Agenda

At Spotlight20 you will hear from Exabeam customers firsthand.

*All times in PST

Monday, November 9th
Tuesday, November 10th
Wednesday, November 11th
ADD TO CALENDAR
8:00 AM — 10:00 AM
Hands On Workshops



01- Hunter Games - Challenge yourself in a game of threat hunting agility and Exabeam skills! How well do you know Advanced Analytics? How well do you know Threat Hunter? Can you capture the points before anyone else? This workshop is a fun way to learn new skills while challenging yourself! Participants will earn points by investigating for answers in response to challenge questions. This workshop is designed for analysts who are already familiar with the Exabeam platform but don't consider themselves expert.

02 - MITRE ATT&CK 101 - In this workshop you will learn how MITRE ATT&CK and Exbeam's Advanced Analytics work well together. ATT&CK's focus on TTPs (Tactics, Techniques, and Procedures) over the traditional approach of IOCs (Indicators Of Compromise) can be easily combined with the powers of UEBA for better insights and defense. Participants will learn the ATT&CK framework while also analyzing events in Advanced Analytics and Threat Hunter. This workshop is designed for analysts who are new to Threat Hunter and MITRE ATT&CK.

10:00 AM — 1:00 PM
SOC-a-thon
4:00 PM — 6:00 PM
Hands On Workshops



01- Hunter Games - Challenge yourself in a game of threat hunting agility and Exabeam skills! How well do you know Advanced Analytics? How well do you know Threat Hunter? Can you capture the points before anyone else? This workshop is a fun way to learn new skills while challenging yourself! Participants will earn points by investigating for answers in response to challenge questions. This workshop is designed for analysts who are already familiar with the Exabeam platform but don't consider themselves expert.

02 - MITRE ATT&CK 101 - In this workshop you will learn how MITRE ATT&CK and Exbeam's Advanced Analytics work well together. ATT&CK's focus on TTPs (Tactics, Techniques, and Procedures) over the traditional approach of IOCs (Indicators Of Compromise) can be easily combined with the powers of UEBA for better insights and defense. Participants will learn the ATT&CK framework while also analyzing events in Advanced Analytics and Threat Hunter. This workshop is designed for analysts who are new to Threat Hunter and MITRE ATT&CK.

5:00 PM — 8:00 PM
SOC-a-thon
7:00 AM — 7:15 AM
Welcome



Join Tim Matthews, Exabeam Chief Marketing Officer and host of Exabeam Spotlight20, as he kicks off our third annual user conference. Tim will provide an overview of the conference; a preview of the agenda including keynotes, session tracks and the schedule for announcing the winners of the Security Management Excellence Awards; and information about how to interact with other participants and visit the Partner Pavilion.

7:15 AM — 7:45 AM
Company Update



The twelve months since Spotlight19 have been nothing if not eventful. Exabeam has changed along with the times. In this keynote presentation, Nir Polak, Exabeam CEO, will share how Exabeam has evolved, and his vision of where security management goes from here. Nir will look back on the company’s major milestones in 2020 and how Exabeam will continue to help organizations work smarter in the future.

7:45 AM — 8:30 AM
Exabeam Platform - What’s New



Join this session to hear from Adam Geller, Exabeam Chief Product Officer, and the product management team as they discuss the new innovations that Exabeam has brought to the SIEM market over the past year. The team will demonstrate the new features and products and how they help organizations realize our mission: to make every security practitioner more efficient.

8:30 AM — 9:00 AM
Customer Panel: Thriving in a Pandemic



The pandemic has forced organizations to work from home and led to a global recession. Join Exabeam Chief Strategist, Steve Moore, as he hosts a panel of security leaders who have not only been able to transition to a new way of working but who have been able to drive their business forward over the past year.

8:30 AM — 10:30 AM
Hands On Workshops



03 - Sneakoscope: Detect Credential Theft and Lateral Movement - In this two-part workshop, learn how to detect credential theft and lateral movement in Advanced Analytics by performing an investigation into suspicious user activity. Participants will also review some of the built-in models and rules that enable the detection of anomalous account manipulation.

