Hi [[ session.user.profile.firstName ]]

Red Canary - Secure Your Endpoints

  • Date
  • Rating
  • Views
  • The Ransomware Epidemic: an End-to-End Look at the #1 Security Threat
    The Ransomware Epidemic: an End-to-End Look at the #1 Security Threat
    Michael Haag, Jamison Utter, Ben Johnson Recorded: Jan 11 2018 51 mins
    There’s no shortage of educational content on ransomware. This webinar takes an end-to-end look at the crime’s inner workings. Hear from a security researcher who built a ransomware operation from the ground up to gain a better understanding of its origins, how it works, and why we can expect exponentially more attacks. Then, get practical advice and prevention techniques from an expert in advanced threat detection and research. You’ll learn strategies for building a holistic IT security program and preventative methods your organization can implement today with near zero business impact.

    Moderated by: Ben Johnson, Security Executive, Carbon Black Co-Founder
    Ben Johnson is currently working on his next move in the cyber security space. Previously, Ben co-founded Carbon Black, a next-generation endpoint security company, where as CTO he helped drive technology vision, product effectiveness, and security evangelism while the company grew from 2 to 750 employees. Ben serves on the boards of several security start-ups and is routinely sought out for advice regarding security strategy, product strategy, or to help venture capitalists with due diligence.

    Presenter: Michael Haag, Director of Advanced Threat Detection and Research, Red Canary
    Michael has over a decade of experience across the security spectrum, from architecting security programs to overseeing day-to-day tuning and operations. His expertise includes advanced threat hunting, investigations, technology integrations, and hands-on development of tools, processes, and frameworks to drive efficient security operations.

    Presenter: Jamison Utter, Cyber Security Researcher
    A lifetime technologist and enthusiast, Jamison has 20 years of experience as an engineer, security consultant, and thought leader. Natural curiosity has taken Jamison beyond the technical hack into the workings of the criminal industry: how and why malware is written, how people make money at it, and what their motivations are.
  • Facing the Inevitable: Targeted Measures to Prevent and Mitigate Ransomware
    Facing the Inevitable: Targeted Measures to Prevent and Mitigate Ransomware
    Phil Hagen (Digital Forensic & Incident Response Strategist, Red Canary) & James Tarala (IS Specialist, Enclave Security) Recorded: Sep 28 2017 60 mins
    Ransomware is at the top of most organizations’ risk profiles. It’s difficult to prevent in a large environment and it’s an easy vector for attackers to leverage. And high returns ensure attackers will continue to pour more resources toward this “opportunity.”

    But hope is not lost. With a reasonable blend of controls, preventive measures, and a strong detection and response program, organizations can effectively mitigate the impacts of a ransomware outbreak.

    Join this informative discussion between two SANS Instructors to learn:

    • Targeted preventive measures to safeguard critical data
    • Incident investigation techniques to help limit the scope and impact of attacks
    • A commonsense approach for creating a defensible environment based on the 20 CIS Critical Security Controls

    About the Presenters:
    Phil Hagen is a long-time information security strategist, digital forensics practitioner, and SANS Certified Instructor. As DFIR Strategist at Red Canary, he educates organizations of all sizes about how to solve problems and improve their security posture.

    James Tarala is a well-respected consultant and regular speaker and senior instructor with the SANS Institute. His areas of expertise include architecting large enterprise IT security and infrastructure, leading the development of internal security audit programs, and consulting with organizations on operational practices and regulatory compliance issues.
  • Threat Hunting for Dridex Attacks Using Carbon Black Response
    Threat Hunting for Dridex Attacks Using Carbon Black Response
    Joe Moles, Director of Detection Operations, Red Canary Recorded: Jul 18 2017 60 mins
    The Dridex banking trojan evades signature-based detection.

    Do you know how to hunt for it in your environment?

    Watch this On-Demand webinar with Carbon Black to explore a Dridex attack and learn how to hunt for it using Carbon Black Response.


    - How Dridex malware can be exploited in an attack sequence
    - Techniques to detect Dridex and other common threats
    - Critical skills to help you become an effective threat hunter
  • What Is the Value of Your Security Program?
    What Is the Value of Your Security Program?
    Joe Moles, Director of Detection Operations Recorded: Jun 20 2017 50 mins
    Many security teams find it challenging to prove their value and effectiveness, especially in the absence of compromise or breach activity. Learn how top-performing security teams take advantage of their visibility across the environment to provide ongoing, deeply insightful measurements and reporting that support broader business decisions. Applying these techniques can exponentially increase the overall value of your security team to the entire organization.

