homepage
Menu
Open menu

Spring Cyber Solutions Fest 2025: Detection & Response Track

As cyber threats continue to evolve in complexity and volume, effective detection and response strategies are more crucial than ever. Join us at the Spring Cyber Solutions Fest for the Detection & Response Track, where you’ll gain the tools, techniques, and insights to fortify your organization’s defenses.

Whether you're refining existing processes or reimagining your strategy, this track offers invaluable perspectives from industry leaders.

How to Register:

Login and click the Register button below. If you don’t have a SANS account, you’ll be prompted to create one—it’s free and easy. FAQs available at the bottom of this page.

What to Expect:

  1. Innovative Approaches to Detection and Response
  2. Insights on Leveraging Advanced Security Technologies
  3. Discussion on Streamlining Incident Management
  4. Strategies for Continuous Improvement in Cyber Defense

Additional Spring Cyber Solutions Fest Tracks:

Why Register?

  • It's Free! ✅
  • Earn a Certificate and GIAC CPE Credits ✅
  • Learn from Industry Experts ✅
  • On-Demand Access (Join live and watch on your own time!) ✅
  • Network with Cybersecurity Leaders ✅

SANS Slack:

Connect with our event chairs, speakers, and fellow participants on SANS Slack for real-time discussions and networking opportunities.

Click the button below to register now and secure your spot!

Login to Register
470x382-DR_CyberSolutionsFest-25.jpg

Thank You To Our Sponsors!

Cado Logo _ 1.pngCardinalOps-CMYK_transparent.pngHorizontal Logo - Dark - Blue Swoosh.pngeSentire_Logo_2021_Blue.pngExtraHop2024-Logo_color_medium (1).pngGoogle_Cloud.pngPalo_Alto_Networks.pngRAD FOR LIGHT COMBO.pngsophos logoThreatDown_Horizontal_Navy.pngverosint-logo.pngNew_Logo_Blue.png

This webinar is offered free of charge through collaboration between SANS and its sponsor(s). If you prefer not to share your registration details with sponsor(s), a recorded webinar will be available approximately 30 days after its initial release through the SANS archive. To access the recording, you will need to create a SANS account, but your information will not be shared with the sponsor(s).

Agenda | March 19, 2025 | 8:30AM - 5:00PM EDT

Timeline (EDT)
Session Details

8:30 AM

Welcome & Opening Remarks

Megan Roddie, Co-Author, SANS Institute & Sr. Security Engineer, Datadog

8:45 AM

Session One | Cloudy with a Chance of AI Threats: Securing the Future of AI-Driven Cloud Detection and Response

As enterprises increasingly integrate AI into their cloud ecosystems, security teams must confront a rapidly evolving threat landscape. The rise of large language models, Shadow AI, and AI-driven attacks introduces new challenges that demand a shift in security paradigms. How can organizations secure their critical assets while leveraging AI’s transformative potential?

In this talk, we will explore the intersection of AI and cloud security, shedding light on emerging risks such as AI-enabled data exfiltration and adversarial attacks. We’ll also examine proactive strategies, including Cloud Detection and Response (CDR), to enhance runtime protection. Attendees will gain actionable insights on fortifying their cloud environments, adapting to the new era of AI-driven threats, and staying ahead of adversaries in the modern security landscape.

Jimmy Mesta, CTO and Co-Founder, RAD Security

9:25 AM

Session Two | Title Coming Soon!

Session Details Coming Soon!

Google Cloud

10:05 AM

Break

10:15 AM

Session Three | Defining the 'R' in CDR: A Realistic Approach to Responding to Cloud Detections

Cloud environments are complex and dynamic, and traditional security solutions often fall short. This gap has led to the rise of Cloud Detection & Response (CDR) - but what does “response” actually mean in this context? Significant time is spent focusing on cloud detections, but the critical question remains: How do we respond effectively?

This talk will dive into:

- The Rise of CDR: The key components of Cloud Detection and Response.

- Response Fundamentals: Best practices for effective response in the cloud.

