HUNT CLUB 2018 - Security Architects Track

Join us! We have prepared sessions that will enable you to get the most out of the AI in the Cognito platform.

Hunt Club registration will open at 5 pm on Tuesday, October 16. Pick up your badge, and enjoy our cocktail party until 9 pm CDT.
Details are listed below for the main event days, Wednesday, October 17 and Thursday, October 18.

  • 07:00 - 08:30
  • Registration & breakfast
  • Registration located in the Cumberland South Foyer will be open at 7 a.m. each morning and will remain open for the duration of the event. Join us each morning in the Cumberland South room for a southern breakfast buffet to help kick-start your day.
  • 08:30 - 09:40
  • Welcome & keynote: Deep Undercover with former KGB spy Jack Barsky
  • Jack Barsky spent 10 years as a KGB spy in America until he “resigned” from the KGB and was discovered by the FBI. In this informal discussion, Barsky will talk about being a hidden threat and the tradecraft he used in his undercover life.
  • 09:40 - 10:30
  • Know your adversary, know yourself
  • This session involves self-assessment: Understanding how prepared you are in the event of an attack, learning how to discover and overcome blind spots you might have, and locating connected assets you might not know about.
  • Before AI and Cognito, network security meant enforcing policies with firewalls (e.g., allow this and block that) and precisely defining malware and bad guys (e.g., signatures and reputation lists). Cognito detects what the attacker or their malware is doing, rather than who or what they are, even when they are operating on permitted ports (e.g., ports 80, 443) and using encryption. This session will walk through the categories of Cognito detections and specific algorithms that automate the identification of hidden attackers with accuracy.
  • 11:00 - 11:50
  • Avoiding Common Design Challenges
  • Traffic visibility is critical for Cognito to see the entire attack lifecycle. Preventing blind spots caused by asymmetric and overlapping IP address spaces, and ensuring visibility to critical resources like DNS and DHCP services are topics covered in this session.
  • Traffic visibility is critical for Cognito to see the entire attack lifecycle. Preventing blind spots caused by asynchronous and overlapping IP address spaces, and ensuring visibility to critical resources like DNS and DHCP services are topics covered in this session.
  • 11:50 - 13:00
  • Lunch
  • Join us for authentic southern cuisine in the Cumberland South room. In Nashville, the tea is sweet, the chicken is hot, and no meal is complete without at least one biscuit. Enjoy networking with your peers and other security professionals.
  • 13:00 - 13:50
  • Traffic validation for optimal visibility
  • Tools can be run with Cognito to validate it is seeing the traffic necessary to detect attackers behaviors across the full lifecycle.
  • Tools can be run with Cognito to validate it is seeing the traffic necessary to detect attackers behaviors across the full lifecycle.
  • 13:50 - 14:40
  • Behavior Visibility in a Global Network
  • The API makes it possible to both extract data from and provide data to Cognito. Consulting analysts will explain how they regularly use the APIs and a playbook with best practices.
  • Learn from your peers during this session. We don’t always have enough people, but the need for 24x7 security monitoring doesn’t change. If you can’t hire enough people, then you need to build an agile team focused on the most important security work and then augment their abilities using machine learning and automation to achieve economic, efficiency and effectiveness gains in security operations.
  • 15:10 - 16:00
  • Cognito and SIEM integration: A match made in heaven
  • The Cogntio API enables strong integration with technology partners. This lab will enable you to use the API to integrate 3rd-party apps specific to your environment. (Lab)
  • HBO Latin America will discuss the advantages of bringing Cognito attack detections into Splunk and other SIEM platforms to ensure actionable insight into the highest-risk threats, faster incident response, more efficient SOC workflows.
  • 16:10 - 17:00
  • Let's talk data science
  • Explore the evolution and future of data science. You’ll learn about the problems solved by unsupervised, supervised and reinforcement learning, advantages and disadvantage of certain algorithms, and what to expect in the next few years.
  • The goal of a Red Team is to simulate a nightmare scenario, which may push you out of your comfort zone. The session will highlight the tools and techniques of advanced attacks.
  • 17:30 - 19:00
  • RECEPTION
  • Enjoy great food and drinks while engaging in great conversations with your peers.
  • 19:00 - 21:00
  • Evening event - music crawl
