Hi [[ session.user.profile.firstName ]]


  • Date
  • Rating
  • Views
  • Observations from the Front Lines of Threat Hunting
    Observations from the Front Lines of Threat Hunting
    Harlan Carvey: Senior Researcher - CrowdStrike, John Wunder: Principal Cybersecurity Engineer - MITRE Recorded: Nov 13 2018 48 mins
    The CrowdStrike® Falcon OverWatch™ threat hunting team has a unique vantage point on today’s threat landscape. The team’s new report, “Observations from the Front Lines of Threat Hunting,” provides this perspective with an in-depth discussion of today’s most sophisticated cyberattacks, compiled by expert hunters working at the forefront of cyber defense.

    This webcast examines the sophisticated, state-sponsored and targeted eCrime attacks covered in the report and analyzes them using the MITRE ATT&CK™ framework. Using the MITRE framework is important because understanding emerging attacker trends is only the beginning — knowing what actions to take is the critical next step. The MITRE ATT&CK framework gives the industry a powerful common language to describe attacks, and more importantly, to identify today’s most crucial countermeasures.

    In this webcast, MITRE’s John Wunder and CrowdStrike expert threat hunter Harlan Carvey will discuss some of the cases described in the OverWatch Mid-year Report, exploring the attacker trends observed in the wild and providing practical advice you can use to improve your security posture today.

    Join this webcast to learn:

    - What the MITRE ATT&CK framework is and how it helps defenders understand and respond to new threats
    - The prevalent tactics and techniques used by adversaries in 2018 and the trends you can expect to continue
    - How to improve your organization's defenses by analyzing the steps successful enterprises take to ensure their security
  • The Menace of Business Email Compromise
    The Menace of Business Email Compromise
    Bryan York: Director, Professional Services - CrowdStrike, David Hampton: Manager, Professional Services - CrowdStrike Recorded: Sep 25 2018 58 mins
    Business Email Compromises (BECs) are a growing problem across a multitude of industries. Threat actors, such as Nigerian Confraternities, are the spearhead of this new genre of cyber fraud, triggering losses that run into the billions of dollars. While ransomware popularity peaked in 2017, many are calling 2018 the year of the BEC attack.

    In this webcast, CrowdStrike experts will detail how to identify and defend against the threat posed by BECs. The topics discussed will include CrowdStrike’s new tool that fills a gap in identifying key indicators of a BEC attack during investigations. Experts will also discuss how to identify a BEC in the context of a broader compromise assessment focused on addressing current and past attackers.

    In this session you will learn:

    - How BEC works and the nature of the threat that it poses to your organization
    - Examples from real-life BEC attacks and responses
    - Insight into Office 365 BEC investigative methodologies and data sources
    - Access to a new tool CrowdStrike is releasing to enable more comprehensive investigations
    - The role compromise assessments, including proactively reviewing email systems, can play in your security hygiene and how it can help protect against BEC
  • A Day in the Life of a SOC Analyst
    A Day in the Life of a SOC Analyst
    Adam Meyers: VP Intelligence - CrowdStrike, Kurt Baker: Senior Director of Product Marketing for Intelligence - CrowdStrike Recorded: Aug 30 2018 50 mins
    Today’s security Operation Center (SOC) teams are challenged by the volume and growing sophistication of cyber threats. The typical SOC receives tens of thousands of alerts each week, yet, due to a lack of time and resources, only a small percentage will ever be investigated.

    This webcast, "A Day in the Life of a SOC Analyst," looks at typical SOC activities, including the pitfalls and failures, and offers a new approach to alert investigation and response. Join CrowdStrike VP of Intelligence Adam Meyers to gain an understanding of how integrating and automating threat intelligence with endpoint protection can accelerate incident research, streamline the investigative process and drive better security responses.

