, CyberRisk Alliance

Join Bill Brenner, VP of content for CyberRisk Alliance Business Intelligence, and Dana Jackson, CyberRisk Alliance VP of research, for a preview of our upcoming report on threat intelligence, based on a recent survey of security practitioners.  We’ll explore the challenges and opportunities threat intelligence presents.

1:30 PM
Enhance your threat intelligence with anomaly detection using duo trust monitor
Scott Grebe: Sr. Product Marketing Manager at Duo

Cyberattacks don’t take a day off, so having advanced threat intelligence is a must. In this session we’ll talk about how you can stay one step ahead of cybercriminals by detecting anomalous authentications to your applications and network with Duo Trust Monitor.

2:00 PM
The Anubis Clock: We are all on borrowed time against the attackers
Aamir Lakhani Senior Manager, Fortinet

In this presentation, Aamir Lakhani, Manager, FortiGuard Labs will offer a real-world introduction to “the bad guys” in 2021. Aamir will explore and reveal some of the top hacker tools, techniques, Darknet markets, and DeepWeb exploits that attackers are currently using to attack, exploit, and breach organizations – including state, local, and education institutions around the globe. Aamir will offer tips for how your organization can take control of the race against the “Anubis Clock.”

2:30 PM
Closing Keynote:
Evil, evolved: Beware these latest ransomware and extortion threats!
Michael Daniel: President & CEO, Cyber Threat Alliance

Despite global law enforcement’s concerted efforts to crack on ransomware gangs, extortion groups continue to perpetrate attacks at an alarming rate this year – in one case spiraling an entire country – Costa Rica – into economic crisis. This session will examine and evaluate the latest critical threat intelligence around ransomware/extortion group operations, and then recommend what precautions organization should take based on these current developments. Talking points will include the malicious endeavors of groups such as Lapsus$, BlackCat and Conti, as well as lessons learned from incidents that recently affected governments, the airline industry, the farming and agriculture sector, and more.

Day 2

11:00 AM
Opening Keynote:
Configuring & automating your SIEM to make the most of threat intelligence
Collin Tullius: Cyber Security Engineer, Chevron Federal Credit Union

In an ideal world, new threat intelligence continually feeds into your SOC, and is subsequently analyzed and translated into a detection and response strategy. The question is: how effectively are businesses today at meaningfully integrating CTI into their SIEM and SOAR operations? This session will examine strategies for how to properly configure and automate your network security architecture in order to better filter and prioritize your incoming intelligence, so that your most relevant threats are ultimately identified and remediated.

11:30 AM
Pain Points: analyzing the data disclosure layer of double extortion ransomware attacks
Paul Prudhomme: Head of Threat Intelligence Advisory, Rapid7

In this session you’ll learn about trends among attackers that Rapid7 has discovered while analyzing ransomware incidents. This presentation focuses on “double extortion” attacks where threat actors gain access to a victim’s information (and then encrypt it) to either leak it online, sell it, or hold it for ransom. Watch this session by Rapid7’s Head of Threat Intelligence Advisory, Paul Prudhomme, to see the results in addition to breakdowns by geography, industry, and ransomware groups.

12:00 PM
Thought Leadership Panel:
Sharpening incident response sims & exercises with the latest threat intel
Amanda Cody: CISO, FS-ISAC
Jim Dinneen: COO, Advanced Cyber Security Center
Alexandre Dulaunoy: Security Researcher, Computer Incident Response Center Luxembourg

Security and incident response teams often conduct realistic attack simulations and cyber range/tabletop exercises so that they are properly prepped for when an actual threat scenario occurs. But to be optimally prepared, organizations should ensure that they are factoring in the most accurate and up-to-date threat intelligence into these training programs. This panel session will offer recommendations on how to keep your attack simulations fresh and relevant to today’s evolving threats — with examples and tips from three leading organizations in this space.

12:45 PM

1:00 PM
Threat-intelligence in the context of cloud attacks
Gokul Rajagopalan Sr. Director of Product Management, Vectra Al

As enterprises embrace the cloud, so are attackers. This session dissects one such attack in order to understand the evolving role of threat-intel in detecting and stopping such attacks. Also learn how, aided by Vectra’s behavioral AI and threat-intelligence, analysts can paint a complete picture of an attacker’s progression.

1:30 PM
Closing Keynote:
The TTP trickle-down effect: A case study of malicious machine identities
Tammy Moskites: CEO & Founder, CISO, CyAlliance

Even if organizations believe they are not a nation-state cyber target (and don’t be too sure), it is nevertheless wise for them to track the latest threat intelligence around APTs and their sophisticated methodologies — because eventually these TTPs will become more accessible and find their way into the hands of everyday cybercriminal gangs. Case in point: The abuse of machine identities, once largely associated with rogue nation-states, has now become a common practice among basic cybercriminals as a way to make them appear legitimate and circumvent security controls so they can gain privileged access to critical systems and move laterally through victims’ networks. This session will underscore the importance of keeping up with the latest nation-state tactics that will one day gain more widespread adoption — using the cautionary tale of machine identity abuse as a prime example, while citing other recent instances as well.