In an era where "assume breach" is the status quo, organizations are working on the maturity of threat detection and incident response programs to mitigate the barrage of incoming malware and ransomware attacks.

This event delves into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit brings together security practitioners from around the world to share war stories on breaches and the murky world of high-end cyberattacks.

Sponsors

Diamond Sponsor

Platinum Sponsors

Gold Sponsors

Agenda

Agenda

May 22, 2024 11:00

Ransomware's Favorite Back Office Products

We're all unfortunately aware of Ransomware groups using Exchange vulnerabilities to gain a foothold into organizations, but I bet you can't guess what other software they've been targeting lately! Come hear about recent Ransomware detection stories discovered by SentinelOne's threat-hunting team, Watchtower.

  • Learn about a recent trend of abuse targeting another popular back office software.
  • Understand how to prevent, detect, and respond to these threats.
speaker headshot

Jake Mowrer
SentinelOne, Office of the Field CISO - Security Specialist

May 22, 2024 11:30

Fortifying Cyber Defense: The Synergy of Threat Intel & Incident Response

In today's complex and ever-changing cybersecurity landscape, effective collaboration between threat intelligence and incident response teams is paramount. This session explores the symbiotic relationship between these two critical functions, delving into the challenges posed by emerging threats and providing insights into how SOC teams can strengthen their defenses against bad actors. Through real-world examples and best practices, attendees will gain practical strategies for integrating threat intelligence into incident response processes, leveraging automation and AI, and preparing for future trends in cybersecurity.

Key Takeaways:

  • Understand the role of threat intelligence in enhancing incident response capabilities.
  • Learn strategies for effective collaboration between threat intelligence and incident response teams.
  • Explore emerging technologies and trends shaping the future of cybersecurity defense.
speaker headshot

John Pirc
NetWitness, Director, Product Line Management

speaker headshot

Steve Baer
NetWitness, Global VP, Field Sales & Service

speaker headshot

Arthur Fontaine
NetWitness, Head, Product Marketing

May 22, 2024 12:15

BREAK

Please visit our sponsors in the Exhibit Hall and explore the resources in their booths. They're standing by to answer your questions now.

May 22, 2024 12:30

Establishing Trust in a Zero Trust world is a Continuous Process

It’s no secret that the threat landscape has continued to evolve and successful attackers are no longer hacking in, but logging in. As Zero Trust becomes the new security paradigm, what does this really mean in a digital landscape where it feels like you can’t trust anyone or anything anymore? When considering the role that identity plays within Zero Trust, it’s helpful to think of verifying Identity as a continuous process rather than a discrete event. A robust identity platform needs to provide the means to not only manage identity, verify users at every stage, but also continuously evaluate the validity of that users session.

Join us to hear more about:

  • Why Zero Trust is more than a buzzword with a look at the global trends from our annual Zero Trust report
  • What the three stages of Identity verification are, the potential threats at each stage, and how to stop them.
  • How to safeguard your ecosystem with continuous risk assessment with Identity-centric threat detection and response
speaker headshot

Eila Shargh
Okta, Director, Solutions Product Marketing-Workforce

May 22, 2024 13:00

Building Your Ransomware Preparedness Plan

In today's ever-evolving cyber landscape, incident response and network protection are paramount for organizations of all sizes. This session delves into the strategies and tactics essential for safeguarding networks from vulnerabilities and efficiently mitigating threats. From identifying potential weaknesses to implementing robust incident response plans, attendees will gain insights into practices proven effective, and practical approaches to fortify their organization's defenses. Join us to explore real-life use cases from the frontline of cyber defense and learn how to arm yourself with the knowledge needed to defend against emerging threats.

Key points to be covered:

  • Proactive approaches to identifying and addressing network vulnerabilities
  • Effective incident response strategies to contain and mitigate cyber threats
  • Collaboration techniques to enhance incident response efforts and strengthen network resilience
  • Real-life use case from a global, frontline incident response team
speaker headshot

James Sobel
NetWitness, Global Pre-Sales Lead, Incident Response

speaker headshot

Marco Faggian
NetWitness, Principal Consultant

May 22, 2024 13:30

Bringing IR into the Cloud Age

The cloud brings unprecedented opportunities - but also some challenges. Automation is essential or we won’t survive, and we need to completely change the way our organizations think about DFIR.

speaker headshot

Paul Stamp
Cado, VP of Products

May 22, 2024 13:50

BREAK

Please visit our sponsors in the Exhibit Hall and explore the resources in their booths. They're standing by to answer your questions now.

May 22, 2024 14:05

AI-Driven Binary Analysis: Next Generation Malware Detection at Speed & Scale

Today’s businesses are faced with an exponentially growing number of files that need to be effectively analyzed without slowing down operations. SOC teams must constantly worry about malicious files flowing into and around their network, be it from email, web downloads, cloud services, mobile devices, supply chain, or other sources. Not only does the sheer volume of files pose a challenge for analysts, but so does the increasing size and complexity of files. Adversaries have become adept at developing sophisticated malware hidden inside complex file structures to circumvent detection by traditional security tools, including endpoint security, email protection, and sandbox environments, which are limited in their depth and speed of analysis, as well as their inability to analyze large file sizes and certain file types. Learn how ReversingLabs’ high-speed binary analysis overcomes these challenges:

