Hi [[ session.user.profile.firstName ]]

[APAC] Series: SOC Automation 101: The Future of Detection and Response

Today’s security operations–whether part of a formal SOC or not–require IT and Security teams to identify and address threats as quickly and decisively as possible. The growing list of threats, along with their methods of entry, techniques used, and means of detection and resolution have grown to a point where it’s nearly impossible to address manually. Part 4 of 4 of series: Focus on What Matters Most with Detection and Response
Recorded Mar 24 2021 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Sydney Coffaro, Senior Technical Advisor, SOAR at Rapid7 and Jeffrey Gardner, Practice Advisor at Rapid7
Presentation preview: [APAC] Series: SOC Automation 101: The Future of Detection and Response

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Augmenting Native Cloud Security Services for Financial Services May 11 2021 2:00 pm UTC 17 mins
    Christopher Hertz, Vice President, Cloud Security at Rapid7
    Appropriate use of native security controls in Amazon Web Services, Microsoft Azure and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organisations struggle with determining when and how to use these native security controls, doing so in a consistent fashion and also understanding how and when to augment these to ensure continuous security and compliance.

    Join Christopher Hertz, Vice President, Cloud Security at Rapid7 as he discusses:
    - How and when to use native cloud security controls
    - Why and when you may want to augment these controls
    - How to leverage automation to gain continuous security and compliance in public cloud
  • ICER Report Series: 2021 Industry Cyber Exposure Report FTSE 350 May 6 2021 9:00 am UTC 45 mins
    Tod Beardsley, Director of Research and Matt Rider, Director of Sales Engineering
    As the world's knowledge workers were driven home amid a pandemic and cases of ransomware ran rampant across the internet, measuring the world's most critical businesses’ internet exposure is more important than ever.

    In this round of Industry Cyber-Exposure Reports (ICERs), researchers at Rapid7 focus on FTSE 350 companies and evaluate five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address.

    These five facets of internet-facing cyber-exposure and risk include:

    1. Authenticated email origination and handling (DMARC)
    2. Encryption standards for public web applications (HTTPS and HSTS)
    3. Version management for web servers and email servers (focusing on IIS, nginx, Apache, and Exchange)
    4. Risky protocols unsuitable for the internet (RDP, SMB, and Telnet)
    5. The proliferation of vulnerability disclosure programs (VDPs).

    Tune in as Tod Beardsley, Director of Research and Matt Rider, Director of Sales Engineering discuss the findings and provide recommendations CISOs and security practitioners can take action on.
  • [APAC] Augmenting Native Cloud Security Services for Financial Services Apr 28 2021 4:00 am UTC 18 mins
    Christopher Hertz, Vice President, Cloud Security at Rapid7
    Appropriate use of native security controls in Amazon Web Services, Microsoft Azure and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organisations struggle with determining when and how to use these native security controls, doing so in a consistent fashion and also understanding how and when to augment these to ensure continuous security and compliance.

    Join Christopher Hertz, Vice President, Cloud Security at Rapid7 as he discusses:
    - How and when to use native cloud security controls
    - Why and when you may want to augment these controls
    - How to leverage automation to gain continuous security and compliance in public cloud
  • Top 5 Security Projects to Drive Business Value & Reduce Risk in 2021 Apr 27 2021 2:00 pm UTC 37 mins
    Marcus Eaton, Lead Solutions Engineer and he will be joined by Philip Wright, Head of Security at UK challenger bank, Auden
    Gartner have conducted extensive market research to reveal that Security and Risk Management leaders have refocused their priorities over the past 12 months to securely sustain a transition to remote working, and address the transformation which has been accelerated for many organisations.

    As part of this research, Gartner have identified the ‘Top 10 security projects’ to reflect the changing threats and new working practices driven by the need to prioritise business enablement and reduce risk.