    Attend this webcast to hear CrowdStrike experts discuss:

    - How you can cut your incident investigation time from 8 hours to 10 minutes
    - How SOC teams can focus on the most relevant threats — the ones that reach your endpoints
    - How you can automatically investigate all incidents, learn from attacks, and accelerate your decision-making and response
    - Why understanding custom indicators of compromise (IOCs) is critical and how they can help you defend against future attacks
    - How to get ahead of adversaries by understanding their motivations and tradecraft, enabling you to predict and anticipate their next move
  • The 1/10/60 Minute Challenge: A Framework for Stopping Breaches Faster
    The 1/10/60 Minute Challenge: A Framework for Stopping Breaches Faster
    Scott Taschler: Director of Products - CrowdStrike, Rachel Scobey: Technical Product Manager - CrowdStrike Recorded: Jul 24 2018 54 mins
    Breakout time, the time that it takes an intruder to jump from the machine that’s initially compromised and move laterally through your network, on average is 1h and 58m*. This is your critical window to take action and stop the breach. When an attack is in progress, we’re seeing world leading security teams take one minute to detect it, 10 minutes to understand it and one hour to contain it. Is your organisation ready to meet the 1/10/60 minute challenge?

    Attend this webcast to learn:

    -What breakout time is and what it means for defenders that are responding to attacks in real time
    -How the incident response process unfolds and the barriers that keep organisations from mounting a rapid and efficient response
    -The key steps you can take to improve your organisation’s ability to rapidly detect, investigate and remediate threats

    * The 2018 CrowdStrike® Global Threat Report
  • Going Far Beyond Antivirus
    Going Far Beyond Antivirus
    Dr. Sven Krasser: VP, Chief Scientist - CrowdStrike, Dan Larson: VP, Product Marketing - CrowdStrike Recorded: Jun 21 2018 63 mins
    An examination of three "must-have" capabilities for effective endpoint protection.

    Analysts have been redefining endpoint protection platforms (EPP) in light of the increasingly sophisticated threat actors targeting today's organizations. A recent report from the Enterprise Strategy Group (ESG), which found that 76 percent of organizations have either changed their AV vendor recently or are planning to do so soon, proves that organizations are aligned with this thinking. However, analysts also warn that organizations shouldn't just switch from vendor A to vendor B — they recommend moving beyond signature-based AV solutions to next-gen EPP that is truly capable of offering you better protection and performance.

    This webcast focuses on the three critical features you should look for in next-gen EPP and gives you an understanding of the cutting-edge technology that can take you "far beyond AV." Join a panel of CrowdStrike experts including VP and Chief Scientist Sven Krasser, VP of Product Marketing Dan Larson, Senior Engineering Manager Kirby Koster and Senior Director of OverWatch and Security Response Jennifer Ayers, as they take a deep dive into the must-haves that characterize true next-gen EPP.

    Join this webcast to learn:

    - The new definition of endpoint protection and the characteristics that separate the old from the new
    - The role of AI and ML in EPP and the factors that make these technologies most effective
    - How event stream processing powers behavioral analytics and why it’s crucial for EPP
    - Proactive threat hunting and its role in EPP
  • Security at the speed of DevOps
    Security at the speed of DevOps
    Scott Ward: Solutions Architect - Amazon Web Services (AWS), Alexi Papaleonardos: Principal Consultant - CrowdStrike Recorded: May 22 2018 60 mins
    Organizations are rapidly adopting DevOps as they retool their IT infrastructure. The speed and agility it delivers enables them to better serve their customers and compete more effectively in the marketplace. Far too often security is seen as an inhibitor — getting in the way of rapid delivery of new applications and the ability to scale infrastructure to meet business opportunity.

    In this session, experts from Amazon Web Services (AWS) and CrowdStrike will outline how to quickly deploy and scale while retaining control and preserving compliance when using the cloud. You’ll learn how you can adopt a DevOps model without sacrificing security by using automated compliance policies, fine-grained controls, and configuration management techniques.

