Hi [[ session.user.profile.firstName ]]

Using Behavior to Detect Intrusions Involving Edge Devices

Any Internet-facing device, appliance, server, or VM is fair game as an initial attack vector to a cyber attacker. They are readily accessible remotely and offer security teams little visibility into whether they are secure, under attack, or compromised.

Additionally, those devices running on a Linux kernel can prove to be valuable assets to an attacker: A Linux device can be made a stealthy persistent foothold from which to pivot and begin attacks on your Windows infrastructure, it can be used to assist in exfiltration, and just because it’s been patched doesn’t mean it hasn’t already been exploited and continues to provide access via web shell. All this while your security team may be unaware these devices are still compromised.

Attackers choosing to pivot and focus on gaining access to your Windows environment, historically expose themselves to detection through indicators of compromise (IoC) on the network, as well as within the Windows OS, applications, and Active Directory. But with many attackers working to hide their tracks, how can organizations detect attacks and trace them back to edge devices?
Recorded May 12 2021 83 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jeffrey Gardner, Nick Cavalancia, Ted Samuels
Presentation preview: Using Behavior to Detect Intrusions Involving Edge Devices

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Building and Maintaining Trust With Your Security Oct 19 2021 4:00 pm UTC 60 mins
    Rapid7 and Panelists
    When it comes to operational security, a holistic risk-based approach allows you to break down every level of your business to provide first-class security for your organization.

    But what are the essential, core pillars of an effective approach to security? From availability to transparency, this session will discuss best practices, use cases, and how to adopt a security program that puts the client and their data at the center.

    This session will give a comprehensive, one-stop shop approach to security, and discuss the essential pillars of cybersecurity that every company should have.

    Join as we discuss:
    - What is meant by “trust,” and how to achieve it
    - The value of transparency, privacy, and availability
    - The state of cybersecurity in 2021
    - Trends and patterns we expect to see in 2022
  • Breaking Down Cloud Security: Securing Your Infrastructure Oct 5 2021 4:00 pm UTC 60 mins
    Rapid7 and Panelists
    Organizations are relying more and more on the flexibility and efficiency provided by cloud services. But it’s important to remember that cloud service providers only take responsibility for some security tasks. The customer is responsible for securing end user data, network traffic, and operating systems, as well as ensuring compliance with industry standards and regulations.

    Cloud platforms also introduce some extra complications for security, such as complex cloud-based security tools, security information silos that make identifying attacks difficult, and attacks that focus on cloud platforms. To address risks and navigate cloud security challenges, you need to find a vulnerability management solution that continuously monitors misconfigurations in cloud networks. But what solution is best for your organization, and what does cloud security look like on a day-to-day basis?

    In this session, we will discuss:
    - How to find vulnerabilities in the cloud
    - Cloud security complications and how to address them
    - How to detect threats and ensure compliance across hybrid and multi-cloud environments
  • How to Stay Ahead of Threats With Deception Technology Sep 21 2021 4:00 pm UTC 60 mins
    Rapid7 and Panelists
    Deception technology deceives attackers by distributing traps and decoys across your system infrastructure. As breaches and attacks become more sophisticated, it is vital that security teams can detect suspicious activity as soon as possible in order to neutralize the threat. Deception technology is also beneficial because it decreases attacker time within the network, reduces alert fatigue, and produces useful metrics that demonstrate indicators of compromise, helping to prevent future breaches.

    When it comes to incident detection, time and context are crucial, and the quicker threats are neutralized the better. Choosing deception technology that recognizes malicious activity early on in the attack chain buys your security team the time needed to respond quickly, and is the difference between a business just keeping up with new threats, and a business that is always one step ahead of attackers.

    In this session, we will discuss:
    - How deception technology provides a 360-degree approach to security
    - Why it’s important to have a deep understanding of attacker behavior
    - How deception technology improves visibility
  • A Comprehensive Guide to User Behavior Analytics Sep 7 2021 4:00 pm UTC 60 mins
    Rapid7 and Panelists
    User behavior analytics (UBA) uncover patterns and insights, and are able to identify intruder compromise, insider threats, and suspicious activity within your network. As UBA is based on behavior, it can detect attacks that bypass threat intelligence, providing alerts earlier on in the attack chain and giving security teams more time to respond.

