Mathias Fuchs, Incident Response Consultant bei Mandiant erklärt warum erfolgreiche Angriffe auf Unternehmen immer noch unausweichlich sind. Zu verstehen wie Angreifer arbeiten und wie Incident Response optimal durchgeführt wird hilft, die Angreifer zu stoppen bevor sie ihre Ziele erreichen. In diesem Webcast beschreibt Mathias Fuchs den mehrstufigen Incident Response Prozess der von der Vorbereitung über Erkennung und Analyse bis hin zur Bereinigung der Situation. Er beschreibt dabei die Herausforderungen jedes Schrittes und mögliche Lösungsansätze.
Auf Basis einer Fallstudie eines Systemeinbruchs in einem Unternehmen mit 50.000 Endpoints wird beleuchtet wie APT Akteure in ein Netzwerk einbrechen und Daten stehlen.
No one understands the strain of constant battle better than those in Incident Response (IR). Daily cyber assaults require an unattainable perfect response – every time. However, teams are constantly working within constraints and breaches continue to occur in record number. Technology has been introduced to help but has failed time and time again. Breach identification takes an exorbitantly long time. And above all, attackers continue to target that last line of defense – the vulnerable, easily fooled human assets. When that last line of defense is surpassed, the IR team is expected to catch the attacks in progress – wading through millions of false alerts while attackers continue to hone their approach and deliver evolved malicious payloads.
It’s enough to make you wonder why you got into this line of work!
Join PhishMe’s David MacKinnon and Will Galway to hear why it’s not all doom and gloom. Previous to PhishMe, both David and Will worked as incident responders in the Fortune 500 market, collecting years of security operations insight and best practices to share. In this session, you’ll gain tips and knowledge around new threats and solutions for Incident Responders such as:
•The new wave of malware to watch for and trends and threats collected from 2015
•The evolution of phishing emails, their targets and the payloads they deliver
•How to forge a new line of defense and triage potential attacks – quickly and easily
An Eyes-Wide-Open Approach to Cyber Security
The last thing any organization wants is its name in a headline due to a cyber-breach. With cyber-crime on the rise, how do organizations ensure that they have their eyes open to the ever-changing threat landscape and that they’re taking the best steps to mitigate risk before a breach occurs?
Watch this in-depth webcast to learn how the proactive measures of incident management benefit organizations more than reactive incident response alone. You’ll learn:
- Why investing in preparation up front is more valuable than investing after a breach occurs
- The key people, process and technology components of an effective incident management program
- The difference between the wise way and the risky way to manage an incident, through real examples
- How the evolution to proactive services will improve your security framework
Intrusion investigations are a response to the detection of a threat in the environment. Organizations are investing heavily in technology, training, and personnel who can quickly detect and respond to threats after they’ve gained some amount of access to their environments. It’s this process that leads to containment and gives businesses back control.
Companies are getting better at detecting threats as a result, but actors may still have been in the environment for several months before that critical moment when tools and personnel finally detect the bump in the night and the investigative process can begin.
During this conversation, we’ll look at the security ecosystem and some of the reasons why technologies that react to threat activity may not be adequate in this golden age of cyber threats. We’ll also discuss a few of the most important skillsets necessary to cultivate and why personnel and expertise are your secret weapons. Lastly, we’ll suggest some of the most effective sources of evidence to examine as well as some of the analysis techniques you should be using to filter through the noise.
When a breach happens, chaos ensues. However, for proactive organizations, a digital forensics capability can bring order to chaos and contribute to minimizing overall business impact. Digital forensics plays an integral role in any effective response to a security incident and in its aftermath.
Digital forensics investigations can help you:
•Assess which assets were compromised
•Determine what unauthorized activities were carried out
•Establish an appropriate mitigation strategy
•Assess impact to the organization for a variety of stakeholders
•Learn from previous incidents to adjust security strategy using your own threat intelligence
In this webcast, Randy Stone of the Dell SecureWorks’ Incident Response and Digital Forensics practice will share examples of how digital forensics techniques were used to understand threat actors, attack methods, and impact to organizations. Randy will highlight key operational and technical capabilities required to build and sustain a digital forensics function. He will share common mistakes made by response teams that inhibit the ability to investigate and determine the facts around an incident. Lastly, he will share tips and guidance for how organizations can assess the maturity of their digital forensics capabilities.
