Threat-Driven Network Defense

  •  TYPE: Track    START DATE: Wednesday, October 09, 2019     START TIME: 15:00    LOCATION:  Holeman Lounge
Parent Track


Talks that show how to use automation, orchestration, and actionable threat intelligence to implement network defense actions.


Automating Open-Source Zeek (Bro) for Threat Mitigation and Response

Date: Wednesday, October 09, 2019 Time: 15:00-16:00

Automating Open-Source Zeek (Bro) for Threat Mitigation and Response
Allan Thomson, LookingGlass Cyber Solutions

This presentation describes how a common open-source tool Zeek (Bro) that has been used, until today, primarily for threat detection can be extended to provide threat response including mitigation of attacks including those aspects that can be tied to the MITRE ATT&CK framework.  Today Zeek/Bro has a large open-source and active community that contributes using Zeek/Bro scripts that include detecting attacks such as Heartbleed and many other behavioral (TTP) based detections....

CACAO: Insights on Cybersecurity Orchestration Cooperative Collaboration
Allan Thomson, LookingGlass Cyber Solutions • Bret Jordan, Symantec

To defend against threat actors and their tactics, techniques, and procedures, organizations need to manually identify, create, and document prevention, mitigation, and remediation steps. These steps when grouped together into a course of action (COA) / playbook are used to protect systems, networks, data, and users. The problem is, once these steps have been created there is no standardized and structured way to document them, verify they were correctly executed, or easily share them across...

Decision Automation: Teaching Machines to Hunt

Date: Wednesday, October 09, 2019 Time: 16:00-17:00

Decision Automation: Teaching Machines to Hunt
Kumar Saurabh, LogicHub

Threat Detection in today's environment requires Security Operational Center (SOC) teams to go beyond SIEM rules and simple correlation. Yet, "blackbox" AI systems often fall short by creating too many false positives and often missing true incidents. Decision Automation is the new paradigm that brings the power of expert root-cause analysis using the 5 Whys approach, coupled with Machine Learning and easily-configured automation platforms, enabling security teams to create powerful...

Making Threat Intelligence a Shared Resource for Network Defense
Todd Weller, Bandura Cyber • Jason Mok, IACD, Johns Hopkins Applied Physics Laboratory

Can small to medium organizations use what the larger organizations learn about threats to take action in a prioritized, appropriate, and automated manner? Is there an incentive for an organization to share opinions and sightings about Indicators of Compromise (IOCs)? How can a service provider share the insight gained by all these contributors so organizations can directly use that insight? Bandura Cyber has partnered with the IACD team to demonstrate the potential value of: community...

Washington, D.C. - USA


CyberNext Summit 2019

Registration fee:
€1000.00 $1250.00 S$1600.00 11000.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • Oct 08 - 10, 2019 Washington, D.C. - USA