    Join us in this episode as we uncover the inherent value that UBA can provide, and why it is so useful for unveiling and neutralizing threats.

    In this session, we will discuss:
    - How user behavior analytics can accelerate your incident detection and response
    - Why having insight into user behavior is so critical for businesses today
    - The value of an integrated detection and investigation solution, and how it uses UBA to detect attacks early on
  • How to Protect Against Phishing Attacks at All Business Levels Aug 24 2021 4:00 pm UTC 60 mins
    Rapid7 and Panelists
    In a recent SANS survey, it was found that phishing was observed in 78% of organizations. With this amount of phishing occurring, it is crucial that organizations prepare themselves with effective and impactful phishing protection strategies.

    Though technology alone can’t stop phishing, it can help to reduce the harmful impact of phishing attacks on your business. For example, phishing protection allows employees to report suspected phishing attacks, while also providing your organization with the collaborative tools needed to tackle phishing when it occurs.

    So, given the business benefits of phishing protection, what solution is right for your business?

    In this session, we will discuss:
    - Why phishing protection solutions are a must-have for your business
    - How to help employees more easily report suspected phishing
    - How to provide security teams with the necessary tools to investigate phishing reports
  • Incident Detection and Response: Getting Into the Mindset of an Attacker Aug 10 2021 4:00 pm UTC 60 mins
    Rapid7 and Panelists
    Nowadays, it's not a question of if you'll be breached, but when. Therefore, you need the people, processes, and technology in place to respond quickly and efficiently to attacks.

    While breaches have become a certainty, by adopting the mindset of an attacker, you can detect breaches in your network before they’re able to cause damage. This approach to incident detection and response directly informs the software and services needed to equip security professionals to do their best work.

    In this session, we will discuss:
    - Why it is so important to have an incident detection and response program before you are compromised
    - The kinds of technology solutions needed to support your organization
    - The value of incident detection solutions that adopt the mindset of an attacker, and what this can do for your business
  • 10 Minute Take: How to Accelerate Risk Identification & Threat Remediation Jul 28 2021 2:00 pm UTC 14 mins
    Meaghan Donlon and Jane Man
    Join Rapid7's Meaghan Donlon, Product Marketing for the Detection & Response practice and Jane Mann, Product Management for the Vulnerability Management practice, as they discuss how the Insight Platform can help identify risks and remediate threats more quickly. They will discuss how Rapid7 aims to combat complexity by investing in areas that help drive customer value. Join us for this quick and insightful 10 minute talk!
  • Understanding Ransomware: Prepare and Prevent Jul 27 2021 4:00 pm UTC 60 mins
    Rapid7 and Panelists
    In 2020 ransomware surged by 150%, according to a new Group-IB report. With this level of risk, leaders and security professionals must double down on their vulnerability management while also looking internally to increase operational security.

    A ransomware attack is more than a mere annoyance. It can bring your organization to a crashing halt, while also exposing your sensitive data and negatively impacting your brand reputation. As the risk of a ransomware attack on your organization increases, it’s important to take a look at the prevention and response methods you have in place.

    Join us in this session as we discuss:
    -Why user education is vital to protecting against ransomware attacks
    -Why a disaster recovery plan is a must for your organization
    -Why ransomware attacks are on the rise and methods to secure your organization
  • Securing Every Layer, From Infrastructure to Applications Jul 13 2021 4:00 pm UTC 60 mins
    Rapid7 and Panelists
    Securing every layer of your attack surface is crucial when it comes to staying ahead of threats and vulnerabilities. Though you may have already put solutions in place to secure your infrastructure, if you have not secured your applications, your whole network is at risk. Applications are often used as vectors by attackers—allowing those attackers to jeopardize entire IT ecosystems.

