Reserve your spot today!
Agenda

Vectra Hunt Club 2019 Agenda

Compelling keynotes, networking opportunities, knowledge sharing and more.

08:30 A.M.
05:00 P.M.

Cognito Training Workshop for New Users.

Qualifications: Any Cognito user with 6 months or less of hands-on experience and those who want a refresher.

Description: This training session is designed for new and infrequent users of the Cognito platform. Trainees will have a chance to get hands-on experience in a lab environment. Instructors will guide you through the Cognito Detect application while demonstrating a typical day-to-day workflow of a security analyst who uses Cognito Detect. Instructors will explain detections using real-world scenarios. We will also cover the use of Cognito Recall and Stream during investigations to increase students’ comfort level with the Cognito platform and network metadata.

Requirements: Attendees are requested to bring a laptop with Wireshark or their favorite packet analyzer installed.

08:30 A.M.
05:00 P.M.

Cognito Training Workshop for Experienced Users.

Qualifications: Any Cognito user with more than 6 months of hands-on experience.

Description: This training is meant for experienced Cognito users who want to take their skills to the next level. You will work in a lab environment as instructors review some of the latest capabilities of the Cognito platform. You will participate in a crash course in the Kerberos and RPC protocols before going over several of the advance threat detection models within the platform using real-world scenarios. Learn how detections from the Cognito Detect application, your network metadata in Cognito Recall or a data lake via Cognito Stream, and other data sources empower you to find hidden threats in your network.

Requirements: Attendees are requested to bring a laptop with Wireshark or their favorite packet analyzer installed.

06:30 P.M.

Pre-Conference Reception

All Training and Conference attendees are welcome to join.

07:30A.M.
08:30 A.M.

Breakfast and networking

08:30A.M.
09:00 A.M.

Welcome from Vectra presented by Hitesh Sheth

Speaker(s)

Hitesh Sheth
09:00 A.M.
09:50 A.M.

Keynote - 10 things you need to know about the next 10 years: the game-changers, Megashifts, AI and beyond

Speaker(s)

Gerd Leonhard

The next 10 years will bring more changes than the next 100 years! Quantum computing, intelligent machines, voice control, 5+G connectivity, the Internet of Things are only the tip of the iceberg. Many great opportunities will result and many wicked challenges will grow exponentially, as well, such as safety, security, control and ethics.  Gerd will outline his 10 most important foresights for the near future, and explain what it all means, and why he thinks that 'the future is better than we think.

10:10 A.M. 11:00 A.M.

Dan and Tim's exSIEMlent adventure:  SIEM lessons for your sanity.

Speaker(s)

Tim Wade,Dan Basile

Traditional wisdom indicates a security program requires SIEM technology at the center – in this talk, that premise as it’s currently implemented is explored and challenged. While security information and events will always require management, not all events are created equal or captured cost effectively and commensurate to risk. This talk is for CISOs, architects, and security decision makers – you’ll walk away with hard metrics on alternative architectures, and risk based methodologies for evolving your SOC.

10:10 A.M. 11:00 A.M.

You have data - now what do you do with it? Threat hunting in Recall/Stream

Speaker(s)

Luke Richards

When you open Cognito Recall or your Cognito Stream endpoint, the first thing you will see is lots and lots of data. What data is there, and how you sort it is only half the battle. We will look at advanced approaches to visualize data to surface hidden insights.  This discussion will also include pivoting between artifacts, the use of OSINT and how to make better conclusions.

11:10 A.M. 12:00 P.M.

Maturity: From Peter Parker to Spiderman

Speaker(s)

Milos Pesic

Join us as Milos Pesic from ED&F Man talks through their journey as a Security organization from taking hours to investigate and resolve incidents, to minutes. This talk will cover maturity models, real life examples, and also how tight integration has allowed them to deliver cutting edge security whilst saving money.

11:10 A.M. 12:00 P.M.

Triage: Past, present and future

Speaker(s)

Oliver Tavakoli

On any long journey, each moment is colored by what has already passed and the anticipation of what is still to come. Last year, you joined us just after we had crossed the bridge at Khazad-dûm. Times were bleak. Join us at this session to review all the great triage enhancements since and to catch a glimpse of how we plan to achieve the end goal (without losing any hobbits).

01:00 P.M. 01:50 P.M.

Cybersecurity D&D: A practical exploration of security training approaches

Speaker(s)

Jonathan Barrett

You can keep the d20s at home, but table-topping is a great way to train and develop processes. Vectra is bringing the hit session from Hunt Club Local to the big stage. This session is great for analysts and managers alike as we look into different, sometimes unconventional, ways of improving security teams. Brought to you will whole new interactive scenarios to work through.

01:00 P.M. 01:50 P.M.

Using Recall and Stream to hunt for threats and accelerate investigations

Speaker(s)

John Vicencio

Hear how Richemont’s security operations team has matured their use of Detect and augmented it with Recall to hunt for threats and speed investigations. This session will also outline a workflow that begins with manual hunting and culminates in the use of Recall custom models to automate detection of threats that show similar behaviors.