- Top 5 Considerations: Critical factors to consider when formulating your response to cloud detections.

Join us for a practical and actionable discussion on mastering the “R” of CDR and strengthening your cloud security posture.

Al Carchrie, Lead Solutions Engineer, Cado Security

Shannon Lucas, Principal Solutions Architect, Cado Security

10:45 AM

Session Four | Real-Time Identity Threat Detection and Response

Identity-based attacks are rising over 3X per year and traditional Identity and Access Management (IAM) products like Okta, Ping and Forgerock have proven they are insufficient to stop modern attacks. As a result, Identity Threat Detection and Response (ITDR) solutions have solidified their role as a critical component in the cybersecurity landscape, focusing on detecting and responding to identity-based threats.

Verosint adds comprehensive user account observability, threat detection, and automated prevention for traditional IAM to protect against account takeover, credential stuffing, insider threats, and much more. Instead of reactively trying to answer “what happened?”, Verosint proactively stops bad actors in their tracks.

Verosint implementation takes about 5 minutes with a simple API key, and one Okta customer saved over 25,000 labor hours and blocked over 49,500 attacks in just the first 90 days. Learn much more and see a live product demo in this 30min session.

Steve Shoaff, CEO and co-founder, Verosint

Mark Batchelor, CTO and co-founder, Verosint

11:15 AM

Session Five | 2025 Incident Report and Overview

In the past year, we have seen threat actors making larger and faster moves that damage their targets. The Unit 42 Incident Response and Threat Intelligence teams have put together the Palo Alto Incident Response Report 2025, taking care to include detailed notes concerning the latest and greatest vulnerabilities, threats, and threat actor groups.

Join this talk if you'd like to learn more about the current nature of the ever-evolving beast that we call cyber security. Unit 42 has helped hundreds of organizations assess, respond, and recover from cyberattacks. We helped reduce operational downtime and got them back to business quicker. What attacks did we see the most? What has changed since last year? What do you need to know going forward as we progress through 2025? Let's discuss!

Ryan Chapman, Team Lead, Unit 42 Managed Threat Hunting, Palo Alto Networks

11:45 AM

Break

12:00 PM

Session Six | Title Coming Soon!

Session Details Coming Soon!

Google Cloud

12:20 PM

Session Seven | Title Coming Soon!

Session Details Coming Soon!

RAD Security

12:40 PM

Session Eight | The Twilight of Blocklists: How AI and DNS Detect Modern Threats

Static blocklists are no match for today’s attackers, who deploy AI to generate phishing sites, deepfake domains, and malicious campaigns at unprecedented speed. To defend against these evolving threats, detection strategies must evolve too. DNS provides a unique vantage point as the internet’s first line of defense, and when paired with AI, it becomes a powerful, multi-dimensional tool for detecting and neutralizing malicious activity. In this session, we’ll take you behind the scenes of AI-powered DNS detection—exploring how machine learning analyzes content, uncovers domain-level patterns, and interprets network behaviors during high-risk events like the Super Bowl and Tax Season, where attackers strike hardest.

Carl Levine, Senior Manager, Product Management, DNSFilter

1:10 PM

Break

1:25 PM

Session Nine | Title Coming Soon!

Session Details Coming Soon!

ExtraHop

1:55 PM

Session Ten | Title Coming Soon!

Session Details Coming Soon!

Sophos

2:25 PM

Session Eleven | Title Coming Soon!

Session Details Coming Soon!

Cardinal Ops

2:55 PM

Break

3:10 PM

Session Twelve | Elevate Your Security Operation: Leveraging Next Level Managed Detection and Response (MDR) to Drive Prevention and Deliver Business Value

Join Mark Gillett, Vice President of Product Management at eSentire, for a 30-minute webinar as he explores the next evolution in security operations. Today's security leaders are no longer satisfied with reactive Managed Detection and Response (MDR), they're seeking a proactive approach that continuously advances their security posture, reduces risk, and delivers heightened levels of protection to their organization. In this session, Mark will outline the 7 core foundational elements required to achieve optimal threat detection and response capabilities and Next Level MDR:

* Full visibility of the attack surface and commercially available detections

* The ability to detect attacks designed to evade existing security tech in near real time

* The capability to rapidly investigate threats, accurately identify attacks and prevent business disruption

You'll learn how Next Level MDR can: continuously harden your security posture with proactive threat intelligence; advance your security operation to deliver greater value to your organization by identifying and mitigating emerging threats, such as zero-day vulnerability exploits and advanced persistent threats; and continuously reduce your exposure to risk by identifying, prioritizing, and remediating new vulnerabilities before they can be exploited.

