Seattle, WA

In this talk, we will first explain what Managed Extended Detection and Response (MXDR) is – given the ‘acronym soup’ of detection and response solutions (XDR, MDR, NDR, EDR, CDR, etc). Next, we will delve into why mid-market organizations should integrate MXDR into their security strategies – focusing on the specific profiles of security teams that benefit most from its implementation. The presentation will be capped with two to three customer case studies, demonstrating MXDR’s practical impact in real-world scenarios. Attendees will gain a clear understanding of MXDR’s advantages, its applicability to various organizations, and actionable insights from successful deployments

To match the pace of API-driven development, it’s essential to implement a proactive approach to security testing. However, organizations struggle despite a strong desire to integrate security into software delivery cycles effectively. This talk will dive into the “how” of shifting left, focusing on three key principles: people, process, and technology. 

The threat landscape is continuing to expand and diversify as organizations move to a multi-cloud environment. CISOs need to ensure that their DevSecOps capabilities are incorporated within their overall business strategy to guarantee that their cloud applications and code can remain secure.

Topics covered:
·      Understanding there is no one-size-fits-all model for DevSecOps
·      Best practices for integrating DevSecOps into your cloud security strategy
·      Exploring the intersection between development, security and DevSecOps

Building threat intelligence is challenging, even under the most ideal circumstances. But what if you are even more limited in your resources? You are part of a small (but skilled) team, with high expectations, and people are relying on you to make business-critical decisions…all the time! What do you do in that situation? Turn a Toyota Tercel into a tank, of course. The Interpres Security threat intelligence team found itself in that exact situation. Wanting to leverage the MITRE ATT&CK catalog in creating a comprehensive and timely threat intelligence repository, the Interpres team built a series of tools, processes, and paradigms that we call Intelligence Engineering. In this talk, we’ll examine how we combined ATT&CK, STIX2, the Vertex Project’s open-source intelligence platform, Synapse, and custom code to deliver meaningful, rapid, verifiable intelligence to our customers. We’ll share lessons learned on automation, how to run multiple ATT&CK libraries side-by-side, and making programmatic intelligence delivery scalable and effective – just like building a tank out of an imported sedan.

In today’s ever-evolving threat landscape, securing your assets and infrastructure has become a formidable challenge. Traditional defense walls have fallen with rise on-the-go workforces and the relentless onslaught of cyber adversaries. But fear not, there’s a beacon of hope—protective DNS.

In this session, we’ll break down the power of protective DNS as a pivotal element in safeguarding your business against ransomware and other insidious threats:

• Unmasking the Phishing Threat: How deceptive phishing tactics open the door to digital mayhem and how to spot them to keep your organization safe.
• Multi-Layered Defense with DNS Filtering: Discover why the DNS layer is your first line of defense and how it can safeguard your assets and infrastructure from ransomware attacks.
• DNS-Based Threat Intelligence: The importance of purpose-built intelligence can be used to better detect and prevent zero-day threats at the DNS layer before they strike.
• Compliance and Security Frameworks: Protective DNS isn’t just a nice-to-have; it’s increasingly essential for staying compliant with the big cybersecurity standards like ISO 27001, CMMC, and NIST.