Living in a State of Cyber Insecurity - Advanced Targeted Attacks

Aaron Sheridan, Sr. Systems Security Engineer
With the APT attacks in 2011, we have seen cyber criminals penetrate networks seemingly at will. This has been possible because of zero-day, targeted APT attacks utilizing sophisticated malware that infiltrates over multiple stages and multiple vectors like Web and Email.

In this webcast Aaron will discuss the cycle of cyber insecurity and provide key criteria as security professionals investigate next-generation threat protection, including:

1. Real-time defenses beyond signatures
2. Dynamic analysis of all phases of the attack lifecycle
3. Inbound and outbound filtering across protocols
4. Accurate, low false positive rates
5. Global intelligence to protect the local network
Mar 14 2012
33 mins
Living in a State of Cyber Insecurity - Advanced Targeted Attacks
  • Channel
  • Channel profile
  • Enhancing a Security Posture with Network Forensics Mar 12 2015 5:00 pm UTC 45 mins
    Well-maintained perimeter defenses are a key part of any security strategy. Organizations increasingly recognize that they must also complement their perimeter defenses with strong forensics capabilities to investigate and analyze attacks. When attacked, an enterprise needs to be able to rapidly investigate and determine the scope and impact of the incident so they can effectively contain the threat and secure their network.
    In interactive this session, you will learn about:
    • The key use cases for network forensics
    • The typical organization that acquires network forensics technologies
    • How FireEye Enterprise Forensics enables the proper response to today’s cyber attacks
  • Protecting Government Assets in an Era of Cyber Warfare Mar 5 2015 4:00 pm UTC 60 mins
    FireEye recently released a new report that documents how and why governments around the world are turning to the cyber domain as a cost-effective way to spy on other countries, steal technology, and even wage war.

    Whether it’s sensitive military, diplomatic, or economic information, governments depend on the integrity of their data. If that data falls into the wrong hands, the consequences could be severe.

    In the wake of two apparent state- and government-sponsored attacks, APT1 and APT28, government agencies must understand why they are in attackers’ crosshairs, what attackers might be seeking, and how they can protect themselves.

    Join us for a dynamic discussion with subject matter experts where you will learn:

    •What makes your government-related organization an appealing target – whether you’re a political opponent, business, agency or vendor
    •Why it’s important to determine who could be planning an attack, their motives, and how they might carry out their goals
    •How to assess your level of preparedness and how to protect yourself if you are not ready for this new era of cyber warfare
  • Behind the Syrian Conflict's Digital Front Lines Recorded: Feb 19 2015 59 mins
    FireEye recently released a new report “Behind the Syrian Conflict’s Digital Frontlines” that documents a well-executed hacking operation that successfully breached the Syrian opposition.

    Between at least November 2013 and January 2014, the hackers stole a cache of critical documents and Skype conversations revealing the Syrian opposition’s strategy, tactical battle plans, supply needs, and troves of personal information and chat sessions. This data belonged to the men fighting against Syrian President Bashar al-Assad’s forces as well as media activists, humanitarian aid workers, and others within the opposition located in Syria, the region and beyond.

    We have only limited indications about the origins of this threat activity. Our research revealed multiple references to Lebanon both in the course of examining the malware and in the avatar’s social media use. While we do not know who conducted this hacking operation, if this data was acquired by Assad’s forces or their allies it could confer a distinct battlefield advantage.

    Join us for a roundtable discussion with subject matter experts where we’ll talk about the details of the report and explore surrounding topics, to include:

    • An overview of the conflict in Syria and why cyber-espionage is an increasingly important factor
    • An in-depth analysis of a critical breach of the Syrian opposition including an overview of the tools and techniques used by the threat actors

    All webinar attendees will receive a free copy of the new Syrian report. Register today!
  • Top Predictions for Security in 2015 Recorded: Dec 12 2014 40 mins
    From Cryptolocker to the Apple iOS vulnerability, there have been numerous high-profile breaches in 2014. With the ever-changing threat landscape and advanced cyber attacks showing no sign of slowing down, organizations need to be prepared as we head into 2015.

