Threat Indicators: Telltale Signs You’ve Been Owned

Jeff Schilling - Director of Incident Response and Digital Forensics at Dell SecureWorks
Based on the recent high-profile reports of attackers compromising victims long before the breach is discovered, many security professionals want to know: “Are we already compromised?”

Jeff Schilling, Director of our Incident Response team and former chief of current operations, U.S. Army Cyber Command, will discuss threat indicators, the subtle traces of an attacker’s tradecraft and presence in your environment. Jeff will share findings from helping organizations defend against targeted attacks, focusing on tactics, techniques and procedures (TTP) exhibited by organized cybercriminals and APT. He will also discuss using threat indicators to learn about the adversary, and how vital this intelligence is to successful incident response.
Apr 3 2013
43 mins
Threat Indicators: Telltale Signs You’ve Been Owned
More from this community:

IT Security

  • Live and recorded (5259)
  • Upcoming (136)
  • Date
  • Rating
  • Views
  • A new category of threat is emerging – a threat designed to evade traditional signature-based technologies such as Anti-Virus and Intrusion Detection. Attempting to meet the challenge is a new class of technology, “Advanced Malware Protection” or “AMP,” which is an industry term for technology designed to continuously monitor for, offload and detonate files in a sandbox - safely away from the main environment - to observe and detect malicious objects.

    If a security device produces an alert in the forest, who’s there to hear it?

    The challenge is these next generation advanced malware detection solutions produce so much detail about the suspicious activity that most organizations do not have the resources to thoroughly investigate/analyze. The best technology means nothing if you don’t have the right expertise to react to the alert, quickly decipher complex reports, investigate the threat, and determine the right response. And meanwhile, the threat actors aren’t standing still – they’re developing measures to circumvent controls in some traditional sandbox environments.

    You will learn:
    1.How the threat is evolving and how actors are employing evasive practices to overcome traditional and even some more sophisticated security defenses
    2.Why next generation sandboxing and full-system emulation are the keys to combatting evasive malware threats
    3.The expertise needed to accurately identify and diagnose the threat once the alert is received
    4.How to ensure your organization has the ability to respond effectively to the incident and close all the backdoors a threat actor may have opened
  • 2014 could have easily been called, “The year of the biggest security breaches since the beginning of forever.” But given current security practices and technologies, many of the breaches could have been prevented. So why weren’t they?

    Many of the affected companies fell into a very common trap, thinking that if a company goes to the trouble to be legally compliant then it will be effectively “secure.” Unfortunately, as with many kinds of regulations, legal compliance really represents the absolute least amount of effort required. If companies want to give themselves the best chance to avoid the very severe consequences that come with a major breach, there are five practices they need to put in place now.

    Join Adrian Sanabria, Senior Security Analyst at 451 Research, and Amrit Williams, CTO of CloudPassage, on this webinar to learn
    · Possible gaps left by the compliance-first approach to security
    · How to limit vulnerabilities across traditional, virtual and cloud infrastructures
    · Five best practices to avoid a major security breach in 2015
  • The bring-your-own-device (BYOD) movement has been a huge boon for businesses that put a premium on productivity. File sync and share solutions have emerged to help employees work from anywhere, at any time, on any device. In this BrightTALK exclusive, eFolder explores the top seven features that business should consider when adopting a file sync and share solution. Learn what is required for a file sync and share solution to improve collaboration, maximize productivity, and ensure security.
  • Join Tom Kellermann, Chief Cyber Security Officer for Trend Micro, in an informative webinar specifically tailored for corporate executives and directors who are ready to take the reins of a real and effective plan to secure their organization, their data, and their careers against targeted attacks.

    During this live webinar, you’ll learn:
    • How to identify, classify, and protect your valuable data assets
    • How to assess your organization’s vulnerability to attack
    • How to measure and mitigate cyber risks cost-effectively
  • The Internet of Things (the new buzzword for the tech industry) is increasing the connectedness of people and things on a scale that was once beyond imagination. Connected devices outnumber the world's population by 1.5 to 1.It is expected to eventually touch some 200 billion cars, appliances, machinery and devices globally, handling things like remote operation, monitoring and interaction among Internet-connected products.

    In combination with the fact that there are almost as many cell-phone subscriptions (6.8 billion) as there