    Evidently, it is not enough to simply secure your infrastructure. But what are the best ways to secure your applications, how can you scan for vulnerabilities in your applications, and how important is monitoring and protection?

    In this session, we will discuss:
    - Why the number of attacks on web applications has doubled since 2019, and what your security teams can do to navigate these risks
    - How monitoring and protection provides critical insight and safeguards for your application security
    - How to achieve success in your web application security testing program
    - Why a holistic approach to application security is 100% necessary today
  • ICER Report Series: 2021 Industry Cyber Exposure Report Deutsche Börse 314 Jul 8 2021 8:00 am UTC 57 mins
    Tod Beardsley, Director of Research, Rapid7 and Daniel Prauser, Manager of Solutions Engineering, Rapid7
    As the world's knowledge workers were driven home amid a pandemic and cases of ransomware ran rampant across the internet, measuring the world's most critical businesses’ internet exposure is more important than ever.

    In this round of Industry Cyber-Exposure Reports (ICERs), researchers at Rapid7 focus on Deutsche Börse 314 companies and evaluate five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staff, and their internal business partners to address.

    These five facets of internet-facing cyber-exposure and risk include:

    1. Authenticated email origination and handling (DMARC)
    2. Encryption standards for public web applications (HTTPS and HSTS)
    3. Version management for web servers and email servers
    4. Risky protocols unsuitable for the internet (RDP, SMB, and Telnet)
    5. The proliferation of vulnerability disclosure programs (VDPs). companies and evaluate five areas of cybersecurity that are both critical to secure to continue doing business on and across the internet, and are squarely in the power of CISOs, their IT security staff, and their internal business partners to address.
  • [APAC] Series: Security - a transformation enabler Jul 1 2021 4:00 am UTC 60 mins
    Matt Rider, Director, Sales Engineering, International and Ash Dunn, Head Of Information Security, OVO Energy
    Go back just a few years and the phrase ‘transformation enabler’ wouldn’t be seen for love nor money with ‘security’. In some quarters it’s still viewed as a cost centre, a handbrake on innovation and a reluctant spend, rather than a way to help the business progress. That was until progressive organisations began to realise its value in the transformation process. As well as how the somewhat ‘forced’ drive (resulting from the global pandemic), to adopt cloud to offer greater experiences and enable distributed workforces, has pushed security firmly into corporate strategy.

    In our third and final webinar, we discuss how you can change the conversation within your organisation. Instead of running from one fire to the next, we outline the tools and practices vital in allowing you to take the time to examine your posture, consolidate and enable the business to transform.
  • A Guide to Vulnerability Risk Management Jun 29 2021 4:00 pm UTC 60 mins
    Tod Beardsley, Director of Research at Rapid7 | Rod Aday, Director, Information Risk Management at Verizon
    The evolution of how we work, from hybrid and distributed employees to the rise of virtualization and the growing adoption of infrastructure-as-a-service (IaaS), has made it increasingly difficult for security teams to monitor and track who is on their network. This increases your overall attack surface.

    Effective vulnerability management begins with complete visibility into your IT environment. This includes your local, remote, cloud, containerized, and virtual infrastructure. But what does visibility look like at all business levels, and how can you achieve a comprehensive risk-based approach to your vulnerability management?

    In this session, we will discuss:
    - The best practices of vulnerability risk management
    - How automation helps to develop vulnerability management
    - Why efficient vulnerability and risk management is so important for today’s enterprise
    - Why it is important to take a risk-based approach to your vulnerability management
  • BrightTalk Originals: Ransomware in the Remote Work Era Jun 29 2021 2:00 pm UTC 61 mins
    Diana Kelley - Security Curve, Nicole Hoffman - GroupSense, Courtney Radke - Fortinet, Patrick Lee - Rapid7
    Phishing and ransomware attacks continue to rise, according to Proofpoint’s State of the Phish report for 2020. Organizations in the U.S. are at risk, the increase in remote work due to the pandemic has fueled a spike in attacks, and phishing attempts are up by 14 percent compared to the previous year.