    Join our live webinar where Bryce Boland, CTO for Asia Pacific at FireEye, will share top, global security predictions and challenges for 2015. In this webinar:
    •Find out the top 10 security predictions for 2015 and how they impacts organizations
    •Discover the data that drove these predictions
    •Learn about key strategies to take a proactive stance against advanced attacks
  • Hacking the Street? FIN4 Likely Playing the Market Recorded: Dec 5 2014 58 mins
    This week FireEye released a new report called Hacking the Street? FIN4 Likely Playing the Market. This report focuses on a targeted threat group that we call FIN4 (Financially Motivated Group 4), whose tactics are surprisingly low-tech yet insidiously effective at obtaining access to confidential discussions at the highest levels of targeted companies. Our research suggests that FIN4 is likely targeting these companies in order to obtain advance knowledge of “market catalysts,” or events that cause the price of stocks to rise or fall dramatically.

    Join us for a roundtable discussion with subject matter experts where we’ll talk about the details of the report and explore surrounding topics, to include:

    • A deep dive into FIN4’s tactics and why they are simple yet surprisingly effective
    • How FIN4 may be monitoring insider communications for a trading advantage
    • Why FIN4 is different from other threat groups FireEye tracks
    • A profile of organizations at risk, and what they can do to protect themselves.

    All webinar attendees will receive a complimentary copy of the Hacking the Street? report.
  • APT 28: Cyber Espionage and the Russian Government? Recorded: Nov 4 2014 49 mins
    FireEye just released a report called APT28: A Window Into Russia's Cyber Espionage Operations? The report focuses on a targeted threat group that we call APT28 (Advanced Persistent Threat group 28) and details ongoing, focused operations that we believe indicate a government sponsor - most likely the Russian government.

    Join us for a roundtable discussion with Russian security expert, Edward Lucas of The Economist, and Jen Weedon, Manager of Threat Intelligence at FireEye.

    Discussion topics will include:

    •Russia's intentions and motivations in cyberspace
    •Whether APT28's activity supports Russia's geopolitical strategy
    •How Russian and Chinese network operations compare
    •Which organizations and agencies are most at risk
  • Building a Better Budget for Advanced Threat Detection and Prevention Recorded: Oct 28 2014 57 mins
    The cyber threat landscape is dramatically evolving, but one thing is certain – attackers are becoming more and more sophisticated, and most organizations are struggling to keep pace. In a recent IANS and FireEye survey, security practitioners and decision makers share their perspective on the type of attackers they’re dealing with, how they’re responding to the growing threat, and the effect on organizations that have experienced a breach.

    Join FireEye’s Chief Security Strategist (Forensics Group) Josh Goldfarb, and Dave Shackleford, IANS Lead Faculty, as they discuss:
    •The kinds of products and controls most organizations are implementing
    •What new technologies security teams are focusing on, and
    •How security budgets are changing to align with security’s growing importance to the enterprise

    This is one hour you will not want to miss!
  • Sidewinder Targeted Attack Against Android Recorded: Oct 14 2014 43 mins
    In this webinar, our experts will present one practical case of such attacks called "Sidewinder Targeted Attack." It targets victims by intercepting location information reported from ad libs, which can be used to locate targeted areas such as a CEO's office or some specific conference rooms. When the target is identified, "Sidewinder Targeted Attack" exploits popular vulnerabilities in ad libs, such as JavaScript-binding-over-HTTP or dynamic-loading-over-HTTP.

    Join us for this for this live session to learn:
    •How a Sidewinder Targeted Attack can disrupt and hijack the network where targeted victims reside
    •The risks of remote attacks on Android devices through apps downloaded from Google Play
    •Different forms of attacks to Android vulnerabilities
    •Current trends and best practices around mobile security
  • New Employee Success Tips: How to Drive Security Maturity Recorded: Sep 23 2014 45 mins
    Taking on security needs at a new organization can be complicated as you learn what’s currently in place, where the gaps are and the best way to drive change in your new organization. Get helpful guidance, beyond the technical details, from an experienced change agent.

