homepage
Open menu
Talk with an expert

DFIR Summit 2024 - Threat Hunting Solutions Track

The cybersecurity workforce has exploded in recent years, with more than 1 million available jobs posted in 2023 alone. Daunting is the fact that the demand for skilled employees more than doubles the currently available workforce.

Even for the most seasoned professionals, there is a desperate need to stay on top of the latest attack trends, vulnerabilities and exploits, and to constantly vet the myriad of available tools touted to do the job, or make the role of a threat hunter, intel analyst, ransomware expert, or digital examiner easier or more efficient.

The SANS Threat Solutions Track at the DFIR Summit aims to arm analysts with knowledge of the latest attack trends, research into the artifacts, and insights into multiple tools and techniques that will assist in the timely incident response necessary to keep your business or organization safe and functioning. 

Forum Highlights: 

  • Discover how industry leading technologies and techniques can assist in arming analysts against the latest attack trends, vulnerabilities, and exploits

  • Learn from industry leaders as they dive into cutting-edge use case studies and specific examples, while highlighting how the integration of technologies can provide unprecedented insights and advantages 

  • Interact with the SANS chair Domenica (Lee) Crognale, speakers and peers in the interactive Slack workspace by posting questions and discussing the forum topic 

    --> To view the full agenda for this event, please scroll down.

Login to Register
DFIR_Summit_Threat_Hunting_Solutions_Track_2024_470_x_382.jpg

Thank You To Our Sponsors

Anomali_Logos_Anomali Full Color Primary - NEW.pnglogo_transparent.pngNEW-duoLogo-web.pngnetwitness-logo-RGB.pngNEW.pngThreatLocker_Logotype_Primary_Color.png

Full Agenda

Timeline (MDT)Session Details
10:00amEvent Kickoff & Introduction
Domenica (Lee) Crognale, Event Chairperson & SANS Certified Instructor
10:10amElite SOC Performance Through Intelligence Led Security Operations - "Peacetime" and "Wartime" Perspectives
For digital enterprises cyber threat is a full-on business interruption risk with consequences that are significant and potentially existential. SOCs are underperforming, CISOs are stressed, and C-suite question the ROI. There is a better way. With over a decade protecting BT, former CSO Steve will share his real-world experience in achieving the security mission at an elite level through three areas of “grip” and two “states of operation” and show it for real. See how the smart use of intelligence with AI drives critical decision-making cycles.

Steve Benton, VP of Threat Research at Anomali
10:45amCyber Showdown: Unveiling APTs and Ransomware
Join us for an eye-opening session where we delve into the dark web to uncover chilling tales of cyberattacks and adversaries. We'll explore real-life examples of exploitations uncovered by our expert threat hunting team, highlighting how bad actors can exploit weak security practices to infiltrate organizations. Through detailed case studies, we’ll demonstrate the devastating impact of these cyber threats and provide insights on how to protect your organization.

Don't miss this opportunity to learn from the mistakes of others and fortify your defenses against the lurking dangers of the dark web.

Steve Baer, Global VP of Field Sales at NetWitness
John (JP) Pirc, VP of Product Line Management at NetWitness
11:20amDetection Engineering for Email Threat Protection: Do's & Don'ts for Building High-Fidelity YARA Rules
Email-based attacks are the most prominent threat vector that organizations see today. Securing email nowadays means worrying about malicious attachments, links leading to malware, links leading to phishing sites, and business email compromise attacks.

Traditional MTAs and default MS and Gmail security controls don’t prevent all threats from reaching the intended target. Additional controls are a must. This is where YARA can play a critical role in an organization’s defense strategy.
The ability to construct high-fidelity custom YARA rules is crucial in order to catch advanced threats while also preventing false positives. YARA rules for email must be written to target a specific section: email header, email body or attachments focusing on the specific emails/email providers or geolocation, file types/sizes, specific campaigns and related language and term usage that can be found used in an email’s message body.
In this session, we'll discuss how to effectively use YARA to triage and analyze malicious emails.

Igor Lasic, SVP Technology at ReversingLabs
Jason Valenti, Director, Product Management at ReversingLabs
11:55amEvent Recap & Closing Remarks
Domenica (Lee) Crognale, Event Chairperson & SANS Certified Instructor

Related Content

Blog
blog image - ransomware summit.png
Digital Forensics, Incident Response & Threat Hunting
A Visual Summary of SANS Ransomware Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS Ransomware Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
DFIR - Blog - The Evolution of Enterprise Threat Hunting- Detailed Insights from the SANS 2024_340 x 340.jpg
Digital Forensics, Incident Response & Threat Hunting
The Evolution of Enterprise Threat Hunting: Detailed Insights from the SANS 2024 Survey
The SANS Survey highlights threat hunting's evolution with increased formalization and strategic integration to enhance cybersecurity effectiveness.
DFIR_ICON_(1).PNG
SANS DFIR
read more
Blog
CTI_Blog_part_1_(1).png
Digital Forensics, Incident Response & Threat Hunting
Helping CTI Analysts Approach and Report on Emerging Technology Threats and Trends (Part 2)
How to approach, research, and develop analytic assessments on emerging technologies and threat trends (Part 2)
John_Doyle_370x370.png
John Doyle
read more