Archived: Threat Intelligence: Building a program that turns data into action

On-Demand Event

(Aired on May 18-19, 2021)
Earn up to 6.5 CPE credits by viewing this virtual conference.

Shifting your security focus to the risks that matter most requires intelligence. But even organizations with access to threat intelligence can find themselves challenged when it comes to leveraging that data effectively and consistently.

SC Media’s two-day eSummit focused on building a threat intelligence program that fits your organization’s needs. This strategic learning opportunity is designed to help both organizations that are considering standing up a threat intelligence practice as well as those that may have struggled with implementation. Experienced threat intel professionals will dive deep on topics that include:

  • How threat intelligence programs can shift a security team from a reactive to a predictive stance
  • Why efficiency immediately increases for security teams once programs are implemented
  • How organizations find strength in numbers through collaborative threat programs

Positioning your organization to foresee potential threats can have a profound impact on risk reduction. Join us to discover how to turn threat data into action. Register now.

Day 1

11:00 AM ET
Keynote: Rising above the noise: How a year of hard lessons redefines demands
Dave DeWalt, Managing Director, NightDragon

A string of cybersecurity incidents during the last year shined a bright spotlight on gaps in the existing tools and tactics used to protect public and private networks. Were these failures in technology or in strategy? For all the advancements made, has the community grown complacent? We will speak to Dave Dewalt, head of acquisition company NightDragon and former CEO of FireEye and McAfee, about why the cybercommunity was caught off guard, what has changed about the threat landscape during his years in the business, why certain startups attract his attention and dollars, and whether a market transformation is in order.

12:00 PM ET
Webcast: Threat intelligence: The essential ingredient in your XDR strategy 
Thomas Graves, Senior Solutions Engineer, Anomali

XDR is a promising security architecture providing a foundation for organizations to move closer to managing their security infrastructure as an integrated, unified platform and preventing, detecting, and responding to threats more effectively across the enterprise. But to be successful, an essential ingredient in any XDR implementation is high-fidelity threat intelligence that connects to structured workflows in order to avoid contributing to even more alert fatigue and a team response that is un-prioritized and unfocused. Come learn about how relevant threat intelligence powers the analytics, detection, investigation, and response layers of XDR.

2:40 PM ET
Webcast: One phish, two phish: Detecting ransomware attacks pre-encryption 
Lindsay Kaye, Director of Operational Outcomes, Insikt Group, Recorded Future

Join this session to hear about:

  • Best practices and methodologies that organizations can use to detect threats 
  • Specific examples of actual compromises by ransomware operators 
  • Guidance on how to identify opportunities for detecting malicious behavior during the post-compromise, pre-encryption phase

1:20 PM ET
Webcast: Intelligence is good. Requirements-driven intelligence is better 
Maurits Lucas, Director of Intelligence Solutions, Intel 471

Many security practitioners will have heard of “Requirements driven intelligence” – the approach of establishing Intelligence Requirements as the blueprint of your CTI program. But how do you operationalize such an approach? 

In this presentation we introduce a publicly available methodology we developed at Intel 471 called “CU-GIRs” that allows you to establish Intelligence Requirements by looking at stakeholders and use cases, group and prioritize those intelligence requirements, and build collection plans corresponding to the requirements. 

In this way, the CTI program can create more measurable value for its stakeholders and can be continually tweaked to increase its effectiveness and efficiency and respond to changing stakeholder demands. 

Key Topics: 

  • What are Intelligence Requirements (IRs)? 
  • Benefits of Developing Intelligence Requirements (IRs) 
  • Challenges in Building Requirements-Driven Intelligence Programs 
  • Using the CU-GIR methodology to bring structure to the CTI process 

2:00 PM ET
Webcast: Putting your threat intel to work for you
Jane Goh, Cortex Team Lead, Palo Alto 

Are you getting the most out of your threat feeds?  I am guessing not. With the dozens of threat feeds your team gets, it is difficult to understand the relevance of a threat to your environment. And let’s face it, it’s no fun having to manually tune and score indicators of compromise (IOCs) to match your environment.  

So you might be relying on a threat intelligence platform (TIP) to aggregate intelligence sources, but without the real world context linking these threats to incidents within your organization, it’s still hard to take confident action. 

Enter stage left, automation. Join us for this session to learn practical use cases for how automation can help you eliminate manual tasks, reveal critical threats and take automated action so you can seamlessly manage millions of daily indicators across multiple threat feeds.

2:40 PM ET
Webcast: Continuous security validation: Exercise your environment more than the adversary 
Jose Barajas, Technical Director, NA Sales Engineering, AttackIQ 

With Incident Response as the new normal, ensuring that our systems and processes support that effort and threat hunting are working as expected. We will discuss why and how to establish a Continuous Security Validation (CSV) program within your organization. Specifically, how such a program evolves beyond Breach and Attack Simulation (BAS) and provides teams a continuous feedback loop to understand their posture and identify gaps as they arise.

3:20 PM ET
Webcast: Obfuscation in threat hunting: Why should the threat actors know who the good guys are? 
Gordon Lawson, Chief Executive Officer, NetAbstraction

In this session, learn how NetAbstraction effectively hides your enterprise’s network by transparently distributing search and sandbox functions to prevent any correlation back to your company. There is a 90% chance of someone knowing the exact routing of any particular data transmission. NetAbstraction is built on the principles of the US Intelligence Community where non-attribution is essential to conducting effective cyber operations. 