02:00 P.M. 02:30 P.M.

Every Second Counts: Leverage Intelligent Visibility to Speed Incident Response

Speaker(s)

Greg Copeland

"Studies show that it still takes an average of 69 days to contain data breaches and that breaches would cost $1 Million less if they could be contained within one month. Even so, most companies still don’t have a formal incident response plan in place. Attend this session to put time on your side. Visibility and security experts from Vectra and Ixia will show how you can quickly pull the essential data out of your network and use it to stop threats faster – no matter where they are.

02:00 P.M. 02:30 P.M.

Host ID: The unsung hero of the Cognito Platform

Speaker(s)

Jacob Sendowski

Identifying and tracking hosts within the enterprise environment is a foundational element of the Cognito platform. In this talk, we will discuss the how Vectra approaches Host ID, how you can use it across all of the products, and how together, we can drive an even better Host ID experience.  

02:40 P.M. 03:10 P.M.

Enhancing the Splunk Security Operations Suite with Cognito

Speaker(s)

Don Leatham

Security operations is a relatively new discipline, but one that cannot be ignored. SOC teams need to both accelerate and optimize their ability to monitor, detect, investigate, analyze, and respond. Splunk’s Security Operations Suite tightly integrates SIEM, UBA, and SOAR capabilities into one cohesive security operations platform that helps SecOps teams to accelerate and optimize. However, Splunk needs to be integrated with advanced security solutions like Cognito to provide SOC teams the data and analysis to protect their organizations.

02:40 P.M. 03:10 P.M.

Security Operations and the Business Case for APIs: Enhancing People, Process and Technology

Speaker(s)

Tim Wade,Jose Valdivia

Whether it’s a matter of data enrichment, standardizing operational execution, or automating the repetitive, APIs support both tactical and strategic security objectives, and impact dimension of people, process, and technology. Join one of your peers on the forefront of modern API thought leadership to talk through this journey, highlighting lessons, thoughts, and experiences that are applicable across the broader security community.

03:30 P.M.
04:20 P.M.

Access Granted – A Tale of Two Points of View

Speaker(s)

Nick Beauchesne

Vectra embarked on a journey to monitor the interactions between accounts, services and hosts to deliver continuous visibility and assessment of privilege. It raises the foundational question – what is the tradeoff between observed and granted privilege? And how does the network deliver an unambiguous view? Join us to discover the underlying approach behind our privilege models and how their interactions can be leveraged to your benefit.

04:20 P.M.
05:10 P.M.

Cloud Attacks: From APT1 to Cloud Future in 50 Minutes

Speaker(s)

Nathan Einwechter

An analysis of the evolution of APT groups will quickly lead us to the present with the context to look at recent cloud attacks. We will also project forward what we are looking for and expect to see in the cloud attack landscape. If you’re interested in finding out what we’re thinking about for the cloud from a Security Research perspective and what it means for your cloud migration, this session is for you.

07:30 A.M.
08:30 A.M.

Breakfast and networking

08:30 A.M.
09:00 A.M.

Keynote by Kevin Kennedy: Tipping point cyber: improve or unplug

Speaker(s)

Kevin Kennedy

Our connected future beckons: AI, cloud, IoT, 5G, self-driving cars. A world of limitless possibility…and limitless risk. Today, ransomware is stopping businesses and governments; IP theft is occurring at unprecedented scale; the lights are going off across entire nations. Can society even survive a more connected tomorrow? We’ve reached a tipping point: Security must improve or society must unplug. YOU are the sentinels that guard our path forward. Look around...you’re not alone. We’re in this together. And you have some secret weapons!"

09:00 A.M.
09:50 A.M.

SOC Director Roundtable: Modernizing the SOC

Speaker(s)

Tim Wade, Eric Weakland, Jason DePaul, Dan Basile

As the enterprise landscape continues to evolve, security leaders must constantly adapt and modernize how people, process, and technology play into their security strategy. Some drivers for this adaptation include compensating for the erosion of the perimeter and decentralization of the workforce, increasingly prevalent cloud services, or just new methods and tactics employed by adversaries. Join this session to hear security leaders riff on the journey we’re all on and what’s on their mind as they tackle these challenges head on!

10:10 A.M. 11:00 A.M.

Tales from the Trench: the biggest challenges to boots on the ground

Speaker(s)

Yesenia Martinez,Cuong Dinh,Cameron Davis

Investigations require a broad and specialized set of skills, including malware analysis, forensic packet and log analysis, as well as the correlation of massive amounts of data from a wide range of sources. Security event investigations can last hours, and a full analysis of an advanced threat can take days, weeks or even months. Join this session to hear about real-world examples where simple best practices optimized SOC operations.

10:10 A.M. 11:00 A.M.

