Agenda

Welcome to Hunt Club — where defenders unite. We’ll kick off by setting the stage for two days focused on shared challenges, real-world lessons, and practical ways to strengthen resilience together. This is your community. Your peers. Your time to learn, connect, and move forward — together, smarter, faster.

Modern enterprises don’t operate inside a perimeter — they operate across one interconnected network spanning data center, cloud, identity, SaaS, IoT/OT, and AI infrastructure. In this session, Snehal Patel will break down how the Vectra AI Platform redefines modern network protection for this new reality. He’ll share how unified observability, AI-driven signal, and accelerated investigations work together to reduce exposure, stop attacks earlier, and eliminate defender latency. You’ll learn how Vectra AI helps defenders defend at AI speed.

Tallink is the largest passenger and cargo shipping company in the Baltic Sea region, owning the Silja Line and a part of SeaRail. Join CISO, Kalev Noor, as he walks through his most recent red teaming exercise and his learning, cruise ship to cruise ship. This is an exciting session you won't want to miss! 

Modern attackers don’t wait — and neither should defenders. In this session, Mickey De Baets, Vectra AI Offensive Security Manager, will show how offensive security practices sharpen proactive defense. Learn how red teaming, adversary simulation, and attack path testing expose real-world weaknesses before attackers do. Mickey will break down how thinking like an adversary helps SOC teams validate controls, uncover blind spots, and reduce breakout time. Walk away with practical ways to bring an offensive mindset into daily operations — so you’re not just reacting to modern attacks, but staying one step ahead of them.

The SOC is evolving. In this customer-led discussion, security leaders and practitioners explore what it takes to transform a traditional SOC into an AI-driven Resilience Operations Center (ROC). The panel will discuss how AI-powered signal, automation, and unified visibility shift teams from reactive alert handling to proactive risk management. You’ll hear how this evolution improves analyst focus, accelerates decision-making, and strengthens organizational resilience. Learn what changes in mindset, metrics, and operations are required — and the measurable impact this shift can have across the business.

Cloud isn’t static. It’s elastic, ephemeral, and constantly changing. Traditional hardware-based or packet-heavy models can’t keep up. In this session, we’ll explain why modern cloud network observability must be software-defined, frictionless to deploy, cost-effective to scale, and flow-based by design. You’ll learn how flow telemetry delivers the breadth required across multi-cloud environments without operational drag, and why scalable observability is the foundation for detecting modern attacks without breaking budgets or slowing innovation.

Modern cloud attacks don’t stay in one place. They move across workloads, identities, and regions in minutes. In this session, we’ll break down why effective cloud network threat detection requires both flow data for broad, scalable visibility and packet context for deep investigation. Learn how flow telemetry exposes attack patterns, while packet analysis confirms intent to accelerate response. We’ll walk through real attack scenarios to show how combining breadth and depth helps security teams detect lateral movement, reduce false positives, and investigate cloud threats with confidence.

You can’t protect what you can’t see. In modern enterprises, identities, devices, workloads, and AI agents are constantly connecting and changing across data center, cloud, SaaS, and IoT/OT environments. In this session, we’ll show how Vectra AI delivers unified observability so security teams always know who and what is operating on the network. Learn how agentless network visibility, identity discovery, and AI-driven context provide a continuously updated view of devices, human and non-human identities, and shadow assets — giving the SOC the foundation required to reduce exposure and detect threats early.

Join peers for an open roundtable on how deeper network visibility changes day-to-day work in the SOC. Share real experiences, challenges, and lessons learned on using network observability to reduce guesswork, move faster, and make more confident decisions. No rules. Just defenders talking candidly about real-world network observability challenges and opportunities.

This isn’t about catching an active attack. It’s about finding what could be exploited next. In this hands-on challenge, you’ll uncover risky identities, exposed services, shadow assets, and misconfigurations hiding in plain sight. The goal? Reduce exposure before attackers ever get the chance. Think you can spot the weak link first? Let’s find out.

AI-powered attacks move fast across hyper-connected environments. Resilience now depends on Zero Trust access and continuous network visibility working together. In this joint session, Vectra AI and Zscaler will show how SSE and NDR combine to validate identity, inspect traffic everywhere, and surface real risk in real time across data center, edge, multi-cloud, SaaS, IoT/OT, and remote users. Through practical NOC and SOC use cases, we’ll demonstrate how secure access and behavioral signal align teams around a shared source of truth—so organizations can reduce exposure, detect threats earlier, and act with confidence.

