Threat Hunting on Steroids: Time to dig deeper

On-Demand Event

Earn up to 6.5 CPE credits by attending this virtual event.

Staying proactive in the fight against cybercriminal activity requires constant vigilance, and also a commitment to continually improve your threat hunting methodologies. A quick scouring of your environment won’t do. You need to look harder, probe further. You must map out the nooks and crannies of your attack surface, stay abreast of the latest threat intel developments, and monitor for suspicious activity that deviates from business norms. 

This eSummit will suggest ways you can optimize your threat hunting resources so you’re not just scratching the surface, but actually digging deep into your ecosystem to root out threats. Topics include: 

  • The latest exclusive research on threat hunting from the CyberRisk Alliance 
  • How to reduce dwell time by finding, prioritizing and reacting to anomalies more quickly
  • Advancements in machine learning, AI and analysis that will empower threat hunters 
  • Assessing your hunt: How to quickly separate the true threats from false positives 

Tuesday, February 21st

OPENING KEYNOYE | Reducing dwell time: Making every minute count
11am - 11:30am ET

Jonathan Kazar: Senior Associate Cyber Threat Intelligence, New York Life Insurance Company

Dwell time – often measured by the metrics mean time to detect (MTTD) and mean time to repair/remediate (MTTR) – is one of the most significant indicators of whether your proactive threat hunting practices are effectively rooting out threat actors that are hiding in your network. This session will suggest effective methodologies and strategies for reducing dwell time, while offering recommendations on how to stand up a threat hunting program that allows you to take proper and decisive action when a legitimate threat is uncovered

Top threats in retail environments
11:30am - 12pm ET
Kedar Hiremath: Umbrella Product Marketing Manager, Cisco

Join Cisco's Kedar Hiremath, Umbrella Product Marketing Manager, as he discusses real-life threats and how Cisco Umbrella combats these threats in retail environments.

Threat hunting for effective cybersecurity
12pm - 12:30pm ET
Derrek Smith: CTI Specialist, Cybersixgill

The Deep and Dark Web poses unprecedented challenges for organizations when it comes to battling cyber threats. This is where criminals plan their attacks and provide the tools and techniques needed to carry them out. Within this complex cyber threat battleground, companies cannot afford to continue relying on passive, reactive defense, and instead must leverage the tools and methodologies to facilitate a truly proactive and preemptive cyber defense program.

This session will discuss and demonstrate threat hunting – the best for practices organizations to seek out the highest-priority potential cyber threats and the necessary steps to strengthen their overall cyber resilience. Attendees will go away knowing how to find and prevent threats before they become attacks.

Throughout this presentation attendees will learn and understand:

  • How to effectively prepare for and plan the threat hunt, with detailed explanations of the tools and information needed.
  • How to set priorities and build a threat hunting road map.
  • The five steps involved in a threat hunt and how to perform them effectively.
  • Insights necessary to make the most of the information gathered through threat hunting.

Research Session | Wanted: A Few Good Threat Hunters
12:45pm - 1:30pm ET

Bill Brenner:  VP of Content Strategy, CyberRisk Alliance
Dana Jackson: VP of Research, CyberRisk Alliance

Cybersecurity pros who comprise CRA's audience want to incorporate threat hunting into their operations but are stymied by the high cost of threat hunting tools and a severe shortage of skilled threat hunters. In this report, survey respondents from our audience explain why they want threat hunting and where they face the biggest obstacles.

CLOSING KEYNOTE | Purple teaming and game theory: Ensuring red vs. blue is a win-win for you
1:30pm - 2pm ET

Vanessa Redman: AVP, Information Security Assurance, Credit One Bank

Your red and blue teams may be natural rivals, but it doesn't mean they should be enemies. There are benefits to both sides working closely together and regularly communicating with each other. This purple-teaming philosophy gives security teams a better understanding of how attackers and defenders operate, interact and try to one-up each other. Interestingly, they're a whole branch of applied mathematics that examines how parties with competing interests make logical decisions based on their opponent's actions in order to achieve a winning outcome. It's called game theory, and this session will look at how organizations can apply game theory principles in their purple teaming and threat hunting.

