Into the breach: Lessons learned from targeted attacks
This presentation will highlight lessons learned from many years of responding to targeted attacks by nation state actors and other groups. We will highlight why adversaries continue to successfully compromise their targets at-will, and provide insight to the investigative techniques and security controls that can keep-pace with attacker methodologies. (Hint: there are no silver bullets, and buying more security widgets is not always the answer to these challenges!) We’ll discuss the benefits, and potential pitfalls, of the emerging market for “threat intelligence”. Finally, we'll take the risk of predicting the future and provide some thoughts on how targeted attacks and state-sponsored threats may continue to evolve.
- Identify frequently-missed blind-spots and operational failures that help attackers persist in a compromise environment
- Discover how to better utilise existing resources and technologies to reduce the time gaps between successful compromise, detection, and remediation
- Identify which approaches to remediation have been most successful at driving attackers out of a compromised environment and limiting the likelihood of re-compromise
- Understand how targeted and state-sponsored attackers are evolving their methodologies in response to increased exposure and analysis
- Learn practical ways in which threat intelligence can be utilised to detect and respond to attackers
RecordedJul 7 201549 mins
Your place is confirmed, we'll send you email reminders
Stuart McKenzie, VP of EMEA, Mandiant. Gerasimos Stellatos, Director, Mandiant.
Major events of 2016 have created great uncertainty about the future, but in cyber security one thing is certain: Some attacks and crimes will continue and new challenges will emerge.
What new developments in cyber security should you expect in 2017?
Join us to hear from some of FireEye top experts about our predictions for 2017 which draw from our executive team, Mandiant incident responders, FireEye iSIGHT Intelligence and FireEye Labs. These insights include:
•What investments in security organizations will make in 2017
•Which industry or type of organization might unexpectedly become a target of threat groups in 2017
•How threat groups will continue to target industrial control systems (ICS) in the near future
•What the future hold for less security-mature regions in Asia Pacific and EMEA
Register today to understand what lies ahead, so you can prepare to stay one step ahead of cyber security threats.
Mandiant, a FireEye company, has recently discovered the use of Shamoon malware targeting GCC based organizations. The identified malware exhibits destructive behavior on Windows based Operating systems. The malware uses a signed RawDisk driver from EldoS. Mandiant suspects the objective of the malware is to render a disk unbootable.
Join Stuart Davis as he details what you need to know to protect against this type of malware recently seen in the Middle East.
Josh Goldfarb, VP, CTO - Emerging Technologies, FireEye, Inc.
Tis the season of predictions looking ahead to 2017 and paying lip service to the threat landscape. Not a fan of either of those? You’re not alone. Join FireEye in this BrightTalk webinar where we’ll discuss more than just the threats that may or may not be awaiting us in 2017. We’ll discuss real attacker tactics and techniques, along with how you can actually counter the risk they present.
Adrian Taylor, Field CTO, EMEA Global Accounts, FireEye
FireEye commissioned independent technology market research specialist Vanson Bourne to undertake a research in order to better understand the role security plays in the boardroom. The study was formed from interviewing 100 UK Chief Security Officers (CSOs) and details information about the security responsibilities of today’s members of the boardroom, as well as addressing the notion of what the ideal security conscious boardroom roles should look like.
In this webinar, Adrian Taylor FireEye’s Field CTO for EMEA Global Accounts will discuss the results of this research project and answer the following questions:
Is the risk register adequately prioritised and managed within the boardroom?
Is the role of the CSO still fit for purpose?
What could the secure boardroom of the future look like?
Stellen Sie sich folgendes vor: Sie sind in der Geschäftsführung und haben erfahren, das Cyber Kriminelle die Systeme Ihres Unternehmens komprimiert haben. Haben Sie einen Krisen-Kommunikationsplan bereit zur Sicherstellung, dass die richtigen Akteure zur richtigen Zeit informiert werden, um die Auswirkungen zu verringern?
Kein Sorge, Sie sind nicht allein!