Day one showed what’s possible when defenders unite. Great insights, real conversations, practical takeaways. Now let’s continue the connection — join us for an evening event to unwind and keep the conversation going.

Day three is all about detecting threats faster, investigating with confidence, responding decisively, and strengthening network security posture.

Modern attackers move across the network faster than ever, blending into normal traffic and compressing breakout time. In this session, we’ll showcase the latest AI-driven network detections delivered in the Vectra AI platform — built to expose lateral movement, command-and-control, reconnaissance, and data exfiltration in real time. You’ll see how these detections surface high-confidence signal from network behavior, reduce noise, and prioritize what truly matters. We’ll also preview what’s coming next as we continue evolving network detections to keep pace with adversaries operating at machine speed.

Raw alerts don’t explain intent — context does. In this session, Vectra AI technologists will show how enriched AI-driven detection metadata provides the clarity defenders need to understand attacker behavior. Learn how network-derived metadata reveals patterns of reconnaissance, lateral movement, and command-and-control that single events can’t explain alone. We’ll break down how contextual attributes — timing, sequence, privilege, and communication patterns — transform isolated detections into a coherent attack narrative. Walk away understanding why metadata isn’t just supplemental detail — it’s the foundation for interpreting attacker intent and making confident, faster decisions in the SOC.

Join fellow practitioners for a candid roundtable on what AI attack readiness really means. Share experiences, compare approaches, and discuss how preparing for AI-accelerated threats sharpens detection, improves response, and strengthens day-to-day decision-making in the SOC. No vendors. Just defenders learning from defenders.

When attackers move at machine speed, investigations can’t rely on manual queries and guesswork. In this session, we’ll show how the Vectra AI Assistant helps analysts investigate, hunt, and pivot faster using natural language and AI-guided workflows. See how simple questions turn into context-rich answers, recommended next steps, and faster decisions. From rapid triage to proactive hunts, learn how AI removes friction from daily SOC tasks — helping teams reduce investigation time, uncover hidden risk, and stay focused on what matters most.

Think you can out-prompt your peers? In this hands-on challenge, you’ll use the Vectra AI Assistant to investigate a live scenario and race to resolution. Fastest team to surface the right answers wins. Clear prompts. Smart pivots. No guesswork. Let’s go.

IEM is the leading provider of custom power distribution systems for the past 75 years. Join Director of Security, Tim Zolan, as he walks through zero-risk red teaming via Digital Twins. This is a unique session that impacts the way you can directly test your OT environments. You don't want to miss it! 

Strong network posture isn’t just about reducing exposure — it’s about stopping attacks before they spread. In this session, we’ll show how Vectra AI’s 360° response approach connects detection, prioritization, and action across the modern network. Learn how automated enforcement, integrated workflows, and coordinated response help contain threats quickly, minimize breakout time, and reduce operational risk. You’ll see how faster, more confident response strengthens overall security posture — turning visibility and signal into decisive action when it matters most.

If leadership asks “are we safer than last quarter?”, most teams struggle to provide a clear answer. This session breaks down how modern security operations can move beyond isolated metrics to continuously validate real security posture. Vectra AI security analysts will show how exposure management, detection, and response form a closed-loop system-one that not only improves security posture but reduces risk and proves it. Learn how to measure what matters, eliminate exploitable attack paths, and demonstrate tangible security improvement over time.

AI without structure is just a chatbot. In this session, we’ll show how Model Context Protocol (MCP) turns AI into a governed investigation engine inside the SOC. Learn how to securely connect SIEM, EDR, identity, threat intel, and ticketing systems into controlled, auditable workflows. We’ll cover guardrails, least-privilege tool access, and human-in-the-loop controls to avoid black-box automation. Walk away knowing how to use MCP to automate enrichment, accelerate investigations, reduce MTTR, and deploy AI you can trust—without overexposing data or sacrificing control.

Ready to run the playbook? In this hands-on challenge, you’ll use MCP-powered workflows to automate investigations, enrich findings, and coordinate response in real time. The mission: move from signal to action faster than your peers. Precision wins. Let’s put MCP to work.

We’ll close with an exclusive Hunt Club reveal and a look at what’s next for our defender community. Join us as we invite you to stay connected, keep learning, and continue building resilience together. This isn’t the end — it’s where defenders unite and move forward.