  • Your trip will not be complete until you enjoy the music that Nashville brings to the downtown area. The downtown area is filled with exciting music venues where legends like Kris Kristofferson, Willie Nelson and others got their start. With your peers, we will kick off the evening with the Music Crawl to four different music venues throughout the evening. Drinks are included! See more details here.
  • 07:00 - 08:30
  • Breakfast
  • Join us in the Cumberland South room for a southern breakfast buffet to help kick-start your day.
  • 08:40 - 09:10
  • From Intern to Analyst: A Fireside Chat with Erin Kuffel
  • Erin Kuffel is a recent graduate from Texas A&M University and worked as an analyst in the University’s security operations center (SOC). Erin represents the workforce of the future who have embraced AI-based cybersecurity. This fireside chat will explore the maturation of the SOC that Erin witnessed as AI-based security tools were introduced and share experiences of the growth she experienced. 
  • 09:10 - 09:40
  • Coordinating First Response: A Fireside Chat with Mario Morales
  • Running to the fire isn’t a metaphor for Mario Morales. In his role at DHS Federal Protective Services, he is the first responder to every kind of public threat and coordinates vast resources. During this fireside chat, Mario will share the pivotal experiences in his 37-year career that he leverages daily and the characteristics he looks for in first responders on his team.
  • 09:40 - 10:30
  • Storyboard
  • In real world attacks we expect behaviors and we can look at how this behaviors transcend attack groups and attacker sophistication. Walkthough of some public attacks.
  • Cloud requires a shift in your security architecture and hybrid cloud requires cohesion of the two. Cognito offers detection algorithms that enable you to form a composite architecture for hybrid cloud.
  • 11:00 - 11:50
  • Orchestration & Vectra: Operating Models
  • Achieving automated response by using Cognito and SOAR products in tandem.
  • Join us in the Tech Hangout to hear and see Vectra partner integrations.
  • 11:50 - 13:00
  • Lunch
  • Join us for authentic southern cuisine in the Cumberland South room. In Nashville, the tea is sweet, the chicken is hot, and no meal is complete without at least one biscuit. Enjoy networking with your peers and other security professionals.
  • 13:00 - 13:55
  • Maturing your security practice
  • Bridgepoint Education discusses the role of people + AI and how frameworks like NIST can help you determine where you are and what you should do next as well as the importance of measuring the progress and maturity of your security practice.
  • Orchestration platforms like Phantom Cyber offer the power to use playbooks to automate the response with network and endpoint security controls. This workshop will walk through typical use cases.
  • 14:00 - 14:50
  • Response Matters – How SOAR Tools Pave the Way from Incident to Action
  • This session will explore use cases for integrating a Security Orchestration, Automation, and Response (SOAR) platform with the Vectra Cognito platform to standardize incident response. We will explortetask-based workflows that introduce consistency and reduce the security operations center workload by automating repeatable steps.
  • Learn how attackers will take advantage of the functions and weakness of authentication protocols and services like Active directory to steal credentials and escalate their privilege.
  • 15:20 - 16:10
  • How to use Cognito Recall for root cause analysis
  • Cognito Recall lets you uncover the root cause of an attack that might otherwise be lost forever. We will present real-world examples that show how to expertly navigate through all the data to find what exactly what you need in your investigation.
  • Cognito detects attacker behavior on all devices (e.g., IoT devices, BYOD) that may not support endpoint detection and response. Learn how Cognito integrations with EDR can reduce threat investigation times.
  • 16:10 - 17:00
  • Red Team War Stories
  • Vectra threat research and consulting analyst teams discuss the good, the bad and the ugly, such as poorly conceived red team exercises and errors that tip off blue teams. On the bright side, they also share top-shelf red team/blue team practices.
  • Vectra offers native integrations with Qradar, Splunk, LogRhythm and ArcSight. Learn how the scoring of Cognito attacker detections provide the best starting point for an investigation in a SIEM.
  • 17:00 - 17:30
  • Closing remarks, SEE YOU NEXT YEAR!
  • Thank you for engaging with everyone at Hunt Club. This is the first annual user conference for the security practitioners and architects leading the use of AI in cybersecurity. We want to see you next year where the program will grow to continue supporting your growth. We welcome your feedback on this year's event and your input for Hunt Club 2019!