Hi [[ session.user.profile.firstName ]]

Hunting for Threats: tips and tricks for SOC experts

Many Security Operation Centers operate in a reactive mode. They primarily respond to alerts that are being presented to them by implemented detection technologies. And we all know alerts are generated in overwhelming volumes, severely crippling SOC’s effectiveness and efficiency. Today’s threat landscape requires SOCs to operate ever more proactively to keep up with the threat actors. More and more SOCs therefor are actively ‘hunting’ for threats that may be residing in the environment they are to defend. ‘Hunting' however requires a different approach from the traditional, reactive mode, not least for the SOC experts themselves.

Join Matias Bevilacqua, Mandiant Principal Incident Response Consultant, as he discusses tips and tricks for hunting for those lurking threats: what to look for, what tools to use, etc.? You will leave the session with some hands-on material to start turning over stones and uncover threats you never knew were there.
Recorded Aug 23 2016 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Matias Bevilacqua, Mandiant Principal Consultant
Presentation preview: Hunting for Threats: tips and tricks for SOC experts
  • Channel
  • Channel profile
  • 2017- Une année déjà active pour les groupes APT Oct 26 2017 12:00 pm UTC 45 mins
    David Grout, Director, Southern Europe Systems Engineering, FireEye
    2017 est d’ores et déjà une des années les plus prolifiques en ce qui concerne l’activité des groupes APT. On a en effet depuis le début de l’année plusieurs exemples d’attaques majeures, d’extorsions ou de tentatives d’influences relayées dans la presse.

    Prenons une pause et regardons plus attentivement les TTPs de ces groupes, les techniques Outils et procédures qu’ils utilisent.

    Pendant 45mn nous regarderons dans le détails leurs motivations, leurs approches et nous en définirons les moyens possibles à mettre en place pour limiter voire éviter leur attaques.

    Nous couvrirons plusieurs domaines incluant les groupes sponsorisés par des états avec des volontés de prises d’avantages économiques voir de destructions de l’adversaire comme APT32 ou 33. Nous étudierons aussi les groupe jouant d’influence géopolitique et de fake news comme APT28 ou 29 et nous finirons sur le cyber espionnage (APT10) et les cybers criminels spécialisés dans l’extorsions de fond.
  • Simplify Threat Response Through Integration & Automation Oct 25 2017 1:00 pm UTC 45 mins
    Anthony Leigh, Systems Engineer, FireEye
    FireEye Security Orchestrator helps you improve response times, reduce risk exposure, and maintain process consistency across your security program. It unifies disparate technologies and incident handling processes into a single console that codifies experiences from the frontlines to deliver real-time guided responses.

    In this technical session we hear from an orchestration expert on best practices to simplify and automate security tools and processes. We will look at real-life examples of providing teams with greater control of incident response process for improved efficiency, thus saving time & resources and increasing efficiency and performance. We will also look at orchestration services with incident response playbooks, plug-in development, automation and workflow deployment.
  • Endpoint Security: No longer taking a back seat! Oct 25 2017 10:00 am UTC 45 mins
    Remon Verkerk, Systems Engineer, FireEye
    Endpoint security has long been an obvious necessity, but mostly proved a resource heavy burden with limited value. The threat landscape has changed and so have the attack vectors. Endpoints are a popular and often easy in to customer networks. This ideal stepping stone needs proper protection and NGAV is no longer sufficient. Privacy laws and regulations demand answers quickly when things go south and data breaches occur. The endpoint is usually a good starting point to provider answers to questions like:

    - Is there command and control activity?
    - Did lateral movement occur?
    - What other systems were accessed?
    - Et cetera…

    This webinar explains how FireEye Endpoint Security (HX) helps our customer to protect their endpoints, and enable you to go from alert to fix in a matter of minutes. Visibility, speed and cost efficiency are the key components in this solution.

    After this webinar, you will have good understanding of the capabilities on countering attacks on your endpoints, and how Fireeye’s Endpoint Security can be of added value to your organisation.

    Keywords/tags: protection, prevention, detection, hunting, exploit prevention, AV
  • The Security Paradigm: "From the Cloud, To the Cloud, In the Cloud" Oct 24 2017 2:00 pm UTC 45 mins
    David Grout, Director, Southern Europe Systems Engineering, FireEye
    Cloud adoption is a reality today, every company is moving applications and businesses in the cloud to get more flexibility, agility and to potentially reduce their costs.

    Security operations need to enable this transformation and help the business to activate capabilities in the cloud infrastructure. Risks exist and cannot be ignored if companies want to provide a sustainable and secure environment for themselves and their customers.

