Detect LIVE 2023

An Informative Session with Experts from TAG Cyber, PolySwarm, and Anomali

Digital transformation not only fundamentally changed the way we work, but it’s also expanded the current threat landscape exponentially. Today’s enterprise attack surface is dynamic, transitory, and has far more available for attackers to target than ever before, making it even harder to defend against threats.

And with the threat landscape constantly changing, the risks associated with using cloud solutions, a remote workforce, and more have opened the doors for sophisticated threat actors to deploy an array of threats.

This session features Chris Wilder from TAG Cyber, Steve Bassi of PolySwarm, Steve Benton, and Rajiv Raghunarayan from Anomali.

Our experts cover:

-Lessons learned from 2022
-Industries that are the most vulnerable to cyberattacks
-The latest attack techniques
-A 2023 threat outlook

View this informative session and start implementing the best practices discussed to protect your organization from imminent threats.

An Integrated Defense Against Advanced Threats

As cyber threats continue to evolve and become more sophisticated, organizations are struggling to keep up with the changing threat landscape. In this session, Chris Wilder, Research Director and Senior Analyst at TAG Cyber, explores the future of XDR (extended detection and response) in cybersecurity and how it will help your organization to better detect and respond to cyber threats.

He discusses integrating cutting-edge technologies such as AI and machine learning, cloud security, IoT security, Zero Trust models, and threat intelligence to provide a more holistic view of security posture and incident response. Viewers also get an overview of automation and orchestration in incident response, reducing the risk of data breaches.

Fortify your cyber defenses with an integrated technology approach by leveraging multiple technologies.

To move forward, we often reflect on the past. It’s no different in cybersecurity.

Take, for instance, threat detection. In the early days of the internet, recognition entailed when a “threat” indicated a payload embedded with an indiscriminate worm that produced an irritating message or an awkward gif. As technology progressed, attackers took advantage by forming more advanced polymorphic delivery systems that bypassed signature-based identification, constructed permanency by sabotaging terminals, and detonated a payload at its selected time.

As threats increased in intricacy, so did detection capabilities. Starting with event monitoring, which necessitated analysts to sift through the noise for evidence that could potentially lead to the attacker. Advancing to user and entity behavior analysis – an approach that assumes any deviation from a baseline of documented activity means an attack – disregarding that, at times, users vary from what’s usual, particularly if confronted with worldwide events like a pandemic.

While successful at the time, user behavior-based discovery and manual event-based monitoring concentrated on discovering threats by differentiating the bad from the good. This not only generated false positives but often resulted in a dead end.

A new approach to detecting threats is rising, one that leverages advancements to find threats by incessantly tracking the bad guys and their patterns, providing real-time visibility into risk – including before and after an attack.

Watch the on-demand webinar to learn how to map attack patterns to detect threats before, during, and after they happen.

Identify and Block Threats, Including Those that Haven’t Been Detected Yet

As a community, we can realize the dream of predictive intel. Learning from past incidents enables us to accelerate threat hunting. Using events correlated to MITRE ATT&CK® helps intel teams with attribution.

We have created the puzzle pieces through the Center for Threat-Informed Defense’s R&D program. Now it’s time to assemble them as a community and truly enable predictive intelligence.

In this session, Jon Baker, Co-Founder and Director at MITRE Engenuity Center for Threat-Informed Defense, covers:

-What is a threat-informed defense
-Sightings Ecosystem Project and Report
-Top ATT&CK Techniques Project
-Attack Flow Data Model

Knowing the attacker is essential, but understanding how to prevent a breach is vital to a robust cyber defense.

An Informative Session with Experts from Anomali and MITRE Engenuity Center for Threat-Informed Defense

This on-demand webinar begins with a Q&A discussion on the Attack Flow Project: Collaborative R&D that’s Changing the Game featuring Mark Alba, Chief Product Officer, Anomali and Jon Baker, Director, MITRE Engenuity Center for Threat-Informed Defense and is moderated by Rajiv Raghunarayan, Senior Vice President of Product Marketing, Anomali. They cover the evolution of the Center for Threat-Informed Defense and the Attack Flow Project, the challenges Attack Flow seeks to address, and Anomali’s role in the project.

