Welcome to Hunt Club — where defenders unite. We’ll kick off by setting the stage for two days focused on shared challenges, real-world lessons, and practical ways to strengthen resilience together. This is your community. Your peers. Your time to learn, connect, and move forward — together, smarter, faster.

Modern enterprises don’t operate inside a perimeter — they operate across one interconnected network spanning data center, cloud, identity, SaaS, IoT/OT, and AI infrastructure. In this session, Oliver Tavakoli and Snehal Patel will break down how the Vectra AI Platform redefines modern network protection for this new reality. They'll share how unified observability, AI-driven signal, and accelerated investigations work together to reduce exposure, stop attacks earlier, and eliminate defender latency. You’ll learn how Vectra AI helps defenders defend at AI speed.

AI isn’t inventing new attack categories — it’s making existing ones faster, cheaper, and harder to detect. In this session, we’ll break down how threat actors are using AI to scale phishing, generate malware variants, automate reconnaissance, and evade controls. Then we’ll flip the script. Learn how defenders can use AI to simulate attack chains, expose detection gaps, and stress-test controls through faster red and purple team iteration. Walk away with a clear view of what’s actually changing — and how to defend at the speed attackers now operate.

Tallink is the largest passenger and cargo shipping company in the Baltic Sea region, owning the Silja Line and a part of SeaRail. Join CISO, Kalev Noor, as he walks through his most recent red teaming exercise and his learning, cruise ship to cruise ship. This is an exciting session you won't want to miss! 

Modern attackers don’t wait — and neither should defenders. In this session, Mickey De Baets, Vectra AI Offensive Security Manager, will show how offensive security practices sharpen proactive defense. Learn how red teaming, adversary simulation, and attack path testing expose real-world weaknesses before attackers do. Mickey will break down how thinking like an adversary helps SOC teams validate controls, uncover blind spots, and reduce breakout time. Walk away with practical ways to bring an offensive mindset into daily operations — so you’re not just reacting to modern attacks, but staying one step ahead of them.

The SOC is evolving. In this customer-led discussion, security leaders and practitioners explore what it takes to transform a traditional SOC into an AI-driven Resilience Operations Center (ROC). The panel will discuss how AI-powered signal, automation, and unified visibility shift teams from reactive alert handling to proactive risk management. You’ll hear how this evolution improves analyst focus, accelerates decision-making, and strengthens organizational resilience. Learn what changes in mindset, metrics, and operations are required — and the measurable impact this shift can have across the business.

As cloud environments and AI continue to evolve and converge, so does the nature of risk. In this keynote, AWS shares insights from its global research on how modern cloud infrastructure is becoming more dynamic, interconnected, and difficult to fully understand at any given moment. From identity sprawl and misconfigurations to ephemeral workloads and unseen east-west traffic, risk is constantly shifting as environments scale and change. This session will break down the most critical cloud risk patterns organizations are facing today — setting the foundation for why observability, threat detection, and continuous exposure management are essential in the modern AI era.

Cloud isn’t static. It’s elastic, ephemeral, and constantly changing. Traditional hardware-based or packet-heavy models can’t keep up. In this session, we’ll explain why modern cloud network observability must be software-defined, frictionless to deploy, cost-effective to scale, and flow-based by design. You’ll learn how flow telemetry delivers the breadth required across multi-cloud environments without operational drag, and why scalable observability is the foundation for detecting modern attacks without breaking budgets or slowing innovation.

Modern cloud attacks don’t stay in one domain—they move across identities, control plane, and the data plane in minutes. Increasingly, attackers exploit non-human identities like service accounts and workload identities to gain access and pivot across environments. In this session, we’ll explore why effective cloud threat detection requires correlating signals across identity providers, the cloud control plane, and the network plane. We'll explore how identity activity exposes compromised credentials and privilege escalation, while flow data reveals lateral movement and network attack patterns. We’ll also touch on emerging trends like agentic identities, evolving identity models, and what they mean for security teams defending dynamic, multi-cloud environments.

You can’t protect what you can’t see. In modern enterprises, identities, devices, workloads, and AI agents are constantly connecting and changing across data center, cloud, SaaS, and IoT/OT environments. In this session, we’ll show how Vectra AI delivers unified observability so security teams always know who and what is operating on the network. Learn how agentless network visibility, identity discovery, and AI-driven context provide a continuously updated view of devices, human and non-human identities, and shadow assets — giving the SOC the foundation required to reduce exposure and detect threats early.

Join peers for an open roundtable on how deeper network visibility changes day-to-day work in the SOC. Share real experiences, challenges, and lessons learned on using network observability to reduce guesswork, move faster, and make more confident decisions. No rules. Just defenders talking candidly about real-world network observability challenges and opportunities.

