Mathias Fuchs, Incident Response Consultant bei Mandiant erklärt warum erfolgreiche Angriffe auf Unternehmen immer noch unausweichlich sind. Zu verstehen wie Angreifer arbeiten und wie Incident Response optimal durchgeführt wird hilft, die Angreifer zu stoppen bevor sie ihre Ziele erreichen. In diesem Webcast beschreibt Mathias Fuchs den mehrstufigen Incident Response Prozess der von der Vorbereitung über Erkennung und Analyse bis hin zur Bereinigung der Situation. Er beschreibt dabei die Herausforderungen jedes Schrittes und mögliche Lösungsansätze.
Auf Basis einer Fallstudie eines Systemeinbruchs in einem Unternehmen mit 50.000 Endpoints wird beleuchtet wie APT Akteure in ein Netzwerk einbrechen und Daten stehlen.
No one understands the strain of constant battle better than those in Incident Response (IR). Daily cyber assaults require an unattainable perfect response – every time. However, teams are constantly working within constraints and breaches continue to occur in record number. Technology has been introduced to help but has failed time and time again. Breach identification takes an exorbitantly long time. And above all, attackers continue to target that last line of defense – the vulnerable, easily fooled human assets. When that last line of defense is surpassed, the IR team is expected to catch the attacks in progress – wading through millions of false alerts while attackers continue to hone their approach and deliver evolved malicious payloads.
It’s enough to make you wonder why you got into this line of work!
Join PhishMe’s David MacKinnon and Will Galway to hear why it’s not all doom and gloom. Previous to PhishMe, both David and Will worked as incident responders in the Fortune 500 market, collecting years of security operations insight and best practices to share. In this session, you’ll gain tips and knowledge around new threats and solutions for Incident Responders such as:
•The new wave of malware to watch for and trends and threats collected from 2015
•The evolution of phishing emails, their targets and the payloads they deliver
•How to forge a new line of defense and triage potential attacks – quickly and easily
An Eyes-Wide-Open Approach to Cyber Security
The last thing any organization wants is its name in a headline due to a cyber-breach. With cyber-crime on the rise, how do organizations ensure that they have their eyes open to the ever-changing threat landscape and that they’re taking the best steps to mitigate risk before a breach occurs?
Watch this in-depth webcast to learn how the proactive measures of incident management benefit organizations more than reactive incident response alone. You’ll learn:
- Why investing in preparation up front is more valuable than investing after a breach occurs
- The key people, process and technology components of an effective incident management program
- The difference between the wise way and the risky way to manage an incident, through real examples
- How the evolution to proactive services will improve your security framework
When a breach happens, chaos ensues. However, for proactive organizations, a digital forensics capability can bring order to chaos and contribute to minimizing overall business impact. Digital forensics plays an integral role in any effective response to a security incident and in its aftermath.
Digital forensics investigations can help you:
•Assess which assets were compromised
•Determine what unauthorized activities were carried out
•Establish an appropriate mitigation strategy
•Assess impact to the organization for a variety of stakeholders
•Learn from previous incidents to adjust security strategy using your own threat intelligence
In this webcast, Randy Stone of the Dell SecureWorks’ Incident Response and Digital Forensics practice will share examples of how digital forensics techniques were used to understand threat actors, attack methods, and impact to organizations. Randy will highlight key operational and technical capabilities required to build and sustain a digital forensics function. He will share common mistakes made by response teams that inhibit the ability to investigate and determine the facts around an incident. Lastly, he will share tips and guidance for how organizations can assess the maturity of their digital forensics capabilities.
In this webcast, you will:
•Hear examples of previous incidents and how digital forensics techniques were used to assess impact and respond accordingly
•Find out common pitfalls that prevent an effective forensic investigation of an incident
•Learn strategies for assessing the digital forensics capabilities of your organization’s incident management function
As the frequency and sophistication of cyber-attacks continue to evolve, so too must your capabilities to respond. The reality of information security today is that a breach is inevitable and you must ask yourself:
- Am I prepared for a major compromise today and how will I adapt to a changing threat in the future?
- Do I really know my environment?
- Do I really understand the threat?
- Do I know where to focus my limited incident Response Capabilities?
- Do I know how to measure the success of my Incident Response and Security plan?
In this webcast, Jeff Schilling - Director of Incident Response and Digital Forensics at Dell SecureWorks, provides a vision for how IT security must evolve to combat the changing nature of the cyber security threat. Jeff will discuss & share:
- The best methods for layering incident response into the security stack
- Developing a proven capability to handle a major data breach.
- Examples of actual incidents
- And also provide practical recommendations you can implement quickly to minimize the "detection to response" window and better protect your networks, servers, hosts and end users.
ThreatOptics from NetCitadel is a threat management platform that enables Automatic Incident Response with a clean and easy to use UI. Based-on a SOC workflow, ThreatOptics investigates, mitigates, and contains threats reported by Advanced Malware Devices like FireEye and SIEMs like ArcSight. This demo provides a quick view into how built-in source connectors, built-in enforcement adapters, threat intelligence gathering, and the seamless workflow is turning automated incident response into a reality.Read more >
Colby Clark will present a rapid incident response methodology used by the FishNet Security Incident Management team utilizing a combination of best-of-breed solutions to rapidly facilitate all phases of an IR investigation of evolving threats. The methodology begins with identification from network indicators with NetWitness, triage and containment using FireEye and FireAmp, and in-depth forensic investigations on system artifacts (memory, volatile data, and file system) using EnCase Enterprise.Read more >
Organizations, regardless of size or maturity, will always run into IT related incidents. The trick, however, is to ensure that these incidents cause the least amount of downtime as possible for the customer while avoiding turning into a bigger, company-wide problem.