    During this live talk, we’ll be discussing 5 of Gartner’s top security projects, recommending the key areas to manage and how to respond to risk. The webinar will be hosted by Marcus Eaton, Lead Solutions Engineer and he will be joined by Philip Wright, Head of Security at UK challenger bank, Auden to discuss the following security priorities;

    - Securing your remote workforce
    - Risk-based vulnerability management
    - Extended detection and response (XDR)
    - Cloud security posture management (CSPM)
    - Cloud access controls (CASB)

    During the session, you’ll also have the opportunity to pose questions to our speakers and we’ll answer these during the Q&A at the end of the webinar.
  • How to accelerate innovation through better governance and optimization of your Apr 26 2021 9:00 am UTC 29 mins
    Brian Johson, SVP, Cloud Security Practice
    How do companies improve their security, compliance, and governance while becoming more productive in their multi-cloud environments? More than 70 percent of enterprises today are multicloud, either through organic growth, through mergers and acquisitions, or as a corporate strategy. While cloud offers a powerful opportunity to unleash innovation within the enterprise, IT and security teams struggle to devise governance strategies to support that innovation. Join DivvyCloud by Rapid7’s Brian Johnson (co-founder and SVP, Cloud Security Practice) as he discusses how companies can accelerate innovation through better governance and optimization of their multi-cloud environment.

    This session will cover:

    - The signal and noise problem that many organizations are facing today
    - Why a self-service approach to cloud is the best way to innovate and remain competitive
    - How companies can remain secure and complaint while still going through a self-service culture shift
  • Continuous Cloud Security and Compliance for Financial Services Apr 23 2021 9:00 am UTC 32 mins
    Christopher Hertz, VP of Sales for Cloud Solutions, Rapid7 & Thomas Martin: Founder, NephoSec and former CIO at GE
    Financial services organizations are experiencing a culture shift as they respond to consumer demand for improved experiences delivered when and how they want them. Building applications and migrating regulated workloads to the cloud offers an attractive way to speed innovation, reduce time to market, and increase resilience.

    The financial services industry experiences security incidents at 300 percent more frequently than other sectors. The data breaches caused by cloud misconfiguration continue to be rampant, costing enterprises an estimated $5 trillion in 2018 and 2019 alone. Organizations must modify the "command and control" mentality of traditional IT and marry it with a "trust but verify" approach when looking to take advantage of the advantages in public cloud.
    In this session, learn how to identify and implement the systems that are cloud-native, and can help you address the unique challenges of public cloud offerings through automation.
  • Exploring Emerging Threats, and How to Stay Ahead of Them Apr 21 2021 2:00 pm UTC 47 mins
    Eoin Miller
    Getting breached is a nightmare scenario, and most organizations that prioritize their information will put smart people and technologies to work as a defensive barrier against anyone who might try to cause trouble. But security is an ongoing process not a guarantee. Known threats can sometimes slip past even the best defensive measures, which is why most security organizations actively look for both known and unknown threats in their environment.

    But as we’ve seen recently with the SolarWinds, Sunburst breach, even the most sophisticated organizations can fall prey to these intelligent attacks. So how can you detect and respond to threats, in the most effective way?

    Tune in as we discuss how to properly leverage:

    -Threat intelligence
    -Analyzing user and attacker behavior analytics
    -Intruder traps
    -Threat hunts
    -And more
  • [APAC] Building a holistic VRM strategy that includes the application layer Apr 21 2021 4:00 am UTC 52 mins
    Sandy Carielli: Principal Analyst, Forrester & James Thompson: Information Security Manager, Hypertherm
    As IT ecosystems evolve, so do attackers. Exploitation can happen anywhere across the modern attack surface, from on-premises and cloud infrastructure to web applications. So the scope of your vulnerability risk management (VRM) program can no longer be limited to critical infrastructure.

    Web apps have grown in complexity and volume over the past several years, while also becoming the attack vector of choice for threat actors capitalising on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your testing strategy to practices and languages utilised by your development team. In short: Managing your overall risk must extend to weaknesses in your applications and APIs, not just the structures on which they’re built.

