Hi [[ session.user.profile.firstName ]]

[APAC] The SOC Visibility Triad

To get ahead of the attackers, security teams are increasingly moving from prevention only ideologies to focusing on early detection. Successful and comprehensive threat detection requires understanding common adversary techniques, which ones may especially pose a threat to your organisation, and how to detect and mitigate these attacks. With that said, the volume and breadth of attack tactics make it nearly impossible for any single organisation to monitor every single attack type—never mind catalog and translate those findings in a constructive way to anyone outside of their organisation.

Join this webinar to learn more about Gartner’s Security Operations Center (SOC) Visibility Triad, a network-centric approach to threat detection and response and how you can apply it to improve the detection and response capabilities in your organisation.
Recorded Apr 14 2021 23 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Marcus Eaton - Lead Solutions Engineer, UK & Ireland & Roy Tobin - Detection & Response Services Manager, EMEA
Presentation preview: [APAC] The SOC Visibility Triad

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • ICER Report Series: 2021 Industry Cyber Exposure Report ASX 200 Jun 3 2021 4:00 am UTC 45 mins
    Tod Beardsley, Director of Research and Neil Campbell, VP Sales, APAC
    As the world's knowledge workers were driven home amid a pandemic and cases of ransomware ran rampant across the internet, measuring the world's most critical businesses’ internet exposure is more important than ever.

    In this round of Industry Cyber-Exposure Reports (ICERs), researchers at Rapid7 focus on ASX 200 companies and evaluate five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staff, and their internal business partners to address.

    These five facets of internet-facing cyber-exposure and risk include:

    1. Authenticated email origination and handling (DMARC)
    2. Encryption standards for public web applications (HTTPS and HSTS)
    3. Version management for web servers and email servers
    4. Risky protocols unsuitable for the internet (RDP, SMB, and Telnet)
    5. The proliferation of vulnerability disclosure programs (VDPs).
  • [APAC] Best Practices for Threat Detection and Response for Business Resilience May 27 2021 4:00 am UTC 58 mins
    Matthieu Rider, Director of Sales Engineering, Rapid7 & Ellis Fincham, Incident Detection & Response Specialist, Rapid7
    A Gartner survey suggests that 41% of employees are likely to continue working from home once a return to normal working is permitted. That puts companies under pressure to maintain and improve their security operations even in the pandemic aftermath. Leaders are now developing cybersecurity strategies on how to maintain operations while shifting and dividing workforces safely and efficiently.

    Learn the best practices for scaling threat detection and response programs to levels now required to encompass both remote workers and the office workers, and how to connect your teams and tools for clear communication and complete integration across your tech stack.
  • Demystifying Kubernetes Vulnerabilities & Their Relationship to Risk Management May 26 2021 2:00 pm UTC 59 mins
    Dane Grace, Technical Product Manager at Rapid7 and Nick Cavalancia, Cybersecurity Expert at Ultimate Windows Security
    Containerizing applications has grown in popularity over the years, making Kubernetes a core part of an organization’s critical workloads. Because these containerized applications are Internet-facing, contain access to critical data, or both, they become targets of cyberattacks. And it’s not just the container itself; the target can be Kubernetes, Docker, Linux, or even cloud services hosting the environment.

    What’s missing is visibility into each layer of your Kubernetes clusters and the applications they host; from misconfigurations to needed patches, to the container code itself – without visibility into where your risks are, it’s impossible to form a mitigation and/or remediation plan.

    To add to the problem, containerizing applications and using cloud hosting completely changes who is responsible for security response when vulnerabilities are found, increasing the challenge of ensuring Kubernetes and everything it manages remains secure.

    During this webcast you'll learn about:

    • Exposures within your Kubernetes environment
    • The vulnerabilities that exist at each layer
    • Recent vulnerabilities to check for
  • Angriffserkennung und -abwehr: Aufbauen oder kaufen? May 25 2021 8:00 am UTC 55 mins
    Daniel Prauser Manager, Solutions Engineering
    Die IT Landschaften der Unternehmen unterziehen sich aktuell einer starken Veränderung. Security-Teams stehen vor der Herausforderung die Sicherheit und Sichtbarkeit trotz der steigenden Anzahl an Remote Arbeitsplätzen zu gewährleisten.

    Wenn ein Mitarbeiter remote arbeitet, kann es für Sicherheitsteams eine Herausforderung werden, zu definieren, welches Verhalten für den Benutzeraccount “normal” ist. Wie unterscheidet man nun zwischen einem legitimen und einem verdächtigen Standortwechsel? Wie erkennt man schnell ungewöhnliches Nutzerverhalten, und was passiert dann?