    Email continues to be the number 1 delivery vehicle, but other social engineering schemes that rely on social media, voicemail (“vishing"), SMS phishing (“smishing”), and malicious USB drops are also of concern for organizations. Ransom demands are also on the rise, but according to the report, paying the ransom is not guaranteed to work as many companies that paid the ransom failed to receive a decryption key.

    Join this month's episode of The (Security) Balancing Act as Diana Kelley and guests discuss why ransomware is surging again, which sectors are most at risk, the threat to enterprises and how it is being used for more than just ransom (ex: distractionware, destructionware, etc).
    - The rise in ransomware under the cloak of the pandemic
    - Why email continues to be the channel of choice
    - The difference between fully automated and human-operated campaigns
    - How to decide whether or not to pay or not to pay the ransom
    - Why your backups may not be immune to ransomware
    - Addressing the threat with best practices

    Speakers
    - Nicole Hoffman, Intelligence Analyst, GroupSense
    - Courtney Radke, CISO for National Retail, Fortinet
    - Patrick Lee, Senior Incident Response Consultant, Rapid7

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • IoT Security Trends: Common IoT Misconfigurations from the Field Jun 24 2021 9:00 am UTC 57 mins
    Aaron Herndon, Principal Security Consultant & Carlota Bindner, Security Consultant
    Join Aaron Herndon and Carlota Bindner as they discuss vulnerabilities and misconfigurations discovered within Internet of Things (IoT) devices. Learn about common trends in IoT devices across different industry verticals, gleaned from real world assessments of hundreds of devices. The discussion is tailored for anyone interested in IoT security, device manufacturers, or security practitioners looking to secure IoT devices designed by their company.
  • Using Behavior to Detect Intrusions Involving Edge Devices Jun 23 2021 3:00 pm UTC 82 mins
    Jeffrey Gardner, Nick Cavalancia, Ted Samuels
    Any Internet-facing device, appliance, server, or VM is fair game as an initial attack vector to a cyber attacker. They are readily accessible remotely and offer security teams little visibility into whether they are secure, under attack, or compromised.

    Additionally, those devices running on a Linux kernel can prove to be valuable assets to an attacker: A Linux device can be made a stealthy persistent foothold from which to pivot and begin attacks on your Windows infrastructure, it can be used to assist in exfiltration, and just because it’s been patched doesn’t mean it hasn’t already been exploited and continues to provide access via web shell. All this while your security team may be unaware these devices are still compromised.

    Attackers choosing to pivot and focus on gaining access to your Windows environment, historically expose themselves to detection through indicators of compromise (IoC) on the network, as well as within the Windows OS, applications, and Active Directory. But with many attackers working to hide their tracks, how can organizations detect attacks and trace them back to edge devices?
  • [APAC] Forrester Analyst Webcast: Vulnerability Management Strategy Jun 23 2021 4:00 am UTC 52 mins
    Sandy Carielli: Principal Analyst, Forrester & James Thompson: Information Security Manager, Hypertherm
    These days, it’s crucial to quickly evolve beyond attacker methods. A successful VRM program should provide enhanced visibility into web applications as well as traditional on-prem and cloud infrastructure. Join R7 customer Hypertherm and Forrester Analyst, Sandy Carielli for an informative webcast.
  • BrightTalk Originals: The Future is Identity-Centric Jun 22 2021 2:00 pm UTC 60 mins
    Diana Kelley - SecurityCurve, Joseph Carson - Thycotic, Dave Farrow - Barracuda, Jeremy Snyder - Rapid7
    Instead of the traditional "castle and moat" model of the past, today the security perimeter is being defined around the identity of the person or the device requesting access. What are organizations doing to protect digital identities in the age of breaches? How are the current trends in identity and access management helping address this issue?

