Threat Intelligence:  From Nation State Attacks to Intelligence Management

Developing an Action Plan of Detection, Defense and Response

September 13, Atlanta
September 18, Phoenix
September 20, Dallas
The FS-ISAC Roadshows restricts attendance to regulated financial services firms.  If you have any questions on eligibility, contact roadshow18@fsisac.com.
Breakfast and Lunch are provided and a reception will follow the meeting. 
Dress is business casual.
Registration deadline is September 5. Space is limited and registration will close when the event reaches capacity.
Attendees are required to present a photo ID at check-in.


Start    End    Threat Intel Topic

8:00 AM-8:45 AM       Breakfast

8:45 AM-9:00 AM
      Opening Remarks

9:00 AM-10:15 AM: Nation-State Capabilities and Destructive Attacks

9:00 AM-9:30 AM:   Alphathreat Soup

As the public becomes more informed about cyber-operations, it's onlynatural that malicious actors will increase their operational security by using new approaches or subverting existing detection tools. And it's already begun. To remain relevant, security teams need to increase their data-sets and tools. 

Presenter: Benjamin Powell, technical product manager, RiskIQ (Boston and Atlanta)

Steve Ginty, senior product manager, RiskIQ (Phoenix and Dallas)

RiskIQ’s Digital Threat Management platform combines advanced internet reconnaissance and analytics to provide unified insight and control for exploits, attacks and adversaries across the web, social media and mobile channels.

9:35 AM-10:15 AM: Member Facilitated Discussion

10:15 AM   10:30 AM    Break

10:30 AM-11:45 AM: Emerging Trends in TTPs

10:30 AM-11 AM: Cryptocurrency Campaign Roundup

The ties between cryptocurrency and the threat landscape remain strong, despite the volatility of cryptocurrency prices. This session provides a past, present and predictive look at crypto-related threat campaigns of the past year, including technical details of tactics, techniques and procedures (TTPs). It also explains why keeping track of crypto-news matters more in financial-services than in any other industry.

Presenter: Jenn Cheng, director, cybersecurity strategy, Proofpoint

Built on advanced analytics and a cloud architecture, Proofpoint reduces the attack surface by managing data and protecting it as it is sent, stored and archived.

11:05 AM-11:45 AM: Member Facilitated Discussion

11:45 AM-12:45 PM   Lunch Sponsored by Securonix

Securonix is redefining the next generation of cyber-threat detection using the power of machine learning and big data. Our purpose-built security analytics platform analyzes logs and network events in real time to identify actionable threats. Securonix provides out-of-the-box content to detect insider threat, cyber threats, cloud threats, and fraud activity

12:45 PM-2:00 PM: Intelligence Management and Operations

12:45 PM-1:15 PM : Automate ATT&CK-based Threat Intelligence to a Threat-Hunting Cycle

The MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework has emerged as the most detailed and relevant knowledge-repository for adversary techniques ever compiled. This session aims to demonstrate a repeatable process using data-science tools to find fresh examples of ATT&CK techniques in a large malware sandbox data-set. Using new threat intelligence extracted from the data-set, this session will show how to prioritize and execute the discovery of adversary techniques observed from the sandbox in your own environment.

Presenter: Kumar Saurabh, CEO and co-founder, LogicHub (Boston and Atlanta)

Evan Gaustad, principal engineer of threat detection, LogicHub (Phoenix)

Chad Roberts, vice president of security solutions, LogicHub (Dallas)

LogicHub helps organizations improve threat-detection across every SecOps process, from alert triage and incident-response to threat-hunting, based on the premise that almost every threat-detection process can be automated.

1:20 PM-2:00 PM: Member Facilitated Discussion

2:00 PM-2:15 PM     Break

2:15 PM-3:30 PM: In-Sourcing versus Outsourcing Threat Intelligence

2:15 PM-2:45 PM: Build and Buy: Tips for Living Well in a Hybrid Intel World

With no end of data and a talent gap that is only getting wider, the challenges around building effective threat-intelligence programs continue to grow. In this new reality, the old debate over “build or buy” has given way to the practical need for building and buying. So what is the best way to operate in this new hybrid world? This session discusses how best to use the threat-intelligence resources you have at-hand, and when you might need to call in a relief pitcher to help you win the game. 

Presenter: Sasha Angus, vice president, intelligence and services, HYAS Infosec 

HYAS provides attribution-intelligence tools that help security professionals detect and defend their data. HYAS’s cybersecurity portfolio gives analysts the platform and data they need to understand and manage attacks, from detection to mitigation.

2:50 PM-3:30 PM: Member Facilitated Discussion

3:30 PM-3:45 PM     Break

3:45 PM-5:00 PM: Uncertain Response: How to Use Threat Intelligence Findings

3:45 PM-4:15 PM: Build an Actionable Threat Intelligence Program with Local Data

Most automated threat intelligence received is irrelevant to an organization. Locally acquired and developed intelligence, however, is always relevant. The solution to balancing automation with grassroots sharing: developing a knowledge-base of internal-file intel that can quickly evaluate the relevance of your global threat intelligence.

This session discusses the challenges of making global threat intelligence actionable, and the value of developing local intelligence. It describes how to develop comprehensive local threat intelligence following the model and lessons learned at JPMorgan Chase & Co.

Presenter: Mario Vuksan, CEO, ReversingLabs (Boston and Atlanta)

Brian Soldato, director of field engineering, ReversingLabs (Phoenix and Dallas)

ReversingLabs’ solutions expose undetected malware. The File Decomposition technology and File Intelligence Services combine local and in-the-wild threat visibility to extract detailed threat indicators and classify threat levels, helping security teams detect and respond to sophisticated attacks. Government agencies and large enterprises use those solutions to implement next-generation malware detection, threat intelligence and hunting capabilities. 

4:20 PM-5:00 PM: Member Facilitated Discussion

5:00 PM-5:15 PM    Wrap Up & Closing Remarks


5:15 PM-6:30 PM    Reception



Registration Form

What city will you attend? *
Registration Type *
Have you attended other FS-ISAC in-person events?
SHARING CONTACT INFORMATION WITH THE SPONSOR(S): By registering for FS-ISAC events, you agree that sponsors at this event may receive your contact information. Select OPT OUT if you wish to withhold your contact information for this event.