    This talk will discuss some of the ways in which security can be approached as a business process, rather than as an enigma, including:

    •Your first 30 days: fame and foibles when taking over a new
    security program
    •Gauging your business executives: how to talk with senior
    business leaders and classify their responses to security in order
    to make your relationship more effective
    •Show me the money: how to review a security budget and quickly
    match it up against your new organization's risk profile
    •Finding strategic partners: a litmus test for discussions with key
    vendors to figure out who to trust and who is selling you a bridge
  • Reimagining Security – Adaptive Defense Strategy to Keep Pace with Attackers Recorded: Sep 19 2014 56 mins
    Threat actors’ tactics and motivations are evolving. Successful security teams continuously adapt to anticipate new tactics. That means adopting new approaches. Join us for this webinar, where we share FireEye’s point of view about how organizations can implement adaptive defense strategies that position them to detect, analyze and respond to security incidents of all kinds.

    FireEye’s CTO, Dave Merkel, will discuss how security teams can reduce the time to detect and resolve security incidents.

    Register for this webinar here.
  • A New Approach to IPS – Reduce Your Exposure and Costs Recorded: Sep 4 2014 35 mins
    Current IPS products are deficient for lots of reasons—they’re signature-based, unable to detect modern threats, and, they create excessive alerts that require additional resources to manage. Using an outdated protection model results in distracting false positives and a lack of actionable threat intelligence. Organizations need a holistic view of multi-vector attacks that goes well beyond what conventional IPS tools offer.

    In just 30 minutes, you’ll learn how to:

    * Confirm attacks via timely and validated threat notifications
    * Minimize time and resource investments resulting from false alerts
    * Consolidate known and unknown threats on a single platform
    * Create actionable insights by correlating threats to derive richer intelligence and speed incident response times

    Join FireEye for this brief webinar and discover a new approach to IPS. You’ll quickly realize how you can save your organization time, money, and reduce your exposure to the threats lurking out there.
  • State of the Hack: Spotlight on Healthcare Recorded: Aug 28 2014 34 mins
    Join us for this webinar where we’ll share our latest intelligence and recommend how healthcare, pharmaceutical and medical device manufacturers can protect themselves from attackers that target these industries.

    In this webinar we will cover:
    • Which threat actors target these industries?
    • What information do they typically steal?
    • What type of tools and tactics do attackers use to gain access?
    • What can we expect from these threat actors in the coming year?
    • How can organizations protect themselves from the attackers that
    are targeting them?
  • FLARE on Fire: Reverse Engineering with the FLARE Team Recorded: Aug 26 2014 58 mins
    Join us for this exciting webinar as we introduce the FireEye Labs Advanced Reverse Engineering (F.L.A.R.E.) and learn about:

    * FLARE's background, mission and industry-leading team members
    * Reversing Agent .BTZ (Case Study)
    * Reversing .NET samples (Case Study)
    * Proactive assessment of security software via RE (Case Study)

    You'll also get an in-depth look at two prevalent malware families and learn how to combat against these targeted attacks.
  • Speed Dating for Security Teams: Finding Alerts that Lead to Compromise Recorded: Aug 12 2014 46 mins
    This webinar will address the following topics:

