[APAC] Series: Doing More with Less: Detection and Response Planning for 2021

While the term “threat hunting” has become increasingly popular in recent years it’s actually a practice that many mature teams were practicing in some form of another. The basic proposition of threat hunting is to use the IT stack in order to produce actionable information. The questions then become how do I do that and where do I get started?

In this webcast, Practice Advisor for Detection and Response, Jeffrey Gardner, Rapid7, will give an overview of threat hunting methodology and the difference between attack based hunting and data based hunting. From there he will provide some examples of different threat hunts he has used successfully throughout his career and will explain how to quickly stand up a threat hunting program within your organization. Lastly, he’ll detail the role of IOC’s and the dependencies necessary to utilize them effectively.
Tune in and walk away with an understanding of:
-How to lay the foundation for success with threat hunting (hint: discipline!)
-How to quickly stand up a threat hunting program within your organization
-How to utilize the treasure trove of resources provided to up-level your threat hunting game
-And more!

Introduced by our friends at ISMG as part of their virtual Cybersecurity & Fraud Chicago Summit, this presentation will outline why cloud security is fundamentally different from traditional data center environments. We’ll explore the top services and errors that have led to large-scale data breaches in the past several years, discuss ways to prevent future breaches, and review a few case studies of prominent breaches.

Change is happening at a rapid rate and footprints are getting larger, which brings new security challenges. We’ve seen insider threats rise and remote work has added even more challenges to our already complex systems and processes. However, there are solutions that can help take the burden off your team.

Learn how a modern SaaS SIEM approach can help:

-Empower your team
-Consolidate visibility
-Automate updates
-Prioritize out-of-the-box detections
-And more
Tune in for this 20-minute talk that discusses how Rapid7 can help you take your detection and response program to the next level.

In early 2021, Rapid7 introduced the Vulnerability Intelligence Report, a new annual research report that highlights exploitation trends, explores attacker use cases, and offers a practical framework for understanding new security threats.

Our 2020 Vulnerability Intelligence Report examines 50 actively exploited and other significant vulnerabilities that shaped the threat landscape in 2020 and presented challenges for many security practitioners. During this webcast, we will discuss:

• Significant vulnerabilities from 2020, including many that were actively and widely exploited
• Key attacker use cases across the CVEs in our 2020 dataset (e.g., vulnerabilities that functioned as network pivots and gave external attackers access to internal networks)
• The prevalence of and potential reasons for patch bypasses in 2020
• Practical takeaways for defenders

The webcast will also feature a technical deep dive on one of the actively exploited vulnerabilities in the report, and two of Rapid7’s offensive security experts will answer your questions on vulnerability analysis, exploit development, and attack trends.

Please join Rapid7’s vulnerability research team for this informative customer-focused webcast. We’re excited to see you there!

Fixing a breach is far more costly than prevention. Organisations are under pressure to act fast. More often than not though, it can be weeks or months before you’ve even realised that you’ve suffered one.

Neil Campbell, Vice President of APJ, outlines six fundamental actions you need to take as part of your security incident handling:

- High-level incident management and coordination
- Technical analysis of the incident
- Incident scoping to determine who or what was affected
- Crisis communications to make sure information is released in a coordinated and beneficial manner
- Legal response to determine any implications and prepare any needed response or action
- Remediation and mitigation recommendations and actions to ensure a smooth recovery

In this real-training-for-free session we will discuss the options for cloud based network traffic analysis and how it differs from on-prem approaches. The use cases for this technology which include:

Security analysts lack visibility within cloud networks. They do not have the visibility they need to troubleshoot operational and security issues within their AWS networks and want to eliminate this blind spot so that they have 'end to end' traffic visibility across all their network.

Security analysts want DPI/full packet analysis in their AWS estates. They want more detail than VPC flow logs to detect security threats and to perform forensics on past events.

Compliance and security personnel want cloud based IDS solutions. IDS is a key requirement for some compliance standards such as PCI

Amazon launched a network traffic mirroring service in 2019 called VPC traffic mirroring. This allows you to span, or copy, network traffic going to and from one or more EC2 Elastic Network Interfaces and send it to a traffic analysis system.

From a security perspective, we can now deploy cloud based out-of-band intrusion detection and analysis tools to look for malicious activity in the network traffic.

During this call we will check out the VPC traffic mirroring feature in AWS and show how to set up a traffic mirroring session to capture activity associated with a number of ENIs. Topics include:

-Mirror Sessions
-Mirror Targets
-Mirror Filters

Using the data captured from this we will then look at how this can be used for incident detection and response.

Join us for this short session as we discuss how to assess your organisation’s risk across multi-cloud and traditional infrastructure environments using visibility and automation.

To get ahead of the attackers, security teams are increasingly moving from prevention only ideologies to focusing on early detection. Successful and comprehensive threat detection requires understanding common adversary techniques, which ones may especially pose a threat to your organization, and how to detect and mitigate these attacks. With that said, the volume and breadth of attack tactics make it nearly impossible for any single organization to monitor every single attack type—never mind catalog and translate those findings in a constructive way to anyone outside of their organization.

Join this webinar to learn more about Gartner’s Security Operations Center (SOC) Visibility Triad, a network-centric approach to threat detection and response and how you can apply it to improve the detection and response capabilities in your organisation.

Today’s security operations–whether part of a formal SOC or not–require IT and Security teams to identify and address threats as quickly and decisively as possible. The growing list of threats, along with their methods of entry, techniques used, and means of detection and resolution have grown to a point where it’s nearly impossible to address manually. Part 4 of 4 of series: Focus on What Matters Most with Detection and Response

As IT ecosystems evolve, so do attackers. Exploitation can happen anywhere across the modern attack surface, from on-premises and cloud infrastructure to web applications. So the scope of your vulnerability risk management (VRM) program can no longer be limited to critical infrastructure.

Web apps have grown in complexity and volume over the past several years, while also becoming the attack vector of choice for threat actors capitalizing on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your testing strategy to practices and languages utilized by your development team. In short: Managing your overall risk must extend to weaknesses in your applications and APIs, not just the structures on which they’re built.

In this webcast, you’ll learn:
- Sandy and James’ thoughts on extending a holistic VRM approach to the application layer
- Best practices and common challenges for a sound VRM strategy
- How James uses both InsightVM and InsightAppSec to secure every layer of the modern environment
- Why it’s so important to have mitigating controls in place for possible exploitation

Security has played a positive role in enabling business over the recent weeks. This has been demonstrated by allowing remote workforces to remain productive and the hard work of security teams to keep operations running. However all this is putting a strain on the internal resources trying to protect their critical business assets from both external attackers and insider threats.

At Rapid7 we are taking a practical role in helping ensure security advice and guidance is available for all, and we will be running a series of talk tracks to help provide a measured perspective on how to remain secure and operational with the resources you have.

Join us for this live talk where Chris Hartley, Director at Rapid7 UK & Ireland, and Warwick Webb, Security Practitioner, will discuss the top 5 reasons why some organisations are looking to augment or outsource their threat detection and response operations including:

· Talent shortage in cybersecurity and why specialisation is key
· Business continuity and the impact of ‘always on’
· Threat intelligence and global visibility of the threat landscape
· Role of threat hunters in incident response

We’ll also be joined by customer, Simon Parry from the Development Bank of Wales to reveal how they are using managed services in their own environment and which elements of managed detection and response are most important the success of their security program.