    Wer sich auf die Suche nach einer technologischen Lösung begibt, stößt schnell auf eine ganze Reihe an Abkürzungen: SIEM, IDR, MDR, SOC, UBA, ABA, EDR, IDS und viele andere.

    Ein SIEM-System ist womöglich das bekannteste Tool. Doch ist das für Sie das richtige? Nach welchen Kriterien entscheiden Sie sich? Wann ist es sinnvoll, sich mit dem Aufbau eines eigenen SOC zu beschäftigen? Wann sollte man lieber outsourcen?

    Im Webinar besprechen wir folgende Punkte:

    • Was ist was: Begriffe und deren Einordnung
    • Angriffserkennung und -abwehr: Lösung im Haus vs. Managed Service
    • Anforderungen an das eigene Programm zur Angriffserkennung und -abwehr
    • Wie ausgereift ist IT-Sicherheit in Ihrem Unternehmen?
    • Wann ist es sinnvoll auf Managed Service zu setzen?
    • Was ist für Sie das Richtige?
  • Cloud Security - Understanding Your Total Risk May 20 2021 2:00 pm UTC 26 mins
    Harsharn Puar - Lead Security Solutions Engineer, Cloud & Graeme McMillan - Senior Security Solutions Engineer, UK & Ireland
    Join us for this short session as we discuss how to assess your organisation’s risk across multi-cloud and traditional infrastructure environments using visibility and automation.
  • SOAR: IT Security Automatisieren – Ganz Ohne Code (German) May 20 2021 8:00 am UTC 28 mins
    Phillip Behmer
    Im Durchschnitt benutzen Security-Teams 57 unterschiedliche Produkte. Und selbst wenn es nur 10 sind, reicht dies oftmals schon aus, um einen Mitarbeiter durch den ständigen Kontextwechsel zu überlasten. Berücksichtigt man darüber hinaus die wachsende Komplexität moderner IT-Landschaften und die damit einhergehende Alarmüberflutung, ist es kein Wunder, dass es im Schnitt 279 Tage dauert, bis ein Angriff erkannt und eingedämmt wird.

    Der Einsatz moderner Technologien hingegen ermöglicht es Ihnen zeitintensive Prozesse automatisiert auszuführen. Mit spezialisierten Tools zur Automatisierung & Orchestrierung der gängigen Security-Workflows können Sie Unmengen an Zeit sparen und Ihre Mitarbeiter dort einsetzen, wo menschliches Know-How unverzichtbar ist.

    In unserem Webinar beleuchten wir:

    Welche gängigen Prozesse sich automatisieren lassen
    Wie diese Workflows in der Praxis aussehen
    Welcher Aufwand damit verbunden ist, automatisierte Prozesse einzuführen
    Ein kleiner Ausblick vorweg:

    Onboarding eines neuen Mitarbeiters: 5 Minuten statt 8 Stunden
    Eine Phishing-Alert-Investigation: 5 Minuten statt 75 Minuten
    Schwachstellen-Remediation: Minuten statt Stunden oder gar Tage
    Im Webinar lernen Sie zudem, wie Sie diese Aufgaben mit Hilfe von InsightConnect bewältigen können.
  • [APAC] Managing Cyber Risk from Infrastructure to Cloud May 20 2021 4:00 am UTC 28 mins
    Chris Hartley - UK & Ireland Lead, Matt Rider - Applied Engineering Director & Jeremy Snyder - Snr Director, Cloud Practice
    Adoption of the cloud is rapidly accelerating. One estimate of spending on cloud in 2022 is $360bn, and the agility and ability for businesses to innovate and keep pace is a key driver of this. Businesses are at a variety of stages on their journey - from digital natives born and developed in the cloud, to the majority of organisations who are moving from traditional infrastructure to the cloud. This level of adoption allows organisations to support the evolution of their business and business models.
    During this talk, our panel will discuss some of the many challenges and areas for consideration, including managing cyber risk from traditional infrastructure and managing this risk in the cloud.