In this webcast, you will:
•Hear examples of previous incidents and how digital forensics techniques were used to assess impact and respond accordingly
•Find out common pitfalls that prevent an effective forensic investigation of an incident
•Learn strategies for assessing the digital forensics capabilities of your organization’s incident management function
ThreatOptics from NetCitadel is a threat management platform that enables Automatic Incident Response with a clean and easy to use UI. Based-on a SOC workflow, ThreatOptics investigates, mitigates, and contains threats reported by Advanced Malware Devices like FireEye and SIEMs like ArcSight. This demo provides a quick view into how built-in source connectors, built-in enforcement adapters, threat intelligence gathering, and the seamless workflow is turning automated incident response into a reality.Read more >
As the frequency and sophistication of cyber-attacks continue to evolve, so too must your capabilities to respond. The reality of information security today is that a breach is inevitable and you must ask yourself:
- Am I prepared for a major compromise today and how will I adapt to a changing threat in the future?
- Do I really know my environment?
- Do I really understand the threat?
- Do I know where to focus my limited incident Response Capabilities?
- Do I know how to measure the success of my Incident Response and Security plan?
In this webcast, Jeff Schilling - Director of Incident Response and Digital Forensics at Dell SecureWorks, provides a vision for how IT security must evolve to combat the changing nature of the cyber security threat. Jeff will discuss & share:
- The best methods for layering incident response into the security stack
- Developing a proven capability to handle a major data breach.
- Examples of actual incidents
- And also provide practical recommendations you can implement quickly to minimize the "detection to response" window and better protect your networks, servers, hosts and end users.
Colby Clark will present a rapid incident response methodology used by the FishNet Security Incident Management team utilizing a combination of best-of-breed solutions to rapidly facilitate all phases of an IR investigation of evolving threats. The methodology begins with identification from network indicators with NetWitness, triage and containment using FireEye and FireAmp, and in-depth forensic investigations on system artifacts (memory, volatile data, and file system) using EnCase Enterprise.Read more >
Organizations, regardless of size or maturity, will always run into IT related incidents. The trick, however, is to ensure that these incidents cause the least amount of downtime as possible for the customer while avoiding turning into a bigger, company-wide problem.
Join Adam O’Brien, Product Marketing Manager for SunView Software, as he examines the basics of ITSM incidents and problems and covers 3 critical strategies that your organization can implement to help minimize the impact that incidents and problems can have on your customers and company.
Time is of the essence when you’re investigating security incidents. While it’s critical to find out as much as you can about the incident from internal sources (logs, network activity, endpoint data, etc.), you also need context about what type of threat you’re facing.
When you come across an domain, IP, or file hash during investigations, you need to answer dozens of questions ASAP.
-Is this malicious? What’s known about it?
-What other domains, IPs, or file hashes are related?
-Is this a widespread threat or more targeted?
And to answer these questions today, you probably need to go to multiple sources and manually piece the puzzle together. What if you had a single, correlated source of intelligence instead?
OpenDNS Investigate now includes malware file data from Cisco AMP Threat Grid. Join our webcast to learn how Investigate provides the most complete view of the infrastructure used in attacks. With Investigate, you can:
-Instantly validate malicious domains, IPs, and file hashes
-Identify the Internet infrastructure and malware files related to attacks
-Uncover infrastructure being staged for future attacks
-Speed up investigations and stay ahead of threats
Join Stuart Davis – Director, Mandiant Consulting a FireEye company in this webinar to see how a real life organisation responded to a recent cyber breach involving an advanced cyber threat group (APT). Stuart will explain what happens when an organisation does not have the resources or skills to respond to cyber threat activity and will address how a third party incident response team can extend the internal CSIRT capabilities. He will walk through the stages of Mandiant Consultings enterprise incident response, show how cyber threat intelligence can enrich the information at hand to help these cyber investigators and finally discuss how remediation plans can be put in place to help contain an incident and bring the organisation back to normal business operations.Read more >
Your corporate network is open terrain. And it's hunting season. Malware, ransomware, and phishing scams are lurking. It's time to identify these threats to the enterprise earlier in the kill-chain and protect your employees, your data, and your network. The next evolution of Incident Response is here.
