SecurityWeek's Threat Detection and Incident Response (TDIR) Summit brings together security practitioners from around the world to share war stories on breaches and the murky world of high-end cyberattacks.
This event will dive into Threat hunting tools and frameworks and explore value of threat intelligence data in the defender’s security stack.
Attendees can expect high-quality presentations and sessions on the following:
May 24, 2023 11:00
ThreatLabz tracks dozens of ransomware families as they monitor the 300B+ daily transactions across the Zscaler Zero Trust Exchange. Lately, ThreatLabz has observed an explosion in new ransomware families (with some groups suspected to be running multiple ransomware ‘brands’), threat groups doubling down on data extortion, and lots of innovation in tactics and techniques. Join Emily Laufer from Zscaler as she walks through the latest ThreatLabz discoveries, and learn:
Emily Laufer
Director of Product Marketing, ThreatLabz
May 24, 2023 11:45
Delve into the world of cloud threat hunting at scale with lessons learned from the CrowdStrike OverWatch team. This session will focus on the experiences investigating and preventing intrusions into organizations of all sizes directly from the front lines. We will discuss practical lessons learned from our own threat hunting process, called SEARCH, and share insights into how organizations can implement practical threat hunting into their own cloud security operations. Through understanding and implementing truly proactive threat hunting, organizations can turn valuable insights into an effective security operations strategy that can be applied across the cloud and on-premise assets alike.
Greg Foss
CrowdStrike, Security Leader
May 24, 2023 12:15
In the realm of cyber security, visibility is key to managing and defending against threats effectively. Without clear and accurate data, or "visibility", we cannot discern truth from fiction. Risk in cybersecurity is commonly assessed in two dimensions: likelihood and severity. Both factors are contingent upon having complete visibility what is being protected. By having absolute clarity and visibility, we can detect better and make more acceptable risk decisions. The concept of "knowing what you know" helps us better identify the unknowns. This clearer perspective aids in distinguishing extreme risks from low risks, while dealing with threats.
Contrary to the approach of aggregating attack surface data from multiple sources, which often results in unreliable and erroneous derivatives, this session places a strong emphasis on the critical aspect of threat detection. It underscores the need for high-quality intel that enhances visibility into potential threats. Relying on these derivatives not only amplifies the risk, but also compromises effective threat detection.
In this presentation, we'll discuss what measures can be implemented to achieve improved visibility, enhance threat detection, and secure the most critical infrastructures around the globe. We'll outline the true sources of reliable data that offer enhanced visibility and delve into the pertinent questions that will offer the best intel for making superior cyber security and risk decisions
Tim Morris
Tanium, Chief Security Advisor
May 24, 2023 12:45
Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.
May 24, 2023 13:00
Many security practitioners understand that it’s no longer a matter of ‘if’ but ‘when’ an organization will suffer a data breach. This means that instead of primarily focusing efforts on keeping threat actors out of the network, it’s equally important to develop a strategy to reduce the impact. In turn, many organizations have started adopting a new strategy to cope with today’s increased cyber threats, which is called ‘cyber resilience’.
Cybersecurity applies technology, processes, and measures that are designed to protect systems (e.g., servers, endpoints), networks, and data from cyberattacks. In contrast, cyber resilience focuses on detective and reactive controls in an organization’s IT environment to assess gaps and drive enhancements to the overall security posture. Most cyber resilience initiatives leverage or enhance a variety of cybersecurity measures. Both are most effective when applied in concert.
This session discusses the need for cyber resiliency and its benefits, as well as illustrates why it matters using the example of application resilience. It outlines how to establish cyber resilience across an organization’s device fleet to work as a preventive measure to counteract human error, malicious actions, and decayed, insecure software. Ultimately, the goal of cyber resilience is to aggressively protect the entire enterprise, covering all available cyber resources.
Torsten George
Absolute Software, Cybersecurity Evangelist
May 24, 2023 13:30
Organizations can meet compliance/regulatory responsibilities in the cloud, but still be susceptible to a threat actor escalating privileges, exfiltrating data, targeting you for ransomware. Threat actors today have become cloud experts. Their TTPs are evolving quicker than most want to believe. Therefore it's time we start thinking like them and mimicking detection on their attack behavior.
Taylor Bianchi
Uptycs, Senior Offensive Security Researcher
May 24, 2023 13:45
Please visit our sponsors in the Exhibit Hall and explore their resources. They're standing by to answer your questions.
May 24, 2023 14:00
Listen in as panelists outline the intersection of OT incident response recommendations with incident management system principles, providing OT defenders with actionable items to improve incident preparedness, including:
Hussain Virani
Dragos, Senior Industrial Incident Responder
Noah Hemker
Dragos, Senior Industrial Incident Responder
May 24, 2023 14:30
Reduce the attack surface. Prevent compromise. Eliminate lateral movement. Stop data loss. These are the four goals of a zero trust strategy that minimizes the risks and impact of attacks. Learn about these pillars and the capabilities you need within each to build effective defense-in-depth against cyber threats. See how the Zscaler Zero Trust Exchange can help you realize a robust and comprehensive zero trust strategy.