    This webcast will cover these key topics and takeaways:

    - A review and discussion of the shared responsibility model to help you understand the tenets of security that’s “of” the cloud versus security “in” the cloud
    - Best practices in securing your cloud presence
    - Practical steps for how you should assess your infrastructure, management and compliance
  • Understanding Fileless Attacks and How to Stop Them
    Understanding Fileless Attacks and How to Stop Them
    Zeki Turedi, Senior Systems Engineer, CrowdStrike Recorded: Oct 12 2017 34 mins
    Standard security solutions have continued to improve in their ability to detect and block malware and cyberattacks. This has forced cybercriminals to employ stealthier methods of evading legacy security to achieve success, including launching fileless attacks, where no executable file is written to disk.
    Join CrowdStrike security experts for a webcast, "Understanding Fileless Attacks and How to Stop Them," where you'll learn why so many of today's adversaries are abandoning yesterday's malware and relying on an evolving array of fileless exploits. You'll learn how fileless attacks are conceived and executed and why they are successfully evading the standard security measures employed by most organizations. You'll also receive guidance on the best practices for defending your organization against these stealthy, damaging attacks.

    Join this webcast to learn:
    -How a fileless attack is executed — see how an end-to-end attack unfolds -Why fileless attacks are having so much success evading legacy security solutions
    -How you can protect your organization from being victimized by a fileless attack, including the security technologies and policies that are most effective
  • Hand to Hand Combat with an Advanced Attacker
    Hand to Hand Combat with an Advanced Attacker
    Zeki Tured, Senior Systems Engineer, CrowdStrike Recorded: Jun 14 2017 59 mins
    Learn new attack techniques that have been uncovered by CrowdStrike’s threat hunting and incident response teams including: initial attack vectors, persistence, lateral movement and data exfiltration techniques. See new techniques for dealing with malware, ransomware, spearphishing, exploits and malware-free intrusions. Leave knowing how to identify and stop advanced threat activity in your environment.

    Learning Outcomes:

    - How nation-state threats are crafted and how their Tactics, Techniques, and Procedures (TTPs) help identify them from more routine advanced attacks
    - Who are the most notable adversaries in 2017 and the key European security themes based on the latest intelligence compiled across CrowdStrike’s global intelligence gathering operation
    - What are the indicators of attack and how you can apply them to defeat the adversary?
  • Is Ransomware Morphing Beyond the Ability of Standard Approaches to Stop It?
    Is Ransomware Morphing Beyond the Ability of Standard Approaches to Stop It?
    Dan Brown, Detection Architect at Crowdstrike Recorded: May 2 2017 60 mins
    Ransomware continues to evolve as perpetrators develop new exploits with consequences that can be dramatic and immediate. New super strains go beyond holding files hostage. In Austria, ransomware was used to take over a hotel’s keycard system so guests were locked out of their rooms. Researchers have developed strains that can alter programmable logic controller (PLC) parameters with the potential to throw major mechanical systems into chaos. New defense approaches are needed because organizations can no longer rely on backups and conventional security solutions to protect them. Join CrowdStrike Senior Security Architect Dan Brown as he explains why conventional security isn’t working, and reveals recent innovations – including new Indicator of Attack (IOA) behavioral analysis methodologies – to successfully detect and prevent even the most complex “file-less” ransomware exploits.
    Attend this CrowdCast where Dan will discuss:

    ● The challenges of defending against dangerous new variants, such as Russian roulette-style ransomware that encrypts data in stages, or the use of “known good” programs such as the WinRar data compression tool to implement ransomware

    ● Real-world examples of ransomware in action and how different approaches fare against each type of exploit

    ● How the CrowdStrike Falcon cloud-delivered platform can defend your organization against new super strains of ransomware that use sophisticated malware-free tactics

    Dan Brown
    Crowdstrike, Detection Architect
    Dan is a 15-year veteran of the cybersecurity industry with a career that spans contributions to DARPA, NASA, and other government agencies, as well as several successful private-sector startups. At CrowdStrike, Dan engages in research to support ever evolving detection and prevention technology.
  • Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
    Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
    Christopher Witter, Senior Manager, Falcon OverWatch at CrowdStrike Recorded: May 2 2017 47 mins
    Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.

    A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.

    Register for this webcast to learn:

    • How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security

    • Why an approach that includes  proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats  
    • How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches

    About the Speaker
    Christopher Witter
    Senior Manager Falcon OverWatch, CrowdStrike

    Christopher Witter leads CrowdStrike’s Managed Hunting Service, OverWatch. He has over 15 years in incident response and information security and he’s previously held senior roles on Computer Security and Incident Response Teams (CSIRT) at both a top five global bank and a top ten defense contractor.

Embed in website or blog