    Join this interactive roundtable discussion with notable security experts to learn more about:
    - The shift to identity-centric security
    - The zero trust mindset
    - What constitutes strong and effective authentication and authorization
    - The role of policy orchestration and enforcement
    - Best practices for protecting identities and managing access across the enterprise

    Panelists:
    - Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic
    - Dave Farrow, VP, Information Security at Barracuda
    - Jeremy Snyder, Sr. Director, Corporate Development, Rapid7

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Critical Elements of a Sound Cybersecurity Practice Live 59 mins
    Josh Harr, Senior Advisory Services Consultant & Anna Hartman, Senior Advisory Services Consultant
    When building a comprehensive cybersecurity program, structure is key. Just like a house, a solid foundation can help you withstand many types of threats. How you approach building your organization’s security program starts with laying groundwork based on some of the proven practices in the industry, and there are multiple security frameworks out there that can help your organisation get started.

    In this webinar, we will break down what you should think about when looking at frameworks and how to choose the best one for your organisation. Join us as we give you key components to think about when building your cybersecurity foundation so that your house—and everything inside it—remains both safe and stable.
  • Zero Trust for the New Normal Recorded: Jun 16 2021 61 mins
    Diana Kelley, SecurityCurve| Mari Galloway, Women's Society of Cyberjutsu | Jonathan Nguyen Duy, Fortinet | Bob Rudis, Rapid7
    Working remotely has become the new normal. This, and many other changes organizations adopted last year in response to the pandemic are likely to stay for the long term. According to Gallup, about two-thirds of U.S. remote workers want to continue to work remotely. So, how can organizations continue to support their growing distributed workforce at a time where reports of security threats have increased by 400% compared to pre-pandemic levels? 

    Here is where the zero-trust approach to security comes into play. 

    Join this month's episode of The (Security) Balancing Act with Diana Kelley and guests as they discuss the emergence of zero trust (“Trust Nothing, Verify Everything”) and what it helps achieve for enterprises in the age of cloud and remote work.

    Viewers will learn about:
    - The evolution of the security perimeter and the shift to zero trust
    - Why zero trust is an approach and not a product
    - Zero Trust Network Access (ZTA) vs. corporate VPN
    - Real-world stories and practical hands-on guidance from people who have deployed a ZTA

    Speakers:
    - Mari Galloway, CEO, Women's Society of Cyberjutsu
    - Jonathan Nguyen Duy, Vice President, Global Field CISO Team, Fortinet
    - Bob Rudis, Chief Data Scientist, Rapid7

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Top 5 Herausforderungen für die IT-Security im Jahr 2021 Recorded: Jun 16 2021 26 mins
    Christian Giebner
    Gartner hat eine umfangreiche Marktforschung durchgeführt, die zeigt, dass die Verantwortlichen für Sicherheit und Risikomanagement ihre Prioritäten in den letzten 12+ Monaten neu ausgerichtet haben, um den Übergang zur Remote-Arbeit sicher zu gestalten und die für viele Unternehmen beschleunigte Transformation zu bewältigen.

    Als Teil dieser Studie hat Gartner die "Top 10 Sicherheitsprojekte" identifiziert, die die veränderten Bedrohungen und neuen Arbeitsweisen widerspiegeln, die durch die Notwendigkeit entstehen, Business Continuity zu priorisieren und Risiken zu reduzieren.

    In diesem Vortrag besprechen wir die laut Gartner wichtigsten 5 Sicherheitsprojekte und Empfehlungen für diese Bereiche geben, die es zu managen gilt und wie man auf Risiken reagieren sollte. Die folgenden Sicherheitsprioritäten werden beleuchtet:

    - Absicherung Ihrer Remote-Mitarbeiter
    - Risikobasiertes Schwachstellenmanagement
    - Erweiterte Erkennung und Reaktion (XDR)
    - Verwaltung der Cloud-Sicherheit (CSPM)
    - Cloud-Zugriffskontrolle (CASB)
Supercharge Your Security Impact
Rapid7 is advancing security with visibility, analytics, and automation delivered through our Insight platform. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organizations. For more information, visit our website rapid7.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Using Behavior to Detect Intrusions Involving Edge Devices
  • Live at: May 12 2021 1:11 pm
  • Presented by: Jeffrey Gardner, Nick Cavalancia, Ted Samuels
  • From:
Your email has been sent.
or close