Earn up to 6.5 CPE credits by attending this virtual event.
Staying proactive in the fight against cybercriminal activity requires constant vigilance, and also a commitment to continually improve your threat hunting methodologies. A quick scouring of your environment won’t do. You need to look harder, probe further. You must map out the nooks and crannies of your attack surface, stay abreast of the latest threat intel developments, and monitor for suspicious activity that deviates from business norms.
This eSummit will suggest ways you can optimize your threat hunting resources so you’re not just scratching the surface, but actually digging deep into your ecosystem to root out threats. Topics include:
OPENING KEYNOYE | Reducing dwell time: Making every minute count
11am - 11:30am ET
Dwell time – often measured by the metrics mean time to detect (MTTD) and mean time to repair/remediate (MTTR) – is one of the most significant indicators of whether your proactive threat hunting practices are effectively rooting out threat actors that are hiding in your network. This session will suggest effective methodologies and strategies for reducing dwell time, while offering recommendations on how to stand up a threat hunting program that allows you to take proper and decisive action when a legitimate threat is uncovered
Top threats in retail environments
11:30am - 12pm ET
Kedar Hiremath: Umbrella Product Marketing Manager, Cisco
Join Cisco's Kedar Hiremath, Umbrella Product Marketing Manager, as he discusses real-life threats and how Cisco Umbrella combats these threats in retail environments.
Threat hunting for effective cybersecurity
12pm - 12:30pm ET
Derrek Smith: CTI Specialist, Cybersixgill
The Deep and Dark Web poses unprecedented challenges for organizations when it comes to battling cyber threats. This is where criminals plan their attacks and provide the tools and techniques needed to carry them out. Within this complex cyber threat battleground, companies cannot afford to continue relying on passive, reactive defense, and instead must leverage the tools and methodologies to facilitate a truly proactive and preemptive cyber defense program.
This session will discuss and demonstrate threat hunting – the best for practices organizations to seek out the highest-priority potential cyber threats and the necessary steps to strengthen their overall cyber resilience. Attendees will go away knowing how to find and prevent threats before they become attacks.
Throughout this presentation attendees will learn and understand:
Research Session | Wanted: A Few Good Threat Hunters
12:45pm - 1:30pm ET
Bill Brenner: VP of Content Strategy, CyberRisk Alliance
Dana Jackson: VP of Research, CyberRisk Alliance
Cybersecurity pros who comprise CRA's audience want to incorporate threat hunting into their operations but are stymied by the high cost of threat hunting tools and a severe shortage of skilled threat hunters. In this report, survey respondents from our audience explain why they want threat hunting and where they face the biggest obstacles.
CLOSING KEYNOTE | Purple teaming and game theory: Ensuring red vs. blue is a win-win for you
1:30pm - 2pm ET
Your red and blue teams may be natural rivals, but it doesn't mean they should be enemies. There are benefits to both sides working closely together and regularly communicating with each other. This purple-teaming philosophy gives security teams a better understanding of how attackers and defenders operate, interact and try to one-up each other. Interestingly, they're a whole branch of applied mathematics that examines how parties with competing interests make logical decisions based on their opponent's actions in order to achieve a winning outcome. It's called game theory, and this session will look at how organizations can apply game theory principles in their purple teaming and threat hunting.
OPENING KEYNOTE | Is your managed security service equipped to hunt APTs?
11am - 11:30am ET
Alexia Crumpton: Lead Cybersecurity Engineer, MITRE
In late 2022, the MITRE Engenuity foundation revealed the findings from its first-ever ATT&CK Evaluations for managed security service providers. The report measured various MSSPs' ability to recognize, analyze and report the TTPs of the OilRig Advanced Persistent Threat group. This session will dig into the findings to help MSSP customers and prospective clients determine what they should be looking for when ascertaining whether a particular managed security services provider is the right fit when it comes to proactively hunting threats posed by sophisticated cyber adversaries.
Breaking out of the time loop
11:30am - 12pm ET
Altaz Valani: Director of Insights Research, Security Compass
Hasan Yasar: Technical Director of Continuous Deployment of Capability group, CMU
Rob Cuddy: Solution Architect for Secure DevOps, HCL Software
Threat hunting is often tied to SIEM and SOAR as part of SOC activities. What often gets missed is relaying the insights and findings back to software developers who can benefit from this and make their code more secure. This creates a situation where the same software security mistakes happen over and over. That creates repeated work for SOC teams; like being stuck in a time loop.
We hear a lot about DevSecOps and shifting left but, unfortunately, security activities largely continue to operate in silos. Threat hunting can be used as a way of bringing our software developers into the fold. In turn, the additional insights shared by software developers can further enhance SOC teams with a much deeper understanding of the security challenges at a granular level. This sharing of information can be used to generate policies at the requirements level, which can amplify the impact of an initial threat hunting finding across a broader portfolio of systems. That increases the value of threat hunting in the eyes of business stakeholders.
This presentation will focus on the following:
This presentation will appeal to SOC teams, CISOs, and software developers who want to make their systems more secure and are on a cultural journey of continuous security improvement.
3 Core Pillars of Threat Hunting: Coverage, Workflow & Retention
12:15pm - 12:45pm ET
Josh Snow: Principal Sales Engineer, ExtraHop
If it seems like cyber threats are becoming more advanced, they are. Attackers are using more sophisticated tools and techniques to circumvent security controls and make their way into your environment.
Join Josh Snow of ExtraHop as he takes you through:
Deception best practices: Flipping the script on your attackers
12:45pm - 1:30pm ET
Ondrej Nekovar: CISO & Chief Deception Officer, State Treasury - Center of Shared Services, Ministry of Finance, Czech Republic
Timothy Rohrbaugh: Principal & Security Advisor, CISOonCall
One of the key disciplines that Active Cyber Defense (ACD) practitioners employ is deception in the form of decoys, honeypots and another "shiny objects" and obstacles. In a sense, deception borrows the principles of judo – using your attackers’ aggressiveness against them. Threat hunters use this strategy to gain more visibility into enemy movement, while at the same redirecting adversaries to an environment that defenders have fully under their control. The use of beacons, fake assets and imaginary credentials only add to the ruse, making attackers think they have hit the jackpot. This session will look at recent successes and innovations in the use of deception technology, including concepts such as building deception at edge, and using deception to root out sophisticated APT threats.
Please check back for updates to this agenda*