    During this webinar, we will describe the main risks associated with cloud adoption and cover how to mitigate those risks.  
  • Best Practices for Enterprise Cyber Intelligence Operations Oct 24 2017 11:00 am UTC 45 mins
    Igors Konovalovs, Strategic Account Manager, GSI Sales
    Identifying effective threat intelligence is not easy. Learn what it means to have timely, relevant and actionable threat intelligence and how it can help you respond to threats quickly and decisively.

    This webinar explains:

    · Why do organisations require Cyber threat intelligence?
    o To aid technical and business decision making
    o To identify and manage risks
    o To efficiently deploy capital against the threats that matter to enterprise

    · The key requirements for establishing a cyber threat intelligence function
    · Basic cyber threat intelligence workflows
    · Resource and training requirements to support a Cyber Threat intelligence function
  • The Cost of Building a Threat Hunting Team in Your SOC Oct 24 2017 9:00 am UTC 45 mins
    Stuart Davis, Director, Mandiant
    At this point your SOC is effectively covering SIEM, IDP, Vulnerability Management and a number of other areas.
    However, the next phase of maturity is to build the APT Threat Hunting capability.

    Join us for a short webinar to discuss the costs of building a hunting team versus buying it.
  • APT33: Panoramica FireEye sulle attività cyber iraniane Recorded: Oct 11 2017 49 mins
    Gabriele Zanoni, Systems Engineer, FireEye
    Le recenti investigazioni condotte da Mandiant, la divisione di Incident Response di FireEye, combinate con le analisi del nostro servizio di Threat Intelligence iSIGHT, hanno fornito una panoramica completa sulle attività di un gruppo di Cyber attaccanti iraniani operante dal 2013.
    Durante il webinar, spiegheremo come questo gruppo di attaccanti sia stato coinvolto in attività di cyber spionaggio al fine di raccogliere informazioni strategiche di intelligence da aziende nel settore dell’aviazione e dell’energia, con il fine ultimo di mettere le informazioni trafugate a disposizione di uno sponsor statale o militare.
    Registrati al webinar per saperne di più!
  • APT33: New Insights into Iranian Cyber Espionage Group Recorded: Sep 21 2017 49 mins
    Stuart Davis, Director, Mandiant; Nick Carr, Senior Manager, TORE Detection & Analysis
    Recent investigations by FireEye’s Mandiant incident response consultants combined with FireEye iSIGHT Threat Intelligence analysis have given us a more complete picture of a suspected Iranian threat group, that we believe has been operating since at least 2013. 
    Join us in a live webinar as we discuss this threat group whom we asses to be involved in a long-term, resource intensive cyber espionage operation motivated by the prospect of collecting strategic intelligence, including information related to the aviation and energy industries, which would ultimately benefit a nation-state or military sponsor.
    Register today to gain deeper insights into this threat group!
  • T-72 hours: Building Your GDPR Breach Response Plan Recorded: Aug 17 2017 49 mins
    Jeroen Herlaar, Regional Director, Mandiant; Alister Shepherd, Director, Consulting, META, Mandiant
    The first half of 2017 was the tipping point for cyber threats in Northern Europe. Organizations had to defend themselves against two cyber attacks involving rapid spreading malware. The latest incident severely disrupted global enterprises, causing significant downtime and impacting their revenue.
    Such high-profile, large-scale attacks show us that no organisation is safe from the reach of cyber-criminality. Post-GDPR, responding to these attacks will become all the more critical as breaches will have to be reported to the relevant regulatory body. By understanding your current security posture - internal processes and technology – combined with the external threat landscape – organisations can prepare themselves should a breach occur.

    In this webinar, you will learn how to assess your risk profile, evaluate your operational strengths and weaknesses as well as your tactical approach to responding to co-ordinated, targeted attacks.

    Register your interest here.

    Many thanks,
    The FireEye Team
  • BrightTALK's GDPR Benchmark Special: How Prepared are You for May 2018? Recorded: Aug 17 2017 63 mins
    Josh Downs, BrightTALK; Stuart McKenzie, Mandiant; Sian John, Symantec; Nigel Tozer, Commvault & Tim Hickman, White & Case
    9 months until the GDPR deadline - are you completely up-to-speed?

    Our panel of data protection experts will be discussing the compliance considerations that you need to be assessing for May 2018 along with suggesting next steps from a cyber and general security standpoint.

    We'll also be asking YOU at what stage you're at in terms of your preparations via a series of interactive benchmarks as we go through the session to get a sense of where the security community is at in terms of preparations.