Deploying and maintaining a data lake for security enhanced network metadata

Speaker(s)

Luca Urso,Ivo Lima

In this talk, we will discuss why is it so important to understand your use cases before bootstrapping your solution and talk about some of the questions you should answer in preparation. We will cover sharding strategies, time-based indices, autoscaling, tiered architecture (hot/warm), and disaster recovery. This discussion will use Elasticsearch as a case study.

11:10 A.M. 12:00 P.M.

Designing the future of Cognito

Speaker(s)

Dr. Chuck Clanton, Padraig Mannion

If you are an analyst that is responsible for alerts or hunting for attackers then we need to hear from you! The Vectra design team invites you to join them in imagining the future of Cognito and our platform. This will be an interactive session that will help us understand your greatest challenges and will give you a voice so that we can solve them.

11:10 A.M. 12:00 P.M.

Using the Cognito API for fun and profit or at least getting a few hours back

Speaker(s)

Craig Simon

No SOC is an island, you must work between dozens of systems to understand a breach. Many of your tools, including Cognito have their own APIs for automation. And what if you accessed these APIs together via a chat interface? In this session we will be using Python to build a chatbot that participants can take home with them to extend and integrate. We will be using various APIs and services to tell the story about detections, and allow remediation, all from the palm of your hand.

01:00 P.M. 01:30 P.M.

The 1/10/60 Minute Challenge: Defenders Win, Adversaries Lose

Speaker(s)

Chris Garcia

The "Breakout time", is all the time until an intruder jumps from the machine that’s initially compromised and moves laterally through your network. This is a crucial window to stop the breach, but is not the only metric you need to know. When an attack is in progress, you have on average of one minute to detect it, 10 minutes to understand it and one hour to contain it. Is your organization ready to meet the 1/10/60 minute challenge? Join CrowdStrike security experts for an important, in-depth discussion of the common hurdles organizations face in establishing an effective IR process.

01:00 P.M. 01:30 P.M.

Using Cognito to perform hygiene in a fluid environment

Speaker(s)

Rob Rivera

The combination of people, systems and services make up the attack surface of any organization. Add to it that many people are not employees, but contractors with privileges to operate on the network with their own systems. Cooper Health must constantly understand their fluid attack surface in order to protect their digital business from attack and remain compliant with regulations. Rob Rivera will discuss how the Cognito network detect and response platform enables a proactive cybersecurity practice.

01:40 P.M. 02:30 P.M.

The Gartner SOC Triad = Functional Harmony

Speaker(s)

Kevin SheuDon Leatham,Chris Garcia

In music, a triad is a set of three notes (or ""pitch classes"") that can be stacked vertically in thirds to create a “harmonic triad.” In security operations, the SOC triad provides greater visibility into your environment by “harmonizing” three distinct capabilities – NDR, EDR and SIEM – reducing the likelihood of a bad actor staying hidden for an extended period of time. Hear how Dun & Bradstreet’s security operations team followed Gartner’s “SOC Visibility Triad” to gain visibility across data centers and global office locations, while integrating the approach into day-to-day operational practices.

01:40 P.M. 02:30 P.M.

Discovering your own security posture and knowing what to triage

Speaker(s)

Jonathan Barrett

How often do you wonder: what should I triage? This decision isn't binary and there isn't a right or wrong answer. We can however talk about all the factors that need to go into your decision and provide you some structure around the decisions. This session is for anyone that struggles with triage and will involve open discussion. Talk to and debate with Vectra Consulting analysts on what the proper process looks like for you and your team.

02:40 P.M. 03:30 P.M.

Your data on someone else’s computer: Secure your cloud with Cognito

Speaker(s)

Gokul Rajagopalan,Alex Attumalil

As organizations embrace the cloud, security teams are dealing with an evolving threat landscape - one that involves lesser control, many more users, a variety of hosts and frequent changes. Our guest-speaker, Alex Attumalil of Under Armour describes challenges in securing the cloud and paints a vision of what SecOps 2.0 will need to be. Join this session to hear from Alex and learn more about how Cognito is embarking upon a journey to deliver on that vision.

02:40 P.M. 03:30 P.M.

Red Teams: Formulating Your Own Unique APT

Speaker(s)

Nathan Einwechter, Marion Hennequin

We will decompose and discuss how Red Team exercises can be formulated and executed to simulate a real attack against your environment to test your readiness to handle an advanced attack. This session will not be prescriptive. Instead, it will give you the ability to formulate Red Teams specific to your environment. As a result, anyone interested in executing a Red Team themselves or hiring a Red Team will be interested in this session.

03:50 P.M.
04:40 P.M.

The state of AI

Speaker(s)

Matt Silver

Has all the deep learning hype got you feeling down lately? Are you losing interest in hearing about how good convolutional neural networks are for image processing, and how recurrent neural networks will solve all your time-series woes? Join us, as we tour new developments in the field of machine learning and AI. We will cover topics ranging from graph neural networks to generative adversarial networks, and how these modeling techniques are making their way into cybersecurity!

04:40 P.M.
05:00 P.M.

Closing Remarks and Awards

Speaker(s)

Oliver Tavakoli
brochure
sponsors