Whether it is OSINT research, Incident Response, or Threat Intelligence, both search and sandbox capabilities should be secure, private, and geographically opaque so as not to provide threat actors with a means of understanding what threats your organization has been exposed to.  Any enterprise directly using the Internet exposes their IP address, location and network identity. Any external connection used by your company is a potential source of attack on your data and systems. NetAbstraction is unique in that we provide a proactive foundation for smart enterprise privacy. 

4:00 PM ET
Webcast: How pin-pointed threat intelligence will help you proactively prevent your next security breach 
Speaker(s): Yochai Corem, Chief Executive Officer, Cyberint

If anyone has benefitted from the pandemic, it has been cyber attackers.  As businesses expanded their investment in cloud resources and other IT resources in response to the pandemic, cyberattacks also dramatically increased.  Businesses reported 445 million cyberattack incidents in 2020, double the rate for 2019. It didn’t have to be this way. With stronger threat intelligence solutions in place, many of the security incidents of 2020 could likely have been averted. During this Yochai Corem, CEO at Cyberint, will demonstrate with examples why pin-pointed Threat Intelligence will help you proactively prevent your next security breach. 

Day 2

11:00 AM ET
Keynote: Case Study: Creating a new threat-sharing community 
Douglas Levin, K12 Security Information Exchange (K12 SIX) and President of EdTech Strategies and the K-12 Cybersecurity Resource Center 

Organizations that operate in the same business sector have much in common, including the cyber threats they typically face, and the challenges of defending against them. And so it is imperative that these organizations have a platform through which they can openly share threat intelligence with each other. This was the thinking behind K12 SIX, a recently formed information sharing & Analysis Center that was specifically created for school districts. In this keynote presentation, Douglas Levin, national director of K12 SIX and president of EdTech Strategies and the K-12 Cybersecurity Resource Center, will detail the challenges and value proposition of creating a threat-sharing community within your industry and initiatives that your own threat-sharing group should consider launching. 

12:00 PM ET
Webcast: Autonomous cyber AI: Redefining enterprise security 
Justin Fier, Director of Cyber Intelligence & Analytics, Darktrace 

In this new era of cyber-threat, characterized by both slow and stealthy attacks and rapid, automated campaigns, static and siloed security tools are failing. Organizations need to urgently rethink their strategy – to ensure their people and critical data are protected, wherever they are. Powered by autonomous cyber AI, today’s self-learning defenses are capable of identifying and neutralizing security incidents in seconds – not hours. In this session, learn how self-learning AI:  

  • Detects, investigates and responds to threats – even while you are OOTO  
  • Protects your entire workforce and digital environment – wherever they are, whatever the data 
  • Defends against zero-days and other advanced attacks – without disrupting the organization 

12:40 PM ET
Webcast: Actionable threat intelligence 
Greg Iddon, Threat Response Strategist, Sophos  

Signal prioritization, lifting important signals out from the noise, is essential for mature security operations centers. But access to high quality intelligence that helps you derive verdicts and enables you to take action is rare. OSINT feeds are often stale or out of date, URLs for once valid C2s now produce false positives. And even with quality intelligence feeds, how can we turn that intelligence into action?  In this session you will learn: 

  • Practical threat intelligence use cases you can implement on your own 
  • How our threat hunters utilize Sophos threat intelligence services to improve investigations 
  • Suggestions on how to add threat intelligence into your security operations process 
  • Threat intelligence features to look for when choosing an intelligence service partner

1:20 PM ET
Webcast: Cyber Resilience for Digital Operations
Christopher Morales, CISO and Head of Security Strategy, Netenrich

Security operations needs context awareness to ensure the success of business initiatives in a world of advanced, targeted attacks. Netenrich empowers security, IT and cloud operations to thrive during adversity with adaptive incident resolution using real time, data driven risk and trust-based decision making. The Netenrich Resolution Intelligence platform streamlines the process of managing, analyzing, and fixing the root cause of incidents to prevent future disruption.

2:00 PM ET
Webcast: How to put your threat intelligence data to work 
Valeriy Leykin, Director, Product Management, SafeBreach 

Having access to threat intelligence is important, but even more important is having a strategy that puts that threat intelligence data to work for you, and the visibility to prioritize the risks that matter most to the business. Join SafeBreach for a discussion around Threat Intelligence best practices, tips for how to ensure the data is feeding into your daily efforts, and how the ability to combine threat intelligence, vulnerability management, and the right attack scenarios can be a force multiplier for your collaborative efforts across the business. 

2:40 PM ET
Webcast: Build your best threat intelligence program
Paul Prudhomme, Head of Threat Intelligence Advisory, Intsights

Security professionals aren’t getting the most out of their threat intelligence program, because they are not applying the concept of the Intelligence Cycle. They need such a comprehensive system that guides collection, analysis, production, intelligence dissemination, and evaluation to inform decision-makers and other stakeholders. 
Join this webcast and improve your threat intelligence program by learning how to: 

  • leverage Priority Intelligence Requirements to ensure that stakeholders receive information they need;  
  • uphold the highest standards of analysis and production; 
  • ensure consumers receive information they need without oversharing; and 
  • garner feedback from consumers to ensure the program remains useful 

Agenda is subject to change