04 - Dive the Lake: Tips and Tricks for Search and Visualizations - Take a dive into Data Lake and learn the basics of search with tips and tricks, and also learn how to build a meaningful visualization. This workshop is designed for analysts who want additional practice in Data Lake.

9:00 AM — 6:00 PM
Pavilion
10:00 AM — 10:30 AM

10:00 AM — 10:30 AM

10:30 AM — 11:00 AM

10:30 AM — 11:00 AM

11:00 AM — 12:00 PM
Activity Tents
12:00 PM — 12:30 PM

12:00 PM — 12:30 PM

12:30 PM — 1:00 PM

12:30 PM — 1:00 PM

3:00 PM — 5:00 PM
Activity Tents
4:00 PM — 6:00 PM
Hands On Workshops



03 - Sneakoscope: Detect Credential Theft and Lateral Movement - In this two-part workshop, learn how to detect credential theft and lateral movement in Advanced Analytics by performing an investigation into suspicious user activity. Participants will also review some of the built-in models and rules that enable the detection of anomalous account manipulation.

04 - Dive the Lake: Tips and Tricks for Search and Visualizations - Take a dive into Data Lake and learn the basics of search with tips and tricks, and also learn how to build a meaningful visualization. This workshop is designed for analysts who want additional practice in Data Lake.

4:00 PM — 9:00 PM
Pavilion
6:00 AM — 12:00 PM
Pavilion
7:00 AM — 8:00 AM
Exabeam Product Vision



Security teams are constantly looking to mature their posture by rolling out new use cases and technology to keep up with the changing threat landscape. Exabeam Chief Product Officer, Adam Geller, and his team return to the keynote stage to share their vision about how Exabeam will advance the field of security management going forward and provide a preview of Exabeam’s roadmap for 2021.

8:00 AM — 8:30 AM
Exabeam Customer Success, Enablement, and Community



With security teams now mostly working in dispersed locations, there has never been a more important time than the present to focus on the engagement between the technology provider and the users. In this keynote, Jeff Romano, Exabeam Chief Customer Success Officer, will discuss the evolution of the Exabeam Community and ongoing initiatives for enablement, training, adoption, and customer success to support engineers and architects as they deploy new security use cases and to help analysts work ever more efficiently.

8:30 AM — 10:30 AM
Hands On Workshops



05 - Rule Tunes: Boss Level - In this workshop, you will get advanced training on rule tuning. We will focus on flow of data, parsers, event building, and models with an emphasis on rule tuning. This workshop is intended for security professionals who have already been working in Advanced Analytics for 6 months or more.

06 - CM/IR - SOAR like an Eagle: Boost efficiency with workflows and playbooks - In this session, topics will focus on Incident Responder / Case Manager (IRCM) and participants will have a chance to create Playbooks while learning about the options for Incidents and Metrics. The session will cover introductory methods for creating playbooks and give an overview of the various capabilities of IR. In addition, methods for making effective use of CM will be walked through and participants will have an opportunity to experience workflows while also practicing in how to create views of metrics that are impactful to their organizations.

8:30 AM — 5:00 PM
Pavilion
9:00 AM — 9:30 AM

9:00 AM — 9:30 AM

9:30 AM — 10:00 AM

9:30 AM — 10:00 AM

10:00 AM — 11:00 AM
The New CISO Podcast with Steve Moore LIVE!

4:00 PM — 6:00 PM
Hands On Workshops



05 - Rule Tunes: Boss Level - In this workshop, you will get advanced training on rule tuning. We will focus on flow of data, parsers, event building, and models with an emphasis on rule tuning. This workshop is intended for security professionals who have already been working in Advanced Analytics for 6 months or more.

06 - CM/IR - SOAR like an Eagle: Boost efficiency with workflows and playbooks - In this session, topics will focus on Incident Responder / Case Manager (IRCM) and participants will have a chance to create Playbooks while learning about the options for Incidents and Metrics. The session will cover introductory methods for creating playbooks and give an overview of the various capabilities of IR. In addition, methods for making effective use of CM will be walked through and participants will have an opportunity to experience workflows while also practicing in how to create views of metrics that are impactful to their organizations.

4:00 PM — 9:00 PM
Pavilion
Monday, November 9th
Tuesday, November 10th
Wednesday, November 11th