Mark Brozek
Zscaler, Product Marketing Leader
May 24, 2023 15:00
Join us for an engaging fireside chat with Mandiant Chief Analyst, John Hultquist, on the nation-state threat landscape, the fog of cyberwar, the use of threat-intel data to track malware actors, the implications for AI in cybersecurity, the U.S. government's national security strategy, and much more.
John Hultquist
Mandiant, Chief Analyst
Ryan Naraine
Editor-At-Large
May 24, 2023 15:35
Deception is a critical—yet grossly underutilized—defense strategy. Well-designed decoys allow you to lure and detect attackers with much higher fidelity than you can ever achieve with typical detection-based security controls. In this short demo, see how you can use Zscaler Deception to quickly deploy decoys that effectively disrupt a ransomware attack at multiple stages in the attack chain.
May 24, 2023 15:40
Check out the first unified CNAPP and XDR solution! We’ll show you:
May 24, 2023 15:50
Absolute is known as the pioneer of endpoint resilience, allowing you to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks, or compromises on endpoints and their installed, mission-critical applications.
This product demo showcases how Absolute Resilience™ delivers application self-healing and confident risk response, empowering you to strengthen your security and compliance posture through cyber resiliency. Absolute Resilience delivers a broad set of capabilities that allow you to gain granular insights, take actions from anywhere, and continue your business despite inevitable attacks via endpoint resilience. Join us to learn how Absolute makes security work
May 24, 2023 16:11
Dragos was founded by renowned ICS/OT practitioners who have defeated adversaries for the U.S. government, ally nations, and global firms. Today, Dragos is on a mission to protect the world’s most critical infrastructure and safeguard civilization. We know that’s a mission you can get behind.
May 24, 2023 16:15
Tanium Threat Response eases the collaboration challenges faced by security and IT teams, providing an integrated view of the entire organization. This unified approach empowers security teams to detect, investigate, and remediate incidents from a single platform.
May 24, 2023 16:20
Discover how Abnormal detects and remediates malicious emails, stopping advanced business email compromise attacks with Account Takeover, Abuse Mailbox Automation, Email Productivity, and more.
May 24, 2023 16:32
CrowdStrike Falcon OverWatch is an always-on service comprised of highly skilled threat hunters who relentlessly scour for unknown and advanced threats targeting your organization. Stay vigilant with a threat hunting operation that never sleeps. Uncover stealthy, menacing attacks and leave adversaries with nowhere to hide.
Deception is a critical—yet grossly underutilized—defense strategy. Well-designed decoys allow you to lure and detect attackers with much higher fidelity than you can ever achieve with typical detection-based security controls. In this short demo, see how you can use Zscaler Deception to quickly deploy decoys that effectively disrupt a ransomware attack at multiple stages in the attack chain.
Tanium Threat Response eases the collaboration challenges faced by security and IT teams, providing an integrated view of the entire organization. This unified approach empowers security teams to detect, investigate, and remediate incidents from a single platform.
CrowdStrike Falcon OverWatch is an always-on service comprised of highly skilled threat hunters who relentlessly scour for unknown and advanced threats targeting your organization. Stay vigilant with a threat hunting operation that never sleeps. Uncover stealthy, menacing attacks and leave adversaries with nowhere to hide.
Check out the first unified CNAPP and XDR solution! We’ll show you: - What a more cohesive enterprise-wide security posture looks like with CNAPP and XDR in the same UI - Real-life examples of how you can reduce risk, operating costs, and security failures - How to create YARA rules, explore MITRE ATT&CK chains, and investigate live and historical states - Why not both? For deployments in AWS, GCP, and Azure, you can start with instant-on agentless workload scanning, then add runtime protection with the Uptycs agent
Saurabh Wadhwa
Uptycs, Senior Solutions Engineer
Absolute is known as the pioneer of endpoint resilience, allowing you to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and attacks, or compromises on endpoints and their installed, mission-critical applications. This product demo showcases how Absolute Resilience™ delivers application self-healing and confident risk response, empowering you to strengthen your security and compliance posture through cyber resiliency. Absolute Resilience delivers a broad set of capabilities that allow you to gain granular insights, take actions from anywhere, and continue your business despite inevitable attacks via endpoint resilience. Join us to learn how Absolute makes security work.
Torsten Larson
Absolute Software, Senior Sales Engineer
Discover how Abnormal detects and remediates malicious emails, stopping advanced business email compromise attacks with Account Takeover, Abuse Mailbox Automation, Email Productivity, and more.
In a world of rising cybersecurity threats, Dragos protects the most critical infrastructure - those that provide us with the tenets of modern civilization - from increasingly capable adversaries who wish to do it harm. Devoted to codifying and sharing our in-depth industry knowledge of ICS/OT systems, Dragos arms industrial defenders around the world with knowledge and tools to protect their systems as effectively and efficiently as possible.