Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Speakers: John Gamble (Corelight), Domenica Crognale, Heather Mahalik, David Smalley.

As vendors develop new software or tools for threat hunting, we need to remember that threat hunting is predominantly a human-based activity in looking for incidents that our automated tools have not yet found, or cannot yet detect.

Whether you’re attending RSA or not, one thing is for certain - attackers are always at work. Furthermore, attackers are always working together without red tape like we have within our corporate infrastructure. That’s why Mandiant/Google, Stairwell, SnapAttack, Nozomi Networks, SentinelOne, and Corelight are hosting a webinar before RSAC 2023 to show how Defenders are also Stronger Together. There is no silver bullet in the cybersecurity space, so come get the conversation started early in an executive panel as we explore how each executive/organization is addressing.

Speakers: AJ Nurcombe (Corelight), Brandon Dunlop (ISC2) Threat hunting is a challenge to get right, with many potential pitfalls. There are twenty different definitions for threat hunting and ten different ways to do it. Organisations vary from having zero presence in their threat hunting program to multiple full-time hunters, but unfortunately, they often miss many critical pieces. This webinar will cover the common oversights that organisations fall foul of as well as emphasising the importance of network evidence in your threat hunting framework.

When organizations need to know not only what type of malicious activity potentially occurred within their networks and clouds but also gather the remnants of that activity as evidence — they turn to Corelight. Corelight's customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, this open-core security company was founded by the creators of the widely-used network security technology, Zeek.

The current tempo in information security is getting increasingly faster. We continue to chase quicker detections and faster responses. But does that align with reality? Troves of data is being ingested at wire speed w/filtering, comparing, correlating, identifying, and other transform operations in the event lifecycle. This comes with an increased risk of missed events/alerts, indiscernible log activity from various origins, and the potential for analysis paralysis/desensitization/burnout…

Monitoring network traffic is essential to SecOps. Security teams need to streamline network detection, data routing, and analysis for faster incident response. Corelight, Cribl, and Elastic combine to provide a unique solution that transforms the noise of network traffic into effectively routed, optimized data.

Networks are the transport fabric for all IT however in the modern world they have become harder to access and monitor. Attackers inevitably leave traces on the network, and for this reason defenders understand the value of high-quality network evidence. But given the rise of encryption, digital transformation, Zero Trust architectures, and SASE… is it even feasible to collect network evidence anymore? Maybe we should throw in the towel and do without it?

SANS research has shown that more organizations are using multiple cloud providers. Multicloud adoption can be driven by a variety of factors, such as competitive differentiation, mergers and acquisitions, and more. This event explores various results from the SANS 2022 Multicloud Survey, including multicloud adoption trends, how adoption decisions are made, and—most importantly—what cybersecurity teams are doing to cope with the onslaught of challenges brought about by so much change, complexity, and variation in the cloud services marketplace.

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivalled source of evidence and visibility. Open-source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.