HUNT CLUB 2018 - Incident Investigators Track

Join us! We have prepared sessions that will enable you to get the most out of the AI in the Cognito platform.

Hunt Club registration will open at 5 pm on Tuesday, October 16. Pick up your badge, and enjoy our cocktail party until 9 pm CDT.
Details are listed below for the main event days, Wednesday, October 17 and Thursday, October 18.

  • 07:00 - 08:30
  • Registration & breakfast
  • Registration located in the Cumberland South Foyer will be open at 7 a.m. each morning and will remain open for the duration of the event. Join us each morning in the Cumberland South room for a southern breakfast buffet to help kick-start your day.
  • 08:30 - 09:40
  • Welcome & keynote: DEEP UNDERCOVER WITH FORMER KGB SPY JACK BARSKY
  • You hunt for hidden threats 40 hours a week (probably more like 80), so we thought hearing from a former KGB spy – a former real-world hidden threat – would be a wicked-cool way to kick off Hunt Club! Join Vectra CTO Oliver Tavakoli for a mastermind interview with Jack Barsky to hear stories of growing up in former East Germany, being recruited by the KGB, working in American businesses and ultimately being caught by the FBI.
  • 09:40 - 10:30
  • Know your adversary, know yourself
  • This session involves self-assessment: Understanding how prepared you are in the event of an attack, learning how to discover and overcome blind spots you might have, and locating connected assets you might not know about.
  • Before AI and Cognito, network security meant enforcing policies with firewalls (e.g., allow this and block that) and precisely defining malware and bad guys (e.g., signatures and reputation lists). Cognito detects what the attacker or their malware is doing, rather than who or what they are, even when they are operating on permitted ports (e.g., ports 80, 443) and using encryption. This session will walk through the categories of Cognito detections and specific algorithms that automate the identification of hidden attackers with accuracy.
  • 11:00 - 11:50
  • Using Cognito to prioritize security analyst workflows
  • The Kerberos protocol is used for Windows authentication and is essential for properly associating user identity to reconnaissance and lateral movement detections, validating threats and responding to incidents.
  • This session helps you navigate threat vectors, avoid detection fatigue, respond appropriately to threat detections, and improve your corporate security culture. You’ll learn how to take command and prioritize your workflows with Cognito.
  • 11:50 - 13:00
  • Lunch
  • Join us for authentic southern cuisine in the Cumberland South room. In Nashville, the tea is sweet, the chicken is hot, and no meal is complete without at least one biscuit. Enjoy networking with your peers and other security professionals.
  • 13:00 - 13:50
  • Cognito UI co-design workshop
  • The RPC and SMB protocols are frequently by attackers to blend in while remotely execute commands on a host; understanding the potential misuses of these protocols will enables you to validate threats and prioritize incident response.
  • This is a rare chance to be at the ground floor in the evolution of the Cognito UI. Our UI design team will host this interactive exploration into the day-to-day workflow of security analysts to identify key areas of the UI that are ripe for improvement.
  • 13:50 - 14:40
  • Exposing cyberattackers in Kerberos traffic
  • The LDAP protocol is used many authentication systems and is essential for properly associating user identity to reconnaissance and lateral movement detections, validating threats and responding to incidents.
  • If Kerberos is your default authentication method (and it probably is), attackers probably have you in the crosshairs. This session on Kerberos metadata analysis explains how to accurately interpret, verify and investigate Kerberos detections.
  • 15:10 - 16:00
  • RPC Decoded: Understanding Attacker Use
  • While attackers use RPC regularly, investigators rarely include RPC data in their analysis. It is complex and typically not available. With increased access to network captures and metadata covering RPC, we need to leverage this critical data source by understanding RPC and the common attacker activities contained within it.
  • Based on the attacker behavior detected by Cognito, this session will explore the range of responses with other network security controls.
  • 16:10 - 17:00
  • Let's talk data science
  • Explore the evolution and future of data science. You’ll learn about the problems solved by unsupervised, supervised and reinforcement learning, advantages and disadvantage of certain algorithms, and what to expect in the next few years.
  • Based on the attacker behavior detected by Cognito, this session will explore the range of with endpoint protection products.
  • 17:30 - 19:00
  • RECEPTION