    What you will learn:

    • How to mitigate common cyber risks and challenges of cloud migration
    • Explosion of the edge and the impact of shifting to remote working
    • The implications of the growing number of applications to enable workforces and support customers
    • Recommendations of focus points given the pace of change as you migrate to the cloud
  • Integration und Automatisierung gegen Ransomware und andere Bedrohungen (German) May 18 2021 8:00 am UTC 54 mins
    Daniel Prauser
    Die Kompromittierung der eigenen IT-Infrastruktur ist heute keine Frage des "ob" mehr, sondern eine des "wann". Die Kombination aus Cloud und Home Office sowie der Übergang zu DevOps-Modellen mit Containern und Microservices bieten eine Vielzahl neuer Angriffsmöglichkeiten. Traditionelle, signaturbasierte Abwehrmaßnahmen wie etwa Antiviren-Programme sind oft nicht geeignet, aktuelle Angriffsmuster wie etwa Emotet zu erkennen.
    Insbesondere die Gefahr von Zero-Day-Attacken erfordert einerseits ein konsequentes Schwachstellen-Management, um die Angriffsfläche wirkungsvoll zu verringern. Andererseits werden Detection&Response-Systeme benötigt, die einen dennoch erfolgreichen Eindringling früh erkennen und unverzüglich Gegenmaßnahmen einleiten können.
    Die enge Integration beider Systeme sowie ein hoher Grad an Automatisierung sorgen dafür, dass die Zahl der aufwändig zu bearbeitenden falsch-positiven Alarme minimiert und die Untersuchung von Verdachtsfällen erheblich beschleunigt werden.
  • How to Implement a DevSecOps Culture in Your Organization May 13 2021 2:00 pm UTC 62 mins
    Chaim Mazal, VP of InfoSec, ActiveCampaign, Gareth Rushgrove, VP of Product, Snyk, Dane Grace, Technical Product Mgr, Rapid7
    A conversation with Chaim Mazal, ActiveCampaign CISO, on his teams journey to DevSecOps

    Modern development practices have forced organizations to combine development and IT operations under one DevOps umbrella in order to build and release code at a faster rate than ever before. However, due to this newfound developer agility, as well as the widespread use of open source technology in modern applications, companies have found themselves scrambling to keep up with this eye-popping pace of innovation and the amount of risk its introduced.

    Join Chaim Mazal, ActiveCampaign's CISO, as he shares his experience in transforming his teams approach to security at each layer of the technology stack, from development to staging and production, and how he used the right tools and practices to share security responsibilities among different teams to scale security throughout the IT organization.

    In this webinar, Chaim, along with security experts from Rapid7 and Snyk, will walk you through some of the steps he took to implement a DevSecOps culture by:

    Changing the way development and security teams interact
    Choosing the right tools to implement a DevSecOps practice
    Implementing code dependency checks
    Implementing automated security tests in CI/CD
    Implementing threat modeling and risk assessment in your code logic
  • [APAC] How to accelerate innovation through better governance and optimisation May 13 2021 4:00 am UTC 29 mins
    Brian Johson, SVP, Cloud Security Practice
    How do companies improve their security, compliance, and governance while becoming more productive in their multi-cloud environments? More than 70 percent of enterprises today are multi-cloud, either through organic growth, through mergers and acquisitions, or as a corporate strategy. While cloud offers a powerful opportunity to unleash innovation within the enterprise, IT and security teams struggle to devise governance strategies to support that innovation. Join DivvyCloud by Rapid7’s Brian Johnson (co-founder and SVP, Cloud Security Practice) as he discusses how companies can accelerate innovation through better governance and optimisation of their multi-cloud environment.

    This session will cover:

    - The signal and noise problem that many organisations are facing today
    - Why a self-service approach to cloud is the best way to innovate and remain competitive
    - How companies can remain secure and complaint while still going through a self-service culture shift
  • Ransomware in the Remote Work Era May 12 2021 4:00 pm UTC 60 mins
    Diana Kelley, SecurityCurve | Nicole Hoffman, GroupSense | Courtney Radke, Fortinet | Patrick Lee, Rapid7
    Phishing and ransomware attacks continue to rise, according to Proofpoint’s State of the Phish report for 2020. Organizations in the U.S. are at risk, the increase in remote work due to the pandemic has fueled a spike in attacks, and phishing attempts are up by 14 percent compared to the previous year.

    Email continues to be the number 1 delivery vehicle, but other social engineering schemes that rely on social media, voicemail (“vishing"), SMS phishing (“smishing”), and malicious USB drops are also of concern for organizations. Ransom demands are also on the rise, but according to the report, paying the ransom is not guaranteed to work as many companies that paid the ransom failed to receive a decryption key.