    GDPR and its May 2018 deadline are now fully the minds of the vast majority of security professionals and with massive fines on the horizon for non-compliance, now is a better time than ever to get to grips with the legislation and ensure that your organisation is secure and compliant.

    It’s vital that your business has carried out the relevant preparations for compliance by then to make sure you don’t get whacked with a huge fine of up to £15m or 4% of your organisation’s global annual turnover.

    Not only are there potentially huge financial repercussions, but leaving your business open to attack and your customers at risk can cause serious reputational damage.
  • Security Orchestration In Action: Integrate – Automate –Manage Recorded: Aug 10 2017 53 mins
    Silvio Pappalardo & Alex Ruhl, FireEye
    Simplify & Accelerate Security Operations through integration and automation

    Join us to hear how Security Orchestration from FireEye can:

    Unify your security assets into a homogeneous platform and remove the operational silos that have bogged down security personnel for years. Improve operational efficiency and streamline processes with automation.
    Save time and resources & Improve your overall ROI

    Give your team an edge on attackers with deployment, design, and pre-built playbooks from our team of experts.
    Leverage our real-world, frontline Mandiant investigation experience & get access to class leading content, best practice playbooks and a global services breadth to assist clients anywhere in the world they need support.

    Eliminate errors through standardised process and automation while reducing time demands on already stretched SOC teams.
    Minimise error prone manual processes while maintaining response and process consistency &
    Automate repeatable tasks enabling you to re-allocate staff to higher value tasks such as proactive hunting.

    Towards the end of the session we will be delivering a LIVE demo of FireEye Security Orchestrator.
  • 6 Hidden Security Risks for Industrial Environments Recorded: Jun 22 2017 35 mins
    Rob Caldwell, ICS Manager, FireEye
    Industrial enterprises – like electric utilities, petroleum companies, and manufacturing organisations – invest heavily in industrial control systems (ICS) to operate industrial processes efficiently, reliably, and safely. Without technology operating the plant floor, business halts or worse.

    Join our webcast to discuss six key plant floor weaknesses that adversaries exploit to undermine plant operations. Subversive and difficult to detect, explore the implications and a step-by-step checklist for mitigating these risks firsthand with our experts.
  • GDPR – being prepared and response-ready Recorded: Jun 15 2017 41 mins
    Stuart McKenzie, VP, Mandiant Consulting & Dan Wire, Sr. Director, Marketing Communications
    The new GDPR requires businesses to report data breaches within 72 hours – how will you manage the process?

    In a crisis, being organized and informed enough to provide an accurate notification to affected customers (or indeed regulators) is a difficult task on its own. When combined with a mandatory incident response processes – identifying the cause, containing and remediating the vulnerability, and determining the extent of the damage, it makes the situation a lot more difficult and time sensitive.

    In this webinar we will tackle the importance of a having an effective and actionable incident response plan, and how to develop a crisis communications strategy that minimizes the impact of a data breach.
  • The Resurgence of APT10 Recorded: Jun 8 2017 49 mins
    Stuart Davis, Director, Mandiant & David Grout, Systems Engineering Director, FireEye
    FireEye has tracked APT10, a Chinese cyber espionage group, since 2009. APT10, also known as MenuPass Group, have historically targeted the United States, Europe, and Japan with a specific focus on construction, engineering, aerospace, telecom, and government.
    In June 2016, FireEye first reported that APT10 expanded their operations with a new suite of tools and techniques to target their adversaries.

    Join our experts whom have hands on experience with this group to learn:

    •Who is a part of APT10, whom they target and how they operate
    •How to defend against, hunt for and respond to APT10
    •How your organisation can improve its ability to detect, prevent and remediate APT10 attacks
  • [Video Panel] GDPR: The Next 12 Months Recorded: Jun 6 2017 59 mins
    Josh Downs, BrightTALK; Patrick Grillo, Fortinet; Roger Francis, Mandiant & Tim Hickman, White & Case
    - BrightTALK at Infosecurity Europe 2017 -

    GDPR and its May 2018 deadline are now fully the minds of the vast majority of security professionals and with massive fines on the horizon for non-compliance, now is a better time than ever to get to grips with the legislation and ensure that your organisation is secure and compliant.

    Join this live interactive panel where our selection of industry experts will be discussing the ins and outs of the regulations; how to prepare, steps to take and what to look out for.

    It’s vital that your business has carried out the relevant preparations for compliance by then to make sure you don’t get whacked with a huge fine of up to £15m or 4% of your organisation’s global annual turnover.