Mark Gillett, Vice President, Product Management, eSentire

3:40 PM

Session Thirteen | Title Coming Soon!

Session Details Coming Soon!

ThreatDown/MalwareBytes

4:10 PM

Session Fourteen | Panel Discussion

Details to Come!

Google Cloud & RAD Security

4:55 PM

Closing Remarks

Megan Roddie, Co-Author, SANS Institute & Sr. Security Engineer, Datadog

Frequently Asked Questions (FAQs)

Q: What is Spring Cyber Fest?

A: Spring Cyber Fest is a multi-day virtual event hosted by SANS, bringing together cybersecurity experts and practitioners to share insights, best practices, and actionable strategies across various tracks like threat hunting, cloud security, ransomware, and more. Attendees can expect expert-led sessions, hands-on demos, emerging threat insights, and networking opportunities—all at no cost.

Q: How many CPE credits can I earn?

A: You will earn 1 CPE credit for every hour you attend live or on-demand. For example, a 120-minute session earns you 2 CPE credits. This is a great opportunity to advance your professional development while learning from industry leaders.

Q: Do I need a SANS account to register?

A: Yes, a free SANS account is required to register. If you don’t already have one, creating an account is quick and easy during the registration process.

Q: What can I expect from the event if I’m new to SANS?

A: Expect high-quality, expert-led content tailored for cybersecurity professionals. Each track features sessions designed to provide practical knowledge, innovative solutions, and insights into the latest threats. You’ll also have the opportunity to ask questions and interact with presenters during live sessions.

Q: Do I need to register for reach track separately?

A: Yes, registration is required for each track you’d like to attend. With five distinct tracks, you can customize your experience by choosing the topics most relevant to you. Don’t worry—registering for multiple tracks is quick and easy!

Q: When will more details about the event be available?

A: Detailed agendas and speaker lineups will be released closer to the event date. By registering, you’ll receive updates and announcements directly in your inbox, so you’re always in the loop.

Q: Can I attend if I have a busy schedule?

A: Absolutely! Sessions are designed to be flexible, and recordings will be available on-demand after the event. You can attend live sessions whenever possible and catch up on the rest at your convenience.

Q: Is Spring Cyber Fest free to attend?

A: Yes, Spring Cyber Fest is completely free! There’s no cost to register or attend any of the sessions.

Q: Who should attend Spring Cyber Fest?

A: Spring Cyber Fest is designed for both cybersecurity practitioners and executives. The event offers a variety of sessions covering an array of topics, ensuring relevant insights for professionals across different roles, industries, and experience levels.

Q: Is the event global?

A: Yes! Spring Cyber Fest is a global event, accessible to attendees worldwide. The virtual format ensures you can join from anywhere to explore cutting-edge content and connect with the cybersecurity community.

Q: Will recordings be available?

A: Absolutely. All sessions will be recorded and made available on demand for registered attendees. You’ll have the flexibility to revisit sessions at your convenience or catch up on those you couldn’t attend live.

Q: Will there be opportunities for networking?

A: Yes, Spring Cyber Fest includes opportunities to engage with fellow attendees and speakers through live Q&A sessions and interactive chats.

Q: How do I ask questions during sessions?

A: During live sessions, you’ll have access to a Q&A chat feature where you can submit questions directly to the speakers.

Q: I’ve registered—what happens next?

A: Once registered, you’ll receive email updates with details about the event agenda, session links, and any additional information you need to make the most of Spring Cyber Fest.