Join Adam O’Brien, Product Marketing Manager for SunView Software, as he examines the basics of ITSM incidents and problems and covers 3 critical strategies that your organization can implement to help minimize the impact that incidents and problems can have on your customers and company.
Ensuring your CIRP is a plan for disaster – not a disaster waiting to happen.
Most organizations establish Cybersecurity Incident Response Plans (CIRP) with great intentions of leveraging them during security breaches. The reality is, many times once a CIRP is established it gets filed away to collect dust on a shelf until a breach occurs, leaving it out of date and out of mind. If a breach occurred tomorrow, would your organization know the proper steps and procedures to eradicate the threat... who the key stake holders are and the communications flow... when and how to reach out to a third-party for support?
All of these are included as a part of your CIRP, but using a dusty CIRP as a guide for the first time during a breach is not a plan – it’s a disaster waiting to happen. Testing your plan prior to an incident is the key to minimize the duration, impact and cost of a breach to your organization.
During this interactive webinar, Tony Kirtley, Senior Incident Response Consultant at Dell SecureWorks, will share the importance of testing your CIRP plan through regular tabletop exercises to help identify your organization's strengths and weaknesses, and further the development of your proactive security capabilities.
In addition you will learn:
- What makes an effective tabletop exercise?
- Real stories of how organizations benefited from tabletop exercises.
- The benefit of bringing in an objective third party to facilitate your table top exercise.
The increased complexity and frequency of attacks, combined with reduced effectiveness of detective or preventative control frameworks, elevate the need for organizations to roll out enterprise wide incident response initiatives to ensure rapid containment and eradication of threats.
In this webcast, Don Smith, Technology Director at Dell SecureWorks, describes three organization’s experience with “APT” actors, examining techniques deployed for intrusion, persistence, lateral expansion and exfiltration.
Don will highlight where changes to the detective or preventative control frameworks could have prevented the attackers from achieving their objectives and outline key steps to building a robust incident response plan.
Webcast takeaways include:
· Real-world examples of APT attacks
· The latest tools and techniques that advanced threat actors are using
· Recommendations for preventing and responding to APTs
Resolving an incident can be a complex process that takes a lot of time and many people. According to the 2014 State of On-Call Report, most teams report that it takes 10-30 minutes to resolve an incident and on average, 5 people are needed to help with resolution.
But it doesn’t have to be that way. In this webinar, Jason Hand will present best practices and tips for surviving every stage of the firefight - from when an alert comes in to pulling reports after it’s over. Join us to see how we do it at VictorOps.
As we’ve all learned from recent incidents at large companies, a data breach can cause insurmountable damage that is difficult to rebound from. To effectively counteract cyber attacks, companies need to have a two-pronged approach that includes both targeted threat intelligence and expedient incident response (IR).
In this webinar, Scott Donnelly of Recorded Future, will explain how threat intelligence can help secure your company, how to implement an intelligence strategy, and how a thorough threat intelligence program can reduce the risk of breaches.
Next, LIFARS CEO and Founder Ondrej Krehel will discuss how this intelligence spearheads an incident response and describe the process of investigation and evidence collection.
Register now to learn:
* How threats manifest in different ways on different layers of the Web.
* The difference between a hoax and a possible threat to companies, customers, or infrastructure.
* How having the right threat intelligence will speed up an IR process and reduce the business impact of a data breach.
* The steps of an effective IR and how having a proper incident response plan in place makes all the difference.
Train like you fight. Fight like you train. We could do well to heed this old military axiom and regularly drill for a variety of incident scenarios in the most realistic means as possible. During this (ISC)2 roundtable, we will explore the role of incident management simulation and testing from the world of critical infrastructure and provide some concrete and immediately actionable methods you begin incorporating into your own preparedness program. As the saying goes, “No plan survives first contact with the enemy,” so please join us On February 11, 2016 at 1:00PM Eastern in learning how to become a more resilient organization in the face of disaster.Read more >
451 Research Group and Proofpoint are delighted to invite to you a 30 minute Webinar targeting IT Security and Operations Professionals that will address:
• Cutting through the noise: Only 1 in 25 critical alerts* are responded to. The panel will discuss why there is an increasing level of security incidents & alerts.
• Taking Control: Finding the Needle in the Haystack that is Incident Response. The panel will discuss the approaches to take and the broader industry solutions on the market to help achieve this.
• Actionable Intelligence: Derived from inside and outside your business. The panel will cover how context around an incident can make all the difference.
• Conclusion: Actionable tips and tricks to help you begin to gain control of your incident response process and reduce the panic!
Major incidents are characterized by a high level of complexity and high priority to the business. The resolution of these mandates a team of specialists with diverse skills and extensive communication both within the team of resolvers and with the users. If you have the right set of people, processes and technology in place, a major incident need not result in confusion and chaos. The true essence of major incident management lies in not only in quick and efficient resolution of major incidents, but also in creating and delivering value within the team and outside it. In this engaging webinar, Richard Josey, Service Management Architect, discusses the operational and psychological dimensions of major incident management and highlights the key areas that organizations need to work on to ensure that they have efficient mechanisms in place to tackle major incidents.Read more >