    In this webcast, you’ll learn:
    - Sandy and James’ thoughts on extending a holistic VRM approach to the application layer
    - Best practices and common challenges for a sound VRM strategy
    - How James uses both InsightVM and InsightAppSec to secure every layer of the modern environment
    - Why it’s so important to have mitigating controls in place for possible exploitation
  • ICER Report Series: 2021 Industry Cyber Exposure Report Fortune 500 Apr 20 2021 2:00 pm UTC 60 mins
    Tod Beardsley, Director of Research, Bob Rudis, Chief Data Security Scientist
    As the world's knowledge workers were driven home amid a pandemic and cases of ransomware ran rampant across the internet, measuring the world's most critical businesses’ internet exposure is more important than ever. In this round of Internet Cyber-Exposure Reports (ICERs), researchers at Rapid7 evaluated five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address.

    These five facets of internet-facing cyber-exposure and risk include:

    1. Authenticated email origination and handling (DMARC)
    2. Encryption standards for public web applications (HTTPS and HSTS)
    3. Version management for web servers and email servers (focusing on IIS, nginx, Apache, and Exchange)
    4. Risky protocols unsuitable for the internet (RDP, SMB, and Telnet)
    5. The proliferation of vulnerability disclosure programs (VDPs).

    Tune in as Tod Beardsley, Director of Research and Bob Rudis, Chief Data Scientist discuss their findings and provide recommendations CISOs and security practitioners can take action on.
  • Cloud-Native DevOps: Speed, Scale, Efficiency Apr 19 2021 3:00 pm UTC 60 mins
    Helen Beal - Chief Ambassador at DevOps Institute | Gadi Naor - Rapid7 | Raghu Thummisi - Radware
    According to IDC, 80% of application development will occur on cloud platforms using 2021. The benefits of cloud-native applications - including automation, flexibility and faster time to market - can be championed and scaled with a cloud-native DevOps set-up.

    But what is cloud-native DevOps? And how is it different from ‘standard’ DevOps?

    Join us for episode 13 of Day-to-Day DevOps to find out. Host Helen Beal, Chief Ambassador of DevOps Institute, and guests will be discussing:

    - What makes cloud-native DevOps different from other DevOps iterations
    - The business benefits of agile, resilient and observable cloud-native DevOps
    - How the automation and scalability benefits of Kubernertes and containers can supercharge your DevOps teams
    - Cultural changes that cloud-native DevOps requires
    - And more

    Guests:
    Venkat Thummisi - Global Cyber security Market Strategist at Radware
    Gadi Naor - VP, Software Engineering, Cloud Security at Rapid7
  • [APAC] The SOC Visibility Triad Recorded: Apr 14 2021 23 mins
    Marcus Eaton - Lead Solutions Engineer, UK & Ireland & Roy Tobin - Detection & Response Services Manager, EMEA
    To get ahead of the attackers, security teams are increasingly moving from prevention only ideologies to focusing on early detection. Successful and comprehensive threat detection requires understanding common adversary techniques, which ones may especially pose a threat to your organisation, and how to detect and mitigate these attacks. With that said, the volume and breadth of attack tactics make it nearly impossible for any single organisation to monitor every single attack type—never mind catalog and translate those findings in a constructive way to anyone outside of their organisation.

    Join this webinar to learn more about Gartner’s Security Operations Center (SOC) Visibility Triad, a network-centric approach to threat detection and response and how you can apply it to improve the detection and response capabilities in your organisation.
  • Effective Security Incident Handling Recorded: Apr 13 2021 17 mins
    Neil Campbell, Vice President APJ
    Fixing a breach is far more costly than prevention. Organisations are under pressure to act fast. More often than not though, it can be weeks or months before you’ve even realised that you’ve suffered one.