Following the Q&A discussion, Cindy Goodwin-Sak, VP of Global Sales Engineering at Anomali, provides a demo on A Day in the Life of an Analyst Before and After. Cindy shares what it is like for a SOC Analyst using the old way of threat detection and hunting versus the latest method and leveraging Attack Flow.

The final segment is a panel discussion on The Implementation of Attack Flow. Proper implementation of Attack Flow requires a coming together of security professionals, vendors, and their technologies. Our featured experts summarize what they have learned about the Attack Flow Project and discuss what is required to further the adoption of the framework.

View this informative session with industry experts to learn how to leverage attack flow.

Utilizing an Outside-In, Top-Down Approach Provides Key Insights
Most organizations focus their time and resources on collecting logs from their environment, whether on-premise or cloud devices. They may excel in this process but typically find identifying external threats amongst the data difficult. This is often due to a need for more historical visibility in what logs are readily available for adversarial detection or the inability to consume all the external intelligence into solutions holding their logs.

Another common challenge is immediately correlating all log data against new external intelligence. And finally, there is a failure to search for attacks related to adversaries in a straightforward and swift top-down search.

Parthi Sankar, Technical Director of Northern Europe for Anomali, demonstrates the solution to these universal problems. By amplifying visibility through an outside-in, top-down approach, you are continuously correlating all logs and external threat intelligence, making it simple and quick to search for the activity of adversaries of interest in your environment.

Watch this session to learn how this approach allows you to detect ever-increasing adversarial attackers and stop breaches.

An Illuminating Fireside Chat with BT Security and Anomali

Organizations and consumers are under constant attack from an increasingly sophisticated range of cyber actors. The barriers to entry for these groups continue to get lower and lower with advances in technology and better collaboration.

Data is everywhere, and while the problem used to be getting it, the challenge now is knowing what data to use and how to use it. This is where the power of big data comes in. To make sense of massive data sets using a wide range of technologies and AI to get and stay ahead of the cyber threat actors.

In this session, Tristan Morgan, Managing Director at BT Security, and Steve Benton, VP of Anomali Threat Research at Anomali, cover:

-A viewpoint from operating at the frontline into real attack trends
-Making sense of the vast amounts of data and how to leverage it best
-Sharing threat intelligence and collaboration protects the greater community

Watch the lively discussion to hear more about big data capabilities from these cybersecurity experts.

Ten Things You Can Do to Amplify Visibility and Unlock the SOC

“The only limits are those of the vision,” goes an old saying by James Broughton. It couldn’t be truer in cybersecurity. We are often limited by our visibility into ever-evolving attackers and the constantly changing IT environment. This session explores the top 10 things organizations have done to unlock their visibility, unblock their SOC, and translate visibility to (business) value.

This presentation should help you answer questions around:

-What data sources are more critical for ensuring enterprise visibility?
-How do I translate threat intel feeds to strategic insights?
-How do I optimize my data and team silos?
-How do I optimize my existing security investments against the threat landscape?

Watch the webinar to learn how to eliminate the obstructions in your cybersecurity visibility.

An Informative Fireside Chat

Chip Stewart, former Chief Information Security Officer at the State of Maryland, discusses with Anomali’s Rajiv Raghunarayan how he transformed security operations for the state. Chip also brings a wealth of experience from the private sector, having played practitioner and CISO roles in his past life.

This session focused on insights we can draw from Chip’s experience. What drive’s a CISO? The transforming role of a CISO. Why visibility matters? How do you translate the threat landscape to day-to-day operations?

Watch this illuminating discussion and learn how to move from threat insights to transformation.