    Not only are there potentially huge financial repercussions, but leaving your business open to attack and your customers at risk can cause serious reputational damage.

    This expert panel will be discussing next steps to make sure that the next 12 months are as pain free as possible.
  • Attacchi cyber in EMEA: i nuovi trend Recorded: May 30 2017 49 mins
    Gabriele Zanoni, Systems Engineer di FireEye
    Partecipa al webinar con Gabriele Zanoni, Systems Engineer di FireEye, per scoprire come si sta evolvendo il panorama delle minacce sulla base dei dati sui cyber attacchi dello scorso anno, rilevati dalle investigazioni di Mandiant.

    Il webinar affronterà temi quali:

    •I nuovi trend negli attacchi di phishing usati per compromettere le aziende
    •I cambiamenti nella telemetria e nella metodologia degli attacchi
    •Le analisi di intelligence sulle minacce emergenti
    •Le nuove strategie di difesa per proteggere al meglio le aziende
    •L’impatto del GDPR sul business
    •Confronto fra trend europei, americani e asiatici
  • APT32: New Cyber Espionage Group Recorded: May 24 2017 57 mins
    Nick Carr, Sr. Manager Incident Response, Mandiant, a FireEye Company
    Learn more about APT32 (OceanLotus Group), a Southeast Asian cyber espionage group threatening multi-national companies operating in Vietnam. After long-term monitoring and response of their activities, FireEye has given this threat actor the newest APT designation.

    Join Nick Carr, Sr. Manager of Incident Response, as he shares how Mandiant, iSIGHT Intelligence and FireEye as a Service teams reveal:

    • Who is part of APT32, where they are based, whom they target and how they operate
    • Advice on how to defend against, hunt for and respond to APT32
    • How your organization can improve your ability to detect, prevent and remediate APT32 attacks
  • Tendances et chiffres sur les fuites d’information et les attaques Cyber en EMEA Recorded: May 19 2017 48 mins
    David Grout, Director, Southern Europe Systems Engineering, FireEye
    Rejoignez-nous pour un webinaire en live avec David Grout, Directeur Technique Europe du Sud, qui explorera les tendances qui définissent le paysage actuel des menaces en se basant sur les investigations des équipes Mandiant en 2016.
    Inscrivez-vous aujourd’hui pour découvrir :
    •Les nouvelles tendances d’hameçonnage
    •Les changements en termes de volume et de méthodologie
    •Les apports de la cyber veille et de l’intelligence sur les attaques émergentes
    •Les approches défensives pour mieux se protéger
    •Comment la GDPR impacte les sociétés en EMEA
    •Comment l’Europe se situe par rapport à l’Amérique du Nord et à l’Asie
  • [Video Panel] Fighting Ransomware & Responding if the Worst Happens Recorded: May 18 2017 47 mins
    Josh Downs, BrightTALK; Adrian Taylor, FireEye; Ian Whiting, Titania & Bart Parys, PwC
    Ransomware was one of the biggest threats facing businesses in 2016 and that trend is expected to continue as we press further into 2017.

    As more and more cheap malware becomes available to cyber criminals the sheer amount of ransomware attacks is on the rise.

    However, cyber defences are beginning to catch up.

    This expert video panel will be discussing the ransomware landscape, what you can do to better protect your business from the threat and steps to take should the worst happen.


    - Josh Downs, BrightTALK (moderator)

    - Adrian Taylor, Field CTO, FireEye

    - Ian Whiting, CEO, Titania

    - Bart Parys, Threat Intelligence Analyst, PwC
  • Securing Finance: Lessons Learnt So Far Recorded: May 16 2017 47 mins
    Roger Francis, Senior Consultant, Mandiant; Jeroen Herlaar, Regional Director, Mandiant
    In 2016 FireEye observed an increase in the number of advanced targeted attacks leveraged against financial institutions in Europe and the Middle East. Much of the activity involved sophisticated financially motivated attackers targeting poorly defended institutions, and centred on the interbanking messaging system.

    Join Mandiant’s live webinar and hear real world experts as they discuss recent interbanking messaging system breaches, what lessons should be learnt, and how to avoid such pitfalls in the future.
Security Re-Imagined
FireEye is the leader in stopping today’s advanced cyber attacks by combining the world most advanced technology, intelligence, and expertise. FireEye has over 2,200 customers across more than 60 countries, including over 130 of the Fortune 500.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Hunting for Threats: tips and tricks for SOC experts
  • Live at: Aug 23 2016 12:00 pm
  • Presented by: Matias Bevilacqua, Mandiant Principal Consultant
  • From:
Your email has been sent.
or close