    Neil Campbell, Vice President of APJ, outlines six fundamental actions you need to take as part of your security incident handling:

    - High-level incident management and coordination
    - Technical analysis of the incident
    - Incident scoping to determine who or what was affected
    - Crisis communications to make sure information is released in a coordinated and beneficial manner
    - Legal response to determine any implications and prepare any needed response or action
    - Remediation and mitigation recommendations and actions to ensure a smooth recovery
  • Threat Hunting: Attack vs. Data: What You Need to Know About Threat Hunting Recorded: Apr 7 2021 28 mins
    Jeffrey Gardner
    While the term “threat hunting” has become increasingly popular in recent years it’s actually a practice that many mature teams were practicing in some form of another. The basic proposition of threat hunting is to use the IT stack in order to produce actionable information. The questions then become how do I do that and where do I get started?

    In this webcast, Practice Advisor for Detection and Response, Jeffrey Gardner, Rapid7, will give an overview of threat hunting methodology and the difference between attack based hunting and data based hunting. From there he will provide some examples of different threat hunts he has used successfully throughout his career and will explain how to quickly stand up a threat hunting program within your organization. Lastly, he’ll detail the role of IOC’s and the dependencies necessary to utilize them effectively.
    Tune in and walk away with an understanding of:
    -How to lay the foundation for success with threat hunting (hint: discipline!)
    -How to quickly stand up a threat hunting program within your organization
    -How to utilize the treasure trove of resources provided to up-level your threat hunting game
    -And more!
  • [APAC] Anatomy of a Cloud Breach Recorded: Apr 7 2021 26 mins
    Jeremy Synder, Senior Director of Business Development and Solutions Engineering, Cloud Security Practice
    Introduced by our friends at ISMG as part of their virtual Cybersecurity & Fraud Chicago Summit, this presentation will outline why cloud security is fundamentally different from traditional data center environments. We’ll explore the top services and errors that have led to large-scale data breaches in the past several years, discuss ways to prevent future breaches, and review a few case studies of prominent breaches.
  • 5 Security Trends Driving Threat Detection & Response Priorities Today Recorded: Apr 6 2021 23 mins
    Meg Donlan
    Change is happening at a rapid rate and footprints are getting larger, which brings new security challenges. We’ve seen insider threats rise and remote work has added even more challenges to our already complex systems and processes. However, there are solutions that can help take the burden off your team.

    Learn how a modern SaaS SIEM approach can help:

    -Empower your team
    -Consolidate visibility
    -Automate updates
    -Prioritize out-of-the-box detections
    -And more
    Tune in for this 20-minute talk that discusses how Rapid7 can help you take your detection and response program to the next level.
  • 2020 Vulnerability Intelligence Report Webcast Recorded: Apr 1 2021 55 mins
    Caitlin Condon Manager Engineering, Spencer McIntyre Lead Security Researcher, William Vu Sr Security Researcher at Rapid7
    In early 2021, Rapid7 introduced the Vulnerability Intelligence Report, a new annual research report that highlights exploitation trends, explores attacker use cases, and offers a practical framework for understanding new security threats.

    Our 2020 Vulnerability Intelligence Report examines 50 actively exploited and other significant vulnerabilities that shaped the threat landscape in 2020 and presented challenges for many security practitioners. During this webcast, we will discuss:

    • Significant vulnerabilities from 2020, including many that were actively and widely exploited
    • Key attacker use cases across the CVEs in our 2020 dataset (e.g., vulnerabilities that functioned as network pivots and gave external attackers access to internal networks)
    • The prevalence of and potential reasons for patch bypasses in 2020
    • Practical takeaways for defenders

    The webcast will also feature a technical deep dive on one of the actively exploited vulnerabilities in the report, and two of Rapid7’s offensive security experts will answer your questions on vulnerability analysis, exploit development, and attack trends.