    Join this month's episode of The (Security) Balancing Act as Diana Kelley and guests discuss why ransomware is surging again, which sectors are most at risk, the threat to enterprises and how it is being used for more than just ransom (ex: distractionware, destructionware, etc).
    - The rise in ransomware under the cloak of the pandemic
    - Why email continues to be the channel of choice
    - The difference between fully automated and human-operated campaigns
    - How to decide whether or not to pay or not to pay the ransom
    - Why your backups may not be immune to ransomware
    - Addressing the threat with best practices

    Speakers
    - Nicole Hoffman, Intelligence Analyst, GroupSense
    - Courtney Radke, CISO for National Retail, Fortinet
    - Patrick Lee, Senior Incident Response Consultant, Rapid7

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Augmenting Native Cloud Security Services for Financial Services Recorded: May 11 2021 17 mins
    Christopher Hertz, Vice President, Cloud Security at Rapid7
    Appropriate use of native security controls in Amazon Web Services, Microsoft Azure and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organisations struggle with determining when and how to use these native security controls, doing so in a consistent fashion and also understanding how and when to augment these to ensure continuous security and compliance.

    Join Christopher Hertz, Vice President, Cloud Security at Rapid7 as he discusses:
    - How and when to use native cloud security controls
    - Why and when you may want to augment these controls
    - How to leverage automation to gain continuous security and compliance in public cloud
  • ICER Report Series: 2021 Industry Cyber Exposure Report FTSE 350 Recorded: May 6 2021 60 mins
    Tod Beardsley, Director of Research and Matt Rider, Director of Sales Engineering
    As the world's knowledge workers were driven home amid a pandemic and cases of ransomware ran rampant across the internet, measuring the world's most critical businesses’ internet exposure is more important than ever.

    In this round of Industry Cyber-Exposure Reports (ICERs), researchers at Rapid7 focus on FTSE 350 companies and evaluate five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staffs, and their internal business partners to address.

    These five facets of internet-facing cyber-exposure and risk include:

    1. Authenticated email origination and handling (DMARC)
    2. Encryption standards for public web applications (HTTPS and HSTS)
    3. Version management for web servers and email servers (focusing on IIS, nginx, Apache, and Exchange)
    4. Risky protocols unsuitable for the internet (RDP, SMB, and Telnet)
    5. The proliferation of vulnerability disclosure programs (VDPs).

    Tune in as Tod Beardsley, Director of Research and Matt Rider, Director of Sales Engineering discuss the findings and provide recommendations CISOs and security practitioners can take action on.
  • [APAC] Continuous Cloud Security and Compliance for Financial Services Recorded: May 6 2021 32 mins
    Christopher Hertz, VP of Sales for Cloud Solutions, Rapid7 & Thomas Martin: Founder, NephoSec and former CIO at GE
    Financial services organisations are experiencing a culture shift as they respond to consumer demand for improved experiences delivered when and how they want them. Building applications and migrating regulated workloads to the cloud offers an attractive way to speed innovation, reduce time to market, and increase resilience.

    The financial services industry experiences security incidents at 300 percent more frequently than other sectors. The data breaches caused by cloud misconfiguration continue to be rampant, costing enterprises an estimated $5 trillion in 2018 and 2019 alone. Organisations must modify the "command and control" mentality of traditional IT and marry it with a "trust but verify" approach when looking to take advantage of the advantages in public cloud.
    In this session, learn how to identify and implement the systems that are cloud-native, and can help you address the unique challenges of public cloud offerings through automation.
  • [APAC] Augmenting Native Cloud Security Services for Financial Services Recorded: Apr 28 2021 18 mins
    Christopher Hertz, Vice President, Cloud Security at Rapid7
    Appropriate use of native security controls in Amazon Web Services, Microsoft Azure and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organisations struggle with determining when and how to use these native security controls, doing so in a consistent fashion and also understanding how and when to augment these to ensure continuous security and compliance.

    Join Christopher Hertz, Vice President, Cloud Security at Rapid7 as he discusses:
    - How and when to use native cloud security controls
    - Why and when you may want to augment these controls
    - How to leverage automation to gain continuous security and compliance in public cloud
  • Top 5 Security Projects to Drive Business Value & Reduce Risk in 2021 Recorded: Apr 27 2021 37 mins
    Marcus Eaton, Lead Solutions Engineer and he will be joined by Philip Wright, Head of Security at UK challenger bank, Auden
    Gartner have conducted extensive market research to reveal that Security and Risk Management leaders have refocused their priorities over the past 12 months to securely sustain a transition to remote working, and address the transformation which has been accelerated for many organisations.

    As part of this research, Gartner have identified the ‘Top 10 security projects’ to reflect the changing threats and new working practices driven by the need to prioritise business enablement and reduce risk.