Wednesday, February 22nd

OPENING KEYNOTE | Is your managed security service equipped to hunt APTs?
11am - 11:30am ET
Alexia Crumpton: Lead Cybersecurity Engineer, MITRE

Lex Crumpton: Lead Cybersecurity Engineer, MITRE

In late 2022, the MITRE Engenuity foundation revealed the findings from its first-ever ATT&CK Evaluations for managed security service providers. The report measured various MSSPs' ability to recognize, analyze and report the TTPs of the OilRig Advanced Persistent Threat group. This session will dig into the findings to help MSSP customers and prospective clients determine what they should be looking for when ascertaining whether a particular managed security services provider is the right fit when it comes to proactively hunting threats posed by sophisticated cyber adversaries.

Breaking out of the time loop
11:30am - 12pm ET
Altaz Valani: Director of Insights Research, Security Compass
Hasan Yasar: Technical Director of Continuous Deployment of Capability group, CMU
Rob Cuddy: Solution Architect for Secure DevOps, HCL Software

Threat hunting is often tied to SIEM and SOAR as part of SOC activities. What often gets missed is relaying the insights and findings back to software developers who can benefit from this and make their code more secure. This creates a situation where the same software security mistakes happen over and over. That creates repeated work for SOC teams; like being stuck in a time loop.

We hear a lot about DevSecOps and shifting left but, unfortunately, security activities largely continue to operate in silos. Threat hunting can be used as a way of bringing our software developers into the fold. In turn, the additional insights shared by software developers can further enhance SOC teams with a much deeper understanding of the security challenges at a granular level. This sharing of information can be used to generate policies at the requirements level, which can amplify the impact of an initial threat hunting finding across a broader portfolio of systems. That increases the value of threat hunting in the eyes of business stakeholders.

This presentation will focus on the following:

  • The importance of transferring threat hunting findings to your architects and developers
  • Creating a test suite to automate detection pre-deployment
  • Creating a policy to detect the impact on other apps and catch the vulnerability as early as possible
  • Mapping true severity and risk to business goals
  • Expanding to other vulnerabilities in close proximity based on premises from your initial hypotheses

This presentation will appeal to SOC teams, CISOs, and software developers who want to make their systems more secure and are on a cultural journey of continuous security improvement.

3 Core Pillars of Threat Hunting: Coverage, Workflow & Retention
12:15pm - 12:45pm ET
Josh Snow: Principal Sales Engineer, ExtraHop

If it seems like cyber threats are becoming more advanced, they are. Attackers are using more sophisticated tools and techniques to circumvent security controls and make their way into your environment. 

Join Josh Snow of ExtraHop as he takes you through:

  • The 3 core pillars of threat hunting, and when to leverage them
  • How attackers can leverage tools like Cobalt Strike to gain access to an organization's environment
  • How one organization used network data to detect a Cobalt Strike attack

Deception best practices: Flipping the script on your attackers
12:45pm - 1:30pm ET
Ondrej Nekovar: CISO & Chief Deception Officer, State Treasury - Center of Shared Services, Ministry of Finance, Czech Republic
Timothy Rohrbaugh: Principal & Security Advisor, CISOonCall

One of the key disciplines that Active Cyber Defense (ACD) practitioners employ is deception in the form of decoys, honeypots and another "shiny objects" and obstacles. In a sense, deception borrows the principles of judo – using your attackers’ aggressiveness against them. Threat hunters use this strategy to gain more visibility into enemy movement, while at the same redirecting adversaries to an environment that defenders have fully under their control. The use of beacons, fake assets and imaginary credentials only add to the ruse, making attackers think they have hit the jackpot. This session will look at recent successes and innovations in the use of deception technology, including concepts such as building deception at edge, and using deception to root out sophisticated APT threats. 

Please check back for updates to this agenda*


CiscoCybersixgill LogoExtrahopSecurity Compass