    - How to quickly triage and validate the seemingly overwhelming volume
    of daily alerts
    - Strategies for prioritizing and throttling your workflow
    - Tools for querying intel and obtaining context
    - Approaches for creating an indicator management process
  • DeCryptoLocker: Relief for CryptoLocker Victims Recorded: Aug 6 2014 14 mins
    Join Uttang Dawda, FireEye's resident Malware Researcher, as he gives us a comprehensive overview of CryptoLocker and the FireEye and Fox-IT decryption solution for victims.
  • Understanding the Adversary: The Role of Intelligence in Your Security Strategy Recorded: Jul 22 2014 61 mins
    • What is an intelligence-led defense?
    • What is “adversary intel”? Where do you get it and how can you
    act on it?
    • What is “attribution” and how important is it?
    • What intel should a security organization maintain internally? How
    should it supplement this with 3rd party intel?
    • What is the right balance between detection-based intel and
    adversary intel
  • Cybersecurity’s Maginot Line: A Real-World Assessment of Defense-in-Depth Recorded: Jun 25 2014 60 mins
    Are you building another Maginot Line? France’s famed border defense was hailed as a military marvel in the run-up to World War II — and quickly rendered useless by new blitzkrieg-style warfare. In much the same way, many common cybersecurity tools are not stopping today’s attacks.
    In a first-of-its-kind study, we analyzed data from 1,216 organizations in 63 countries across more than 20 industries. FireEye sits behind other layers in the typical defense-in-depth architecture. That placement offers a unique vantage point to observe them in action.

    Here’s what we found:
    •97% of organizations were breached, even with multiple security layers.
    •More than one-fourth of all organizations experienced events consistent with advance persistent threat (APT) attacks.
    •Three fourths of organizations had active command-and-control communications.
    •Even after an organization was breached, attackers attempted to compromise the typical organization more than once per week (1.6 times) on average.

    Join us in a live briefing to discuss these findings and what they mean for your cyber defense plan.
  • Cover Your Assets: How to Keep Your Data Safe Recorded: Jun 12 2014 34 mins
    Cyber security experts suggest that it’s likely your organization’s data has already been breached. So rather than asking “what if?”, it’s time to ask “now what?”. Hackers use spear phishing and malware to target your trusted insiders, and then leverage stolen credentials to navigate the company network and gain access to the data center. Your data center is the ultimate goal for these attacks because it contains a concentration of sensitive data, as well as critical business applications.

    This session will discuss a risk-based approach to protecting critical files, databases, and sensitive applications from compromised users. Join us to learn how to minimize downtime, save time, and keep your employees productive during the remediation process. We will also discuss how to track and analyze user activity once malware is detected.
  • How to Use War-Gaming to Improve Response Capabilities Across Business Functions Recorded: Jun 12 2014 42 mins
    In this presentation we will cover how to use war-gaming to improve capabilities to respond to an attack across business functions. Too often, organizations leave response planning until a serious attack has occurred. With serious cyber breaches occurring more frequently and now impacting almost every major business function, a lack of effective planning can severely impact the ability of the business to respond.

    We will cover how cyber-security operating models will need to evolve, what best practice war gaming and incident response looks like, as well as approaches for developing a war gaming program.
  • Experts Panel - Beyond SIEM: Enterprise Security Monitoring Recorded: Jun 12 2014 59 mins
    Moderated by Richard Bejtlich, Chief Security Strategist, FireEye.

    When you think of “event data”, chances are good that you think of SIEM. If so, you may be missing out on much of the value of your logs for detecting, investigating and responding to security events.

    Based on extensive real-world experience with large organizations, the Enterprise Security Monitoring (ESM) philosophy extends current host-, network- and event-based collection strategies, bringing data from all three domains under one roof for a unified view of what’s going on inside your organization.

    In this session, our panelists will discuss key aspects of the ESM approach, including:
    • Data collection priorities based on your organization’s security goals
    • Enterprise-scale collection strategies
    • Deriving context from events
    • Integrating threat intelligence to improve detection and speed response
    • Increasing your adversaries’ costs using the “Pyramid of Pain” and “Detection Maturity Level” models

    This will be a very interactive session, with plenty of audience interaction. We welcome the tough questions. Come learn about a better way of fully leveraging the data you are already collecting to better protect your organization!
The leading provider of next generation threat protection
FireEye is the world leader in combating advanced malware, zero-day and targeted attacks that bypass traditional defenses, such as firewalls, IPS and antivirus.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Living in a State of Cyber Insecurity - Advanced Targeted Attacks
  • Live at: Mar 14 2012 5:00 pm
  • Presented by: Aaron Sheridan, Sr. Systems Security Engineer
  • From:
Your email has been sent.
or close
You must be logged in to email this