    During this live talk, we’ll be discussing 5 of Gartner’s top security projects, recommending the key areas to manage and how to respond to risk. The webinar will be hosted by Marcus Eaton, Lead Solutions Engineer and he will be joined by Philip Wright, Head of Security at UK challenger bank, Auden to discuss the following security priorities;

    - Securing your remote workforce
    - Risk-based vulnerability management
    - Extended detection and response (XDR)
    - Cloud security posture management (CSPM)
    - Cloud access controls (CASB)

    During the session, you’ll also have the opportunity to pose questions to our speakers and we’ll answer these during the Q&A at the end of the webinar.
  • How to accelerate innovation through better governance of your environment Recorded: Apr 26 2021 29 mins
    Brian Johson, SVP, Cloud Security Practice
    How do companies improve their security, compliance, and governance while becoming more productive in their multi-cloud environments? More than 70 percent of enterprises today are multicloud, either through organic growth, through mergers and acquisitions, or as a corporate strategy. While cloud offers a powerful opportunity to unleash innovation within the enterprise, IT and security teams struggle to devise governance strategies to support that innovation. Join DivvyCloud by Rapid7’s Brian Johnson (co-founder and SVP, Cloud Security Practice) as he discusses how companies can accelerate innovation through better governance and optimization of their multi-cloud environment.

    This session will cover:

    - The signal and noise problem that many organizations are facing today
    - Why a self-service approach to cloud is the best way to innovate and remain competitive
    - How companies can remain secure and complaint while still going through a self-service culture shift
  • Continuous Cloud Security and Compliance for Financial Services Recorded: Apr 23 2021 32 mins
    Christopher Hertz, VP of Sales for Cloud Solutions, Rapid7 & Thomas Martin: Founder, NephoSec and former CIO at GE
    Financial services organizations are experiencing a culture shift as they respond to consumer demand for improved experiences delivered when and how they want them. Building applications and migrating regulated workloads to the cloud offers an attractive way to speed innovation, reduce time to market, and increase resilience.

    The financial services industry experiences security incidents at 300 percent more frequently than other sectors. The data breaches caused by cloud misconfiguration continue to be rampant, costing enterprises an estimated $5 trillion in 2018 and 2019 alone. Organizations must modify the "command and control" mentality of traditional IT and marry it with a "trust but verify" approach when looking to take advantage of the advantages in public cloud.
    In this session, learn how to identify and implement the systems that are cloud-native, and can help you address the unique challenges of public cloud offerings through automation.
  • Exploring Emerging Threats, and How to Stay Ahead of Them Recorded: Apr 21 2021 47 mins
    Eoin Miller
    Getting breached is a nightmare scenario, and most organizations that prioritize their information will put smart people and technologies to work as a defensive barrier against anyone who might try to cause trouble. But security is an ongoing process not a guarantee. Known threats can sometimes slip past even the best defensive measures, which is why most security organizations actively look for both known and unknown threats in their environment.

    But as we’ve seen recently with the SolarWinds, Sunburst breach, even the most sophisticated organizations can fall prey to these intelligent attacks. So how can you detect and respond to threats, in the most effective way?

    Tune in as we discuss how to properly leverage:

    -Threat intelligence
    -Analyzing user and attacker behavior analytics
    -Intruder traps
    -Threat hunts
    -And more
  • [APAC] Building a holistic VRM strategy that includes the application layer Recorded: Apr 21 2021 52 mins
    Sandy Carielli: Principal Analyst, Forrester & James Thompson: Information Security Manager, Hypertherm
    As IT ecosystems evolve, so do attackers. Exploitation can happen anywhere across the modern attack surface, from on-premises and cloud infrastructure to web applications. So the scope of your vulnerability risk management (VRM) program can no longer be limited to critical infrastructure.

    Web apps have grown in complexity and volume over the past several years, while also becoming the attack vector of choice for threat actors capitalising on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your testing strategy to practices and languages utilised by your development team. In short: Managing your overall risk must extend to weaknesses in your applications and APIs, not just the structures on which they’re built.

    In this webcast, you’ll learn:
    - Sandy and James’ thoughts on extending a holistic VRM approach to the application layer
    - Best practices and common challenges for a sound VRM strategy
    - How James uses both InsightVM and InsightAppSec to secure every layer of the modern environment
    - Why it’s so important to have mitigating controls in place for possible exploitation
Supercharge Your Security Impact
Rapid7 is advancing security with visibility, analytics, and automation delivered through our Insight platform. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organizations. For more information, visit our website rapid7.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: [APAC] The SOC Visibility Triad
  • Live at: Apr 14 2021 4:00 am
  • Presented by: Marcus Eaton - Lead Solutions Engineer, UK & Ireland & Roy Tobin - Detection & Response Services Manager, EMEA
  • From:
Your email has been sent.
or close