Obwohl die meisten Unternehmen einen Krisen-Kommunikationsplan für andere Ereignisse haben, sind viele doch eher schlecht vorbereitet, wenn es um die Kommunikation, vor und nach einem Cyber Angriff, mit internen und externen Interessenvertretern geht.
Nehmen Sie an diesem Webinar teil, wo Martin Krumboeck, Senior Consultant bei Mandiant, erörtert:
-Wie man einen Krisen-Kommunikationsplan erstellt
-Wann und Wie werden Kunden informiert
-Wann und Wie sollte auf Medienanfragen reagiert werden
-Wie kann sich das Senior Level vorbereiten
-Wie der richtige Plan, die Auswirkungen eines Angriffs reduzieren kann
-Reale Fallstudien, welche die Auswirkungen aufzeigen, wenn ein Cyber Krisen-Management-Plan vorhanden ist
Rajiv Raghunarayan, Sr. Director, Product Marketing, FireEye. Robert Westervelt, Research Manager, IDC.
Advanced threats continue to grow in severity, complexity and reach as threat actors expand their attacks to hit soft targets. Adding to this, as business workloads move to the cloud, and as shadow IT continues to proliferate, unforeseen security gaps expose new vectors for exploit and abuse.
Attacks are not just targeting the core of a network, nor are they limited to just large scale enterprises. More and more, threat actors are aiming at vulnerable endpoints, distributed network environments and porous perimeter defenses. To combat this, security solutions need to be as agile as today’s threat actors.
In this webinar, we will discuss the changing threat landscape and how today’s threat actors and advanced malware are impacting businesses of all sizes and types. Additionally, we will examine new security solutions and deployment models that provide agility, flexibility and widespread protective reach that scales and grows with IT and security needs.
Josh Goldfarb, VP, CTO - Emerging Technologies, FireEye & Roger Francis, Senior Consultant - Mandiant a FireEye Company
When the majority of people think about data protection, they often focus on encryption. Whether the data is at rest, or in transit, the assumption is that cryptographic protocols alone will thwart any attackers attempts to gain access to sensitive data. Whilst there is no doubt that encryption is a core component of an effective data protection strategy, advanced attackers have come up with some creative techniques for circumventing controls.
Join FireEye/Mandiant in this webinar to run through some real-world case studies, and discuss data exfiltration techniques.
Nathan Martz, Principal Strategic Consultant, Central Europe, Mandiant
The European Cybersecurity policy - the Network Information Security (NIS) Directive - is about to become the new law that sets security standards for many organisations across Europe.
Recent research carried out by FireEye shows that many organisations are not fully prepared to implement the legislation, which comes into effect in less than two years' time, and it is critical these organisations begin preparing now to be in compliance and not be caught unprepared.
In this webinar, Mandiant’s Nathan Martz, Principal Strategic Consultant for Central Europe, will cover:
-The basics of the European Cybersecurity policy - the Network Information Security (NIS) Directive
-Timeline, key components and possible penalties for noncompliance
-Practical recommendations on compliance and security standards to keep your company prepared
Vitor De Souza, VP, Global Communications, FireEye
Imagine this scenario: you’re a business leader, and you learn that cyber attackers have compromised your organisation’s systems. Do you have a crisis communication plan in place to ensure the right stakeholders are informed at the right time to reduce impact?
Don’t worry you’re not alone. Although, most organisations plan for crisis communications for other incidents, many are ill-prepared when it comes to communicating with internal and external stakeholders during and after cyber attacks.
Join this webinar, where Vitor De Souza, VP Global Communications at FireEye, will discuss:
•How to create a cyber crisis communication plan
•When should customers be told and how they will be informed
•How and when to respond to media queries
•How to prepare the c-suite
•How the right plan can reduce the impact of a data breach
•Real-life case studies showing the impact of having a cyber crisis management plan in place
The cyber threat landscape has never been more dynamic, than what we are seeing today. With an expanding surface area for attacks and a cybercriminal ecosystem worth billion of dollars on a global scale, cybercriminals are constantly pursuing new methods to obtain financial funds.