Isn't it time you adapted your security stack to gain visibility into threats across you endpoints, network, and cloud? We can arm you with the tools you need most to see what’s happening not just on your network and your endpoints, but also out on the Internet in the wild.
Join the product CTO’s from both OpenDNS and our Advanced Threats Groups, Dan Hubbard, Dean De Beer, and TK Keanini as they review how to modernize your response with critical solutions that provide visibility into the network, endpoint, and cloud and additionally talk about how to use these tools to investigate threats in the present, retrospectively, and into the future.
Join not one, but three CTOs from OpenDNS, AMP Threat Grid and Lancope for a complete review of what it takes to accelerate investigations, decrease incident response times, and uncover potential attacks before they are launched.
Hear from OpenDNS CTO, Dan Hubbard, Lancope CTO, TK Keanini, and Threat Grid CTO, Dean De Beer on August 22nd at 10am PT. You’ll learn:
-Strategies for addressing customer incident response challenges across Network, Endpoint and Cloud
-Three unique approaches for digging deeper into what happened before, during, and after an attack
-How together OpenDNS, AMP Threat Grid and Lancope combine to give you the best incident response portfolio
Register now and let the hunting begin.
This editorial webinar from SC Magazine looks at the steps you need to take to launch an incident response and how to develop your incident response plan. (Spoiler alert — don’t turn off that server!)
Join this discussion about:
- Key components of an incident response plan
- Things you must do and not do once an incident is identified
- Best practices for an incident response plan that generally are not done
- How to develop an incident response plan
What happens when you combine increasingly effective adversaries, data dispersing to the clouds, and a significant lack of skilled security practitioners? You get the future of incident response.
Despite having a bigger budget and better tools than ever before, the underlying way incident response happens within enterprises must evolve with the times.
Join Mike Rothman, an analyst at Securosis & Faizel Lakhani, COO at SS8 as they discuss trends in cyber attacks and incident response. Learn what you can do today to ensure your organization is ready for the changes already in motion, and how network visibility plays a crucial role in accelerating breach and incident response.
Are you an information security professional struggling with labor-intensive and slow-moving incident response processes? According to a recent Enterprise Strategy Group survey, more than 60 percent of information technology professionals say their organization has taken steps to automate incident response, but 91 percent say the processes are not very effective or efficient. The problem? Information security teams are limited by time and have too many manual processes.
Join GuidePoint Security and Carbon Black for “Conquering Challenges of Incident Response: Real-Time Incident Hunting and Response,” a free, interactive webinar at 2:30 p.m. Thursday, Nov. 17. Together, we will explore:
Cost-efficient and time-saving solutions to help your team monitor your environment
Tools to help you hunt for and find potential attacks, quarantine them, and react before real damage is done
Learn from real-world analysts and incident responders who know firsthand just how challenging incident response can be. We’ll show you how to leverage today’s threat-hunting tools to:
- Hunt for incidents in real time
- Visualize a complete attack kill chain
- Efficiently defend your environment
- Monitor endpoints around-the-clock for attacks based on Patterns of Compromise (POCs)
- Secure devices on or off network
- Review continuously recorded histories of endpoint activity
- Quickly conduct comprehensive investigations and identify threat activity
- Minimize data loss and potential impact on your organization
- Deploy rapid response and remediation services
Who Should Attend:
- Information security professionals struggling with effective incident response because of limited time and resources
- Current MSSP customers not satisfied with their current provider(s)
- Information security professionals wanting to improve the effectiveness of their logging and monitoring and/or vulnerability management programs