  • Enjoy great food and drinks while engaging in great conversations with your peers.
  • 19:00 - 21:00
  • Evening event - music crawl
  • Your trip will not be complete until you enjoy the music that Nashville brings to the downtown area. The downtown area is filled with exciting music venues where legends like Kris Kristofferson, Willie Nelson and others got their start. With your peers, we will kick off the evening with the Music Crawl to four different music venues throughout the evening. Drinks are included! See more details here.
  • 07:00 - 08:30
  • Breakfast
  • Join us in the Cumberland South room for a southern breakfast buffet to help kick-start your day.
  • 08:40 - 09:10
  • From Intern to Analyst: A Fireside Chat with Erin Kuffel
  • Erin Kuffel is a recent graduate from Texas A&M University and worked as an analyst in the University’s security operations center (SOC). Erin represents the workforce of the future who have embraced AI-based cybersecurity. This fireside chat will explore the maturation of the SOC that Erin witnessed as AI-based security tools were introduced and share experiences of the growth she experienced. 
  • 09:10 - 09:40
  • Coordinating First Response: A Fireside Chat with Mario Morales
  • Running to the fire isn’t a metaphor for Mario Morales. In his role at DHS Federal Protective Services, he is the first responder to every kind of public threat and coordinates vast resources. During this fireside chat, Mario will share the pivotal experiences in his 37-year career that he leverages daily and the characteristics he looks for in first responders on his team.
  • 09:40 - 10:30
  • Evading AI
  • This session covers the near- and long-term threats to AI systems, including state-of-the-art methods for using AI systems in adversarial attacks and emerging trends in adversarial AI that we expect to become more prominent in the coming years.
  • Artificial intelligence introduces new methods for threat hunting, incident response and forensic analysis that can save time. This session will provide a technical overview.
  • 11:00 - 11:50
  • Storyboarding the anatomy and lifecycle of an attack
  • Vectra threat research and consulting analyst teams will interpret the progression of an attack inside a network, explain how to replicate and map out threat scenarios and storyboards, and show how to associate threats with groups and campaigns.
  • Now that you have learned about Total Recall, it is time to experiment with threat hunting in Total Recall.
  • 11:50 - 13:00
  • Lunch
  • Join us for authentic southern cuisine in the Cumberland South room. In Nashville, the tea is sweet, the chicken is hot, and no meal is complete without at least one biscuit. Enjoy networking with your peers and other security professionals.
  • 13:00 - 13:55
  • Maturing your security practice
  • Join us in the Tech Hangout to hear and see Vectra partner integrations
  • Bridgepoint Education discusses the role of people + AI and how frameworks like NIST can help you determine where you are and what you should do next as well as the importance of measuring the progress and maturity of your security practice.
  • 14:00 - 14:50
  • Triage: A Love Story
  • A long time ago, in a SOC far, far away, triage simply dealt with benign behaviors and improved workflows. But all that is about to change. This session provides a sneak-peak into Cognito triage enhancements that are on the horizon.
  • Learn how attackers will take advantage of the functions and weakness of authentication protocols and services like Active directory to steal credentials and escalate their privilege.
  • 15:20 - 16:10
  • How to use Cognito Recall for root cause analysis
  • Now that you have learned about Total Recall, it is time to experiment with forensics analysis in Total Recall.
  • Cognito Recall lets you uncover the root cause of an attack that might otherwise be lost forever. We will present real-world examples that show how to expertly navigate through all the data to find what exactly what you need in your investigation.
  • 16:10 - 17:00
  • Red Team War Stories
  • Vectra threat research and consulting analyst teams discuss the good, the bad and the ugly, such as poorly conceived red team exercises and errors that tip off blue teams. On the bright side, they also share top-shelf red team/blue team practices.
  • The Cognito software is updated monthly with new detections, detection enhancement and new platform functionality. Product managers will walk through recent Cognito updates.
  • 17:10 - 18:15
  • closing remarks, SEE YOU NEXT YEAR!
  • Thank you for engaging with everyone at Hunt Club. This is the first annual user conference for the security practitioners and architects leading the use of AI in cybersecurity. We want to see you next year where the program will grow to continue supporting your growth. We welcome your feedback on this year's event and your input for Hunt Club 2019!