Under the Hoodie: enseignements tirés d’une année de pen-tests (FR)

To get ahead of the attackers, security teams are increasingly moving from prevention only ideologies to focusing on early detection. Successful and comprehensive threat detection requires understanding common adversary techniques, which ones may especially pose a threat to your organisation, and how to detect and mitigate these attacks. With that said, the volume and breadth of attack tactics make it nearly impossible for any single organisation to monitor every single attack type—never mind catalog and translate those findings in a constructive way to anyone outside of their organisation.

Join this webinar to learn more about Gartner’s Security Operations Center (SOC) Visibility Triad, a network-centric approach to threat detection and response and how you can apply it to improve the detection and response capabilities in your organisation.

Introduced by our friends at ISMG as part of their virtual Cybersecurity & Fraud Chicago Summit, this presentation will outline why cloud security is fundamentally different from traditional data center environments. We’ll explore the top services and errors that have led to large-scale data breaches in the past several years, discuss ways to prevent future breaches, and review a few case studies of prominent breaches.

Fixing a breach is far more costly than prevention. Organisations are under pressure to act fast. More often than not though, it can be weeks or months before you’ve even realised that you’ve suffered one.

Neil Campbell, Vice President of APJ, outlines six fundamental actions you need to take as part of your security incident handling:

- High-level incident management and coordination
- Technical analysis of the incident
- Incident scoping to determine who or what was affected
- Crisis communications to make sure information is released in a coordinated and beneficial manner
- Legal response to determine any implications and prepare any needed response or action
- Remediation and mitigation recommendations and actions to ensure a smooth recovery

In this real-training-for-free session we will discuss the options for cloud based network traffic analysis and how it differs from on-prem approaches. The use cases for this technology which include:

Security analysts lack visibility within cloud networks. They do not have the visibility they need to troubleshoot operational and security issues within their AWS networks and want to eliminate this blind spot so that they have 'end to end' traffic visibility across all their network.

Security analysts want DPI/full packet analysis in their AWS estates. They want more detail than VPC flow logs to detect security threats and to perform forensics on past events.

Compliance and security personnel want cloud based IDS solutions. IDS is a key requirement for some compliance standards such as PCI

Amazon launched a network traffic mirroring service in 2019 called VPC traffic mirroring. This allows you to span, or copy, network traffic going to and from one or more EC2 Elastic Network Interfaces and send it to a traffic analysis system.

From a security perspective, we can now deploy cloud based out-of-band intrusion detection and analysis tools to look for malicious activity in the network traffic.

During this call we will check out the VPC traffic mirroring feature in AWS and show how to set up a traffic mirroring session to capture activity associated with a number of ENIs. Topics include:

-Mirror Sessions
-Mirror Targets
-Mirror Filters

Using the data captured from this we will then look at how this can be used for incident detection and response.

Join us for this short session as we discuss how to assess your organisation’s risk across multi-cloud and traditional infrastructure environments using visibility and automation.

To get ahead of the attackers, security teams are increasingly moving from prevention only ideologies to focusing on early detection. Successful and comprehensive threat detection requires understanding common adversary techniques, which ones may especially pose a threat to your organization, and how to detect and mitigate these attacks. With that said, the volume and breadth of attack tactics make it nearly impossible for any single organization to monitor every single attack type—never mind catalog and translate those findings in a constructive way to anyone outside of their organization.

Join this webinar to learn more about Gartner’s Security Operations Center (SOC) Visibility Triad, a network-centric approach to threat detection and response and how you can apply it to improve the detection and response capabilities in your organisation.

Today’s security operations–whether part of a formal SOC or not–require IT and Security teams to identify and address threats as quickly and decisively as possible. The growing list of threats, along with their methods of entry, techniques used, and means of detection and resolution have grown to a point where it’s nearly impossible to address manually. Part 4 of 4 of series: Focus on What Matters Most with Detection and Response

As IT ecosystems evolve, so do attackers. Exploitation can happen anywhere across the modern attack surface, from on-premises and cloud infrastructure to web applications. So the scope of your vulnerability risk management (VRM) program can no longer be limited to critical infrastructure.

Web apps have grown in complexity and volume over the past several years, while also becoming the attack vector of choice for threat actors capitalizing on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your testing strategy to practices and languages utilized by your development team. In short: Managing your overall risk must extend to weaknesses in your applications and APIs, not just the structures on which they’re built.

In this webcast, you’ll learn:
- Sandy and James’ thoughts on extending a holistic VRM approach to the application layer
- Best practices and common challenges for a sound VRM strategy
- How James uses both InsightVM and InsightAppSec to secure every layer of the modern environment
- Why it’s so important to have mitigating controls in place for possible exploitation

Security has played a positive role in enabling business over the recent weeks. This has been demonstrated by allowing remote workforces to remain productive and the hard work of security teams to keep operations running. However all this is putting a strain on the internal resources trying to protect their critical business assets from both external attackers and insider threats.

At Rapid7 we are taking a practical role in helping ensure security advice and guidance is available for all, and we will be running a series of talk tracks to help provide a measured perspective on how to remain secure and operational with the resources you have.

Join us for this live talk where Chris Hartley, Director at Rapid7 UK & Ireland, and Warwick Webb, Security Practitioner, will discuss the top 5 reasons why some organisations are looking to augment or outsource their threat detection and response operations including:

· Talent shortage in cybersecurity and why specialisation is key
· Business continuity and the impact of ‘always on’
· Threat intelligence and global visibility of the threat landscape
· Role of threat hunters in incident response

We’ll also be joined by customer, Simon Parry from the Development Bank of Wales to reveal how they are using managed services in their own environment and which elements of managed detection and response are most important the success of their security program.

Instead of the traditional "castle and moat" model of the past, today the security perimeter is being defined around the identity of the person or the device requesting access. What are organizations doing to protect digital identities in the age of breaches? How are the current trends in identity and access management helping address this issue?

Join this interactive roundtable discussion with notable security experts to learn more about:
- The shift to identity-centric security
- The zero trust mindset
- What constitutes strong and effective authentication and authorization
- The role of policy orchestration and enforcement
- Best practices for protecting identities and managing access across the enterprise

Panelists:
- Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic
- Dave Farrow, VP, Information Security at Barracuda
- Jeremy Snyder, Sr. Director, Corporate Development, Rapid7

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

The threat landscape continues to evolve and adapt, requiring organisations to have a high level of security visibility. However, when security teams, managers, and leaders have limited time and budget, prioritising investments to achieve the greatest impact and reduction in risk becomes even more critical. Part 3 of 4 of series: Focus on What Matters Most with Detection and Response

Introduced by our friends at ISMG as part of their virtual Cybersecurity & Fraud Chicago Summit, this presentation will outline why cloud security is fundamentally different from traditional data center environments. We’ll explore the top services and errors that have led to large-scale data breaches in the past several years, discuss ways to prevent future breaches, and review a few case studies of prominent breaches.