This isn’t about catching an active attack. It’s about finding what could be exploited next. In this hands-on challenge, you’ll uncover risky identities, exposed services, shadow assets, and misconfigurations hiding in plain sight. The goal? Reduce exposure before attackers ever get the chance. Think you can spot the weak link first? Let’s find out.

AI-powered attacks move fast across hyper-connected environments. Resilience now depends on Zero Trust access and continuous network visibility working together. In this joint session, Vectra AI and Zscaler will show how SSE and NDR combine to validate identity, inspect traffic everywhere, and surface real risk in real time across data center, edge, multi-cloud, SaaS, IoT/OT, and remote users. Through practical NOC and SOC use cases, we’ll demonstrate how secure access and behavioral signal align teams around a shared source of truth—so organizations can reduce exposure, detect threats earlier, and act with confidence.

Day one showed what’s possible when defenders unite. Great insights, real conversations, practical takeaways. Now let’s continue the connection — join us for an evening event to unwind and keep the conversation going.

Day three is all about detecting threats faster, investigating with confidence, responding decisively, and strengthening network security posture.

We heard your feedback and we listened. Introducing our Vectra AI Success Hub and all the resources that come with it. Built with you and your success in mind, we’re excited to walk you through new and improved trainings, programs and enablement resources.

Modern attackers move across the network faster than ever, blending into normal traffic and compressing breakout time. In this session, we’ll showcase the latest AI-driven network detections delivered in the Vectra AI platform — built to expose lateral movement, command-and-control, reconnaissance, and data exfiltration in real time. You’ll see how these detections surface high-confidence signal from network behavior, reduce noise, and prioritize what truly matters. We’ll also preview what’s coming next as we continue evolving network detections to keep pace with adversaries operating at machine speed.

Raw alerts don’t explain intent — context does. In this session, Vectra AI technologists will show how enriched AI-driven detection metadata provides the clarity defenders need to understand attacker behavior. Learn how network-derived metadata reveals patterns of reconnaissance, lateral movement, and command-and-control that single events can’t explain alone. We’ll break down how contextual attributes — timing, sequence, privilege, and communication patterns — transform isolated detections into a coherent attack narrative. Walk away understanding why metadata isn’t just supplemental detail — it’s the foundation for interpreting attacker intent and making confident, faster decisions in the SOC.

Scaling security in large organizations requires more than just adding new tools; it demands consistent visibility, clear ownership, and alignment across diverse business units. Vectra Network Detection and Response (NDR) serves as a shared foundation enabling unified prioritization and investigation beyond a centralized Security Operations Center (SOC).

Attackers are moving faster than ever and today’s SOC needs to move just as fast. But what does “AI in the SOC” actually mean? MCP, A2A, Human in the loop, on the loop, loop the loop? With so much noise around AI, it can feel like a rollercoaster. In this session, we'll show how Vectra’s AI Assistant helps analysts get answers to critical questions immediately, whether investigating an alert or launching a proactive hunt. By combining AI-driven context with human expertise, teams can validate risk, reduce investigation time, threat hunt easily, close compliance gaps and move from reactive response to proactive monitoring. Staying ahead of attackers means acting before the horse has bolted, not after.

Think you’re the best AI-powered Analyst at Hunt Club? Curious what an AI-augmented SOC really looks like.

‍

In this hands-on challenge, you’ll step into the role of an analyst and use the Vectra AI Assistant to investigate a live scenario. Ask questions, explore the environment, and build your understanding as you go, just like in a real SOC. This is about combining human intuition with AI-driven insight to move faster, uncover what matters, and make the right call. First to the right answer wins. Bring your Laptop.

IEM is the leading provider of custom power distribution systems for the past 75 years. Join Director of Security, Tim Zolan, as he walks through zero-risk red teaming via Digital Twins. This is a unique session that impacts the way you can directly test your OT environments. You don't want to miss it! 

If leadership asks “are we safer than last quarter?”, most teams struggle to provide a clear answer. This session breaks down how modern security operations can move beyond isolated metrics to continuously validate real security posture. Vectra AI security analysts will show how exposure management, detection, and response form a closed-loop system-one that not only improves security posture but reduces risk and proves it. Learn how to measure what matters, eliminate exploitable attack paths, and demonstrate tangible security improvement over time.

We’ll close with an exclusive Hunt Club reveal and a look at what’s next for our defender community. Join us as we invite you to stay connected, keep learning, and continue building resilience together. This isn’t the end — it’s where defenders unite and move forward.