    Please join Rapid7’s vulnerability research team for this informative customer-focused webcast. We’re excited to see you there!
  • [APAC] Effective Security Incident Handling Recorded: Mar 31 2021 17 mins
    Neil Campbell, Vice President APJ
    Fixing a breach is far more costly than prevention. Organisations are under pressure to act fast. More often than not though, it can be weeks or months before you’ve even realised that you’ve suffered one.

    Neil Campbell, Vice President of APJ, outlines six fundamental actions you need to take as part of your security incident handling:

    - High-level incident management and coordination
    - Technical analysis of the incident
    - Incident scoping to determine who or what was affected
    - Crisis communications to make sure information is released in a coordinated and beneficial manner
    - Legal response to determine any implications and prepare any needed response or action
    - Remediation and mitigation recommendations and actions to ensure a smooth recovery
  • Network Traffic Visibility in the Cloud Recorded: Mar 30 2021 67 mins
    Darragh Delaney, Sr. Product Manager, D&R and Morgan Doyle, Consulting Software Engineer, D&R
    In this real-training-for-free session we will discuss the options for cloud based network traffic analysis and how it differs from on-prem approaches. The use cases for this technology which include:

    Security analysts lack visibility within cloud networks. They do not have the visibility they need to troubleshoot operational and security issues within their AWS networks and want to eliminate this blind spot so that they have 'end to end' traffic visibility across all their network.

    Security analysts want DPI/full packet analysis in their AWS estates. They want more detail than VPC flow logs to detect security threats and to perform forensics on past events.

    Compliance and security personnel want cloud based IDS solutions. IDS is a key requirement for some compliance standards such as PCI

    Amazon launched a network traffic mirroring service in 2019 called VPC traffic mirroring. This allows you to span, or copy, network traffic going to and from one or more EC2 Elastic Network Interfaces and send it to a traffic analysis system.

    From a security perspective, we can now deploy cloud based out-of-band intrusion detection and analysis tools to look for malicious activity in the network traffic.

    During this call we will check out the VPC traffic mirroring feature in AWS and show how to set up a traffic mirroring session to capture activity associated with a number of ENIs. Topics include:

    -Mirror Sessions
    -Mirror Targets
    -Mirror Filters

    Using the data captured from this we will then look at how this can be used for incident detection and response.
  • [APAC] Cloud Security - Understanding Your Total Risk Recorded: Mar 29 2021 26 mins
    Harsharn Puar - Lead Security Solutions Engineer, Cloud & Graeme McMillan - Senior Security Solutions Engineer, UK & Ireland
    Join us for this short session as we discuss how to assess your organisation’s risk across multi-cloud and traditional infrastructure environments using visibility and automation.
  • The SOC Visibility Triad Recorded: Mar 25 2021 23 mins
    Marcus Eaton - Lead Solutions Engineer, UK & Ireland & Roy Tobin - Detection & Response Services Manager, EMEA
    To get ahead of the attackers, security teams are increasingly moving from prevention only ideologies to focusing on early detection. Successful and comprehensive threat detection requires understanding common adversary techniques, which ones may especially pose a threat to your organization, and how to detect and mitigate these attacks. With that said, the volume and breadth of attack tactics make it nearly impossible for any single organization to monitor every single attack type—never mind catalog and translate those findings in a constructive way to anyone outside of their organization.

    Join this webinar to learn more about Gartner’s Security Operations Center (SOC) Visibility Triad, a network-centric approach to threat detection and response and how you can apply it to improve the detection and response capabilities in your organisation.
Supercharge Your Security Impact
Rapid7 is advancing security with visibility, analytics, and automation delivered through our Insight platform. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organizations. For more information, visit our website rapid7.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: [APAC] Series: SOC Automation 101: The Future of Detection and Response
  • Live at: Mar 24 2021 3:00 am
  • Presented by: Sydney Coffaro, Senior Technical Advisor, SOAR at Rapid7 and Jeffrey Gardner, Practice Advisor at Rapid7
  • From:
Your email has been sent.
or close