    In this webinar, you will learn:
    - A framework with actionable ways to report the effectiveness of your security program and tools
    - How to translate technical data into business objectives
    - Methods for identifying performance issues and opportunities across your team, processes, and tools
    - A simple calculation to systematically prioritize your alerts
    - Guidelines for driving strategic decisions based on the measurement of security tools

    About the Presenter: Joe Moles, Director of Detection Operations

    An IR and digital forensics specialist, Joe Moles has more than a decade of experience running security operations and e-discovery. As Director of Detection Operations at Red Canary, he leads a team of security analysts to help organizations defend their endpoints against threats. Prior to joining Red Canary, Joe built and led security operations, incident response, and e-discovery programs for Fortune 500 companies like OfficeMax and Motorola. He is regarded as an industry thought leader and regularly contributes to the Red Canary blog.
  • Techniques for Detecting Post Exploitation with EDR
    Techniques for Detecting Post Exploitation with EDR
    Joe Moles - Lead Detection Operations, Red Canary & Rick McElroy - Security Strategist, Carbon Black Recorded: Feb 1 2017 73 mins
    Once an attacker gets inside your network, do you have the tools in place to detect them?

    The latest post-exploit kits provide hackers with everything they need to slip into a network and freely move around. Many of these attacks do not contain signatures and rely on behaviors capable of evading even advanced security tooling.

    Endpoint detection and response (EDR) is designed to find attackers after they have bypassed all of your other tooling.

    Watch and learn:
    -Ways to detect common and advanced post exploitation behaviors
    -Real-world examples of actual endpoint telemetry and process executions
    -How EDR detects this type of behavior and why other tools miss it
  • Break Through the Noise: How to Take Control of Your Response Operations
    Break Through the Noise: How to Take Control of Your Response Operations
    Michael Haag, Joe Moles, Tim Collyer, Bob Argenbright, Keith McCammon Recorded: Nov 30 2016 61 mins
    Every day you’re receiving alerts from your security tools. How are you prioritizing and assigning which event to investigate first? Do you have a process to tune your detection? What metrics are you using to track your team’s effectiveness?

    These are the questions that great IR programs answer. Regardless of the size of your team or organization, putting a system in place to surface what matters most, assign responsibility for analysis, and tune detection to save your team time without sacrificing accuracy is essential.

    Join experts who have led response operations at OfficeMax, Motorola, and Heroku and learn:

    -How to prioritize alerts across your tool set
    -A system to continuously tune and improve alert quality
    -Key metrics to track to measure your response efforts
  • Outsourcing Endpoint Detection and Response (EDR)
    Outsourcing Endpoint Detection and Response (EDR)
    Chris Rothe - CTO, Red Canary & Rick McElroy - Security Strategist, Carbon Black Recorded: Aug 10 2016 53 mins
    EDR promises to combine visibility, threat detection, and response across all of an organization’s endpoints. However, security teams often don’t realize that developing a true EDR capability can be challenging.

    As an organization, you have three ways to implement EDR in your security program: build it yourself, use managed detection and response (MDR), or use a managed security services provider (MSSP).

    Watch this on-demand webinar to hear from EDR experts and learn:

    -What’s involved in building an EDR capability internally
    -Factors to consider before outsourcing
    -Differences between MDR and MSSP
  • PowerShell Abuse: Good Tool Gone Bad
    PowerShell Abuse: Good Tool Gone Bad
    Keith McCammon - CSO, Red Canary & Jonathan Ross - Senior Engineer, Carbon Black Recorded: Feb 19 2016 56 mins
    In the past 12 months security professionals have seen a rapid increase in attacks leveraging native Windows utilities. According to the latest McAfee Labs Threat Report, approximately 25,000 such samples were detected per quarter in 2015. Of these utilities, PowerShell has provided actors with a full-featured scripting environment and interactive shell from which they can gain execution, persist, often avoiding detection.

    When you watch this presentation, you'll learn:

    -Why traditional security tools are severely outmatched against PowerShell-based threats
    -Multiple threats that Red Canary has detected, and the commonalities observed
    -Criteria to aid in your search for suspicious PowerShell activity

Embed in website or blog