It is no different in the Nordics – a region that is well known for its natural resources, innovations in renewable energy and healthcare, proximity to the Arctic, and emphasis on transparency in government is also a prime target for cybercriminals. These unique attributes make the region a prime target for cyber threat groups looking to capitalize on Nordic countries’ robust economies and distinct geopolitical concerns.
Join Jens Monrad, Senior Intelligence Account Analyst at FireEye, who will discuss:
* The Threat Landscape in the Nordics
* Trends and Insights in Malware detections across the Nordics
* Geopolitical situations which can influence the threat landscape in the Nordics
* How having accurate and enriched threat intelligence can enable organisations to make tactical, operation and strategic decisions.
Register today and learn what tools, processes and information organisations need in order to allow them to fully reconstruct the attack scenario and help make the right decisions based on the attack, as well as prepare for the next one.
David Grout, Technical Director, Southern Europe, FireEye
Les SOC D’aujourd’hui se détournent de leur métier de base en devenant des centres de gestion d’alertes. Nous vous présenterons comment l’apport de la cyberveille peut permettre aux équipes de passer d’un mode réactif qui gère des alertes à un modèle proactif axé sur la chasse aux indicateurs et aux groupes d’assaillants présents sur vos environnements IT.
Join Stuart Davis – Director, Mandiant Consulting a FireEye company in this webinar to see how a real life organisation responded to a recent cyber breach involving an advanced cyber threat group (APT). Stuart will explain what happens when an organisation does not have the resources or skills to respond to cyber threat activity and will address how a third party incident response team can extend the internal CSIRT capabilities. He will walk through the stages of Mandiant Consultings enterprise incident response, show how cyber threat intelligence can enrich the information at hand to help these cyber investigators and finally discuss how remediation plans can be put in place to help contain an incident and bring the organisation back to normal business operations.
Sven Schriewer, Director, FireEye as a Service, FireEye
Was macht überhaupt ein Analyst? Welche Abläufe finden wie statt? Welche Unterstützung benötigt ein Analyst, um effektiv zu sein. Und und und … .
Möchte man ein SOC auf- oder ausbauen oder eine entsprechende SOC Aktivität extern unterstützen lassen, stellen sich solche und viele andere praktische Fragen. Wir geben einen Einblick, wie FireEye Analysten aus unserem SOC tagtäglich arbeiten. Ein Security Analyst berichtet von seiner täglichen Arbeit, wie er Angreifer im Zusammenspiel mit Spezialisten, Technologie und Intelligence identifiziert und Empfehlungen zur Abwehr gibt. Der SOC Direktor erläutert, wie die Analysten unterstützt und koordiniert werden.
Nick Rossmann, Senior Manager for Production, FireEye iSIGHT Intelligence
Russia has a long history of utilising cyber actions to accomplish their information operations and national security goals. Organisations in Europe – in the private and public sector – are a top target of Russia-based cyber activity for espionage and crime. This talk will cover how some of Russia’s recent cyber actions were conducted, and it will highlight how well Russia has embraced the opportunities cyber provides when it comes to national security and foreign policy objectives. Dan McWhorter, Chief Intelligence Strategist at FireEye, will also discuss why organisations need to take note of these activities in Russia and steps to ensure your organisation is able to defend against these threats.
David Grout, Technical Director, Southern Europe, FireEye
Aujourd’hui la question n’est plus “vais-je être victime d’une attaque ou d’une tentative d’attaque ? » mais plutôt « quand vais-je l’être ? ». Comme pour le sport de haut niveau, la gestion de la sécurité d’une infrastructure nécessite de la préparation, de l’entrainement et de la compétition. Fort de notre expérience en victimologie avec nos équipes Mandiant et de notre vision des groupes d’attaquants à travers Isight Partners, nous avons mis en place différents programmes qui vous permettent d’être prêt le jour J et de régir le cas échéant. Venez découvrir comment nous pouvons vous accompagner dans toutes les phases amont et aval à travers nos prestations de consulting.