  • Inspect thousands to hundreds of thousands of files per day in real-time
  • Analyze large file sizes up to 100GB
  • Identify advanced malware missed by other tools
  • Reduce dependency on sandboxes
speaker headshot

Jason Valenti
ReversingLabs, Director of Product Management - Malware Analysis and Threat Hunting

May 22, 2024 14:25

Compromised Credentials in 2024: What to know about the world’s #1 attack vector

Credentials, made up of passwords and usernames, serve as the keys to our online existence. According to Lastpass, professionals manage up to 200 sets of credentials on average, emphasizing the need for strong, unique passwords that are regularly updated. When credentials are compromised, cyber attackers gain frictionless entry into sensitive systems and can often move laterally to find your crown jewels. Attend this webinar to understand:

  • Execution methods behind compromised credential attacks
  • What the bad actors do with stolen identities
  • Preventative best practices to implement today
speaker headshot

Tim Chase
Lacework, Field CISO

speaker headshot

James Condon
Lacework

May 22, 2024 14:55

Fireside Chat: Bennett Pursell on the OpenSSF Siren Threat Intel Project

The Open Source Security Foundation (OpenSSF) has introduced the OpenSSF Siren, a community data-sharing initiative aimed at bolstering the defenses of open source projects worldwide. In this fireside chat, OpenSSF Ecosystem Strategist Bennett Pursell discusses the origins and goals of OpenSSF Siren, exploring transparent access to data that can help small- and medium-sized businesses during active incidents. Pursell also shares insights on the value of threat intelligence, the shelf life of IOC (indicators of compromise) and how businesses with limited resources can mitigate exposure to risk.

speaker headshot

Bennett Pursell
OpenSSF, Ecosystem Strategist

speaker headshot

Ryan Naraine
SecurityWeek, Editor-at-Large

May 22, 2024 15:25

SentinelOne Demo: Combating the Threats of Today and Tomorrow with The SentinelOne Singularity™ Platform

In this demonstration, SentinelOne showcases how to fortify your environment against evolving threats using the Singularity™ Platform. Watch to see the critical importance of having visibility across endpoints, cloud, data, and identities for understanding and responding to these threats. During the demonstration, SentinelOne covers:

  • The impact of modern threats on traditional security measures
  • The significance of visibility across various aspects of an organization's IT infrastructure
  • How the SentinelOne Singularity™ Platform can protect your business from ransomware and other advanced threats.

May 22, 2024 15:40

Okta FastPass: Zero trust authentication for phishing resistant, passwordless access

Okta FastPass: Zero Trust Authentication For Phishing Resistant, Passwordless Access Sr. Technical Marketing Manager, Harish Chakravarthy demonstrates how Okta FastPass offers phishing resistance to advanced phishing attacks such as adversary-in-the middle.

May 22, 2024 15:45

Cado Security Demo

Cado Security is the first investigation & response automation platform focused on revolutionizing IR for the hybrid world. Cado reduces response times & empowers security teams to add critical context to everyday security investigations.

May 22, 2024 16:05

ReversingLabs Demo: Advanced Hunting with YARA at Scale

Import, develop, test, and deploy YARA rules at scale. Perform enterprise-wide YARA scanning with custom rule matching and targeted retro-hunts against thousands of object characteristics from any file or email source.

May 22, 2024 16:25

Lacework Demo: Polygraph Data Platform

Lacework was founded on the principle that security is a data problem, so we built our platform to ingest various cloud data sources from AWS, Azure, and GCP activity in a visual way. Lacework Polygraph automates detections at scale and enables organizations to reduce complexity and focus valuable resources more effectively by alerting only on the events that matter.

[On-Demand] Okta FastPass: Zero trust authentication for phishing resistant, passwordless access

Okta FastPass: Zero Trust Authentication For Phishing Resistant, Passwordless Access Sr. Technical Marketing Manager, Harish Chakravarthy demonstrates how Okta FastPass offers phishing resistance to advanced phishing attacks such as adversary-in-the middle.

[On-Demand] SentinelOne Demo: Combating the Threats of Today and Tomorrow with The SentinelOne Singularity™ Platform

In this demonstration, SentinelOne showcases how to fortify your environment against evolving threats using the Singularity™ Platform. Watch to see the critical importance of having visibility across endpoints, cloud, data, and identities for understanding and responding to these threats. During the demonstration, SentinelOne covers:

  • The impact of modern threats on traditional security measures
  • The significance of visibility across various aspects of an organization's IT infrastructure
  • How the SentinelOne Singularity™ Platform can protect your business from ransomware and other advanced threats.

[On-Demand] Cado Security Demo

Cado Security is the first investigation & response automation platform focused on revolutionizing IR for the hybrid world. Cado reduces response times & empowers security teams to add critical context to everyday security investigations.

[On-Demand] Lacework Demo: Polygraph Data Platform

Lacework was founded on the principle that security is a data problem, so we built our platform to ingest various cloud data sources from AWS, Azure, and GCP activity in a visual way. Lacework Polygraph automates detections at scale and enables organizations to reduce complexity and focus valuable resources more effectively by alerting only on the events that matter.

[On-Demand] ReversingLabs Demo: Advanced Hunting with YARA at Scale

Import, develop, test, and deploy YARA rules at scale. Perform enterprise-wide YARA scanning with custom rule matching and targeted retro-hunts against thousands of object characteristics from any file or email source.