9:00 AM-10:15 AM: Nation-State Capabilities and Destructive Attacks
9:00 AM-9:30 AM: Alphathreat Soup
As the public becomes more informed about cyber-operations, it's onlynatural that malicious actors will increase their operational security by using new approaches or subverting existing detection tools. And it's already begun. To remain relevant, security teams need to increase their data-sets and tools.
Presenter: Benjamin Powell, technical product manager, RiskIQ (Boston and Atlanta)
Steve Ginty, senior product manager, RiskIQ (Phoenix and Dallas)
RiskIQ’s Digital Threat Management platform combines advanced internet reconnaissance and analytics to provide unified insight and control for exploits, attacks and adversaries across the web, social media and mobile channels.
9:35 AM-10:15 AM: Member Facilitated Discussion
10:15 AM 10:30 AM Break
10:30 AM-11:45 AM: Emerging Trends in TTPs
10:30 AM-11 AM: Cryptocurrency Campaign Roundup
The ties between cryptocurrency and the threat landscape remain strong, despite the volatility of cryptocurrency prices. This session provides a past, present and predictive look at crypto-related threat campaigns of the past year, including technical details of tactics, techniques and procedures (TTPs). It also explains why keeping track of crypto-news matters more in financial-services than in any other industry.
Presenter: Jenn Cheng, director, cybersecurity strategy, Proofpoint
Built on advanced analytics and a cloud architecture, Proofpoint reduces the attack surface by managing data and protecting it as it is sent, stored and archived.
11:05 AM-11:45 AM: Member Facilitated Discussion
11:45 AM-12:45 PM Lunch Sponsored by Securonix
Securonix is redefining the next generation of cyber-threat detection using the power of machine learning and big data. Our purpose-built security analytics platform analyzes logs and network events in real time to identify actionable threats. Securonix provides out-of-the-box content to detect insider threat, cyber threats, cloud threats, and fraud activity
12:45 PM-2:00 PM: Intelligence Management and Operations
12:45 PM-1:15 PM : Automate ATT&CK-based Threat Intelligence to a Threat-Hunting Cycle
The MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework has emerged as the most detailed and relevant knowledge-repository for adversary techniques ever compiled. This session aims to demonstrate a repeatable process using data-science tools to find fresh examples of ATT&CK techniques in a large malware sandbox data-set. Using new threat intelligence extracted from the data-set, this session will show how to prioritize and execute the discovery of adversary techniques observed from the sandbox in your own environment.
Presenter: Kumar Saurabh, CEO and co-founder, LogicHub (Boston and Atlanta)
Evan Gaustad, principal engineer of threat detection, LogicHub (Phoenix)
Chad Roberts, vice president of security solutions, LogicHub (Dallas)
LogicHub helps organizations improve threat-detection across every SecOps process, from alert triage and incident-response to threat-hunting, based on the premise that almost every threat-detection process can be automated.
1:20 PM-2:00 PM: Member Facilitated Discussion
2:00 PM-2:15 PM Break
2:15 PM-3:30 PM: In-Sourcing versus Outsourcing Threat Intelligence
2:15 PM-2:45 PM: Build and Buy: Tips for Living Well in a Hybrid Intel World
With no end of data and a talent gap that is only getting wider, the challenges around building effective threat-intelligence programs continue to grow. In this new reality, the old debate over “build or buy” has given way to the practical need for building and buying. So what is the best way to operate in this new hybrid world? This session discusses how best to use the threat-intelligence resources you have at-hand, and when you might need to call in a relief pitcher to help you win the game.
Presenter: Sasha Angus, vice president, intelligence and services, HYAS Infosec
HYAS provides attribution-intelligence tools that help security professionals detect and defend their data. HYAS’s cybersecurity portfolio gives analysts the platform and data they need to understand and manage attacks, from detection to mitigation.
2:50 PM-3:30 PM: Member Facilitated Discussion
3:30 PM-3:45 PM Break
3:45 PM-5:00 PM: Uncertain Response: How to Use Threat Intelligence Findings
3:45 PM-4:15 PM: Build an Actionable Threat Intelligence Program with Local Data
Most automated threat intelligence received is irrelevant to an organization. Locally acquired and developed intelligence, however, is always relevant. The solution to balancing automation with grassroots sharing: developing a knowledge-base of internal-file intel that can quickly evaluate the relevance of your global threat intelligence.
This session discusses the challenges of making global threat intelligence actionable, and the value of developing local intelligence. It describes how to develop comprehensive local threat intelligence following the model and lessons learned at JPMorgan Chase & Co.
Presenter: Mario Vuksan, CEO, ReversingLabs (Boston and Atlanta)
Brian Soldato, director of field engineering, ReversingLabs (Phoenix and Dallas)
ReversingLabs’ solutions expose undetected malware. The File Decomposition technology and File Intelligence Services combine local and in-the-wild threat visibility to extract detailed threat indicators and classify threat levels, helping security teams detect and respond to sophisticated attacks. Government agencies and large enterprises use those solutions to implement next-generation malware detection, threat intelligence and hunting capabilities.
4:20 PM-5:00 PM: Member Facilitated Discussion
5:00 PM-5:15 PM Wrap Up & Closing Remarks
5:15 PM-6:30 PM Reception