Immer größer wird die Anzahl der Unternehmen die ihre IT-Services teilweise oder ganz an Clouddienstleister abgeben. Dies führt zu einem erhöhten Aufwand und einigen Komplikationen wenn es zu Sicherheitsvorfällen kommt.
In diesem Webinar präsentiert Mathias Fuchs Strategien wie Unternehmen trotzdem effizient Sicherheitsvorfälle untersuchen und eindämmen können. Anhand einer Fallstudie wir gezeigt wie sich cloudbasierte Untersuchungen von herkömmlichen unterscheiden.
Many Security Operation Centers operate in a reactive mode. They primarily respond to alerts that are being presented to them by implemented detection technologies. And we all know alerts are generated in overwhelming volumes, severely crippling SOC’s effectiveness and efficiency. Today’s threat landscape requires SOCs to operate ever more proactively to keep up with the threat actors. More and more SOCs therefor are actively ‘hunting’ for threats that may be residing in the environment they are to defend. ‘Hunting' however requires a different approach from the traditional, reactive mode, not least for the SOC experts themselves.
Join Matias Bevilacqua, Mandiant Principal Incident Response Consultant, as he discusses tips and tricks for hunting for those lurking threats: what to look for, what tools to use, etc.? You will leave the session with some hands-on material to start turning over stones and uncover threats you never knew were there.
Jens Monrad, Global Threat Intelligence Liaison, FireEye; Al Maslowski-Yerges Manager, Americas Systems Engineering
The ongoing battle with cybercrime is asymmetric. You’ve invested millions in protection technology but unknown attackers still find a way in. So how do you stay ahead of the curve?
"The core problem is that most cyber security tools do not make a distinction between everyday malware and advanced targeted attacks. If security tools cannot tell the difference, security teams have no way of prioritizing the alerts that matter the most."
Join Jens Monrad, Global Threat Intelligence Liaison from FireEye in this webinar that will discuss:
•How to ensure you are responding to the alert that matters
•Benefits of Alerts with threat Intelligence
•Using threat intelligence to think like your attacker
•How to apply threat intelligence, expert rules and advanced security data analytics in order to shut down threats before they cause damage
•How security teams can prioritize and optimize their response efforts.
Mathias Fuchs, Senior Incident Response Consultant bei Mandiant
Dieses Webinar verdeutlicht Ihnen, unterstützt von wichtigen Trends, Statistiken und Anwenderberichten, die Entwicklung der raffinierten Cyberangreifer und ihrer Angriffsstrategien im vergangenen Jahr in EMEA.
Registrieren Sie sich für das Webinar und lassen Sie sich von Mathias Fuchs, Senior Incident Response Consultant bei Mandiant, die wichtigsten Erkenntnisse aus diesem Report erläutern. Außerdem zeigt er Ihnen, wie Sie sich optimal auf einen Cyberangriff vorbereiten und im Falle eines Vorfalls richtig reagieren.
Josh Golfarb, CTO of Emerging Technologies, FireEye
CISOs and senior IT executives have to make tough choices, deciding among competing budget requests for programs, staff, technology and services. They have to make critical choices about which strategic investments to make toward reducing risk. In order to make these choices, they have to prioritise threats relevant to their specific enterprise, which requires sifting through a continuous deluge of reports, analysis and hyperbole from media, analysts and vendors.
Join this live webinar where Josh Golfarb, CTO of Emerging Technologies, presents an overview of the threat landscape, and introduces a practical foundation for building an intelligence-led security program aimed toward reducing risk to the enterprise.
FireEye is the leader in stopping today’s advanced cyber attacks by combining the world most advanced technology, intelligence, and expertise. FireEye has over 2,200 customers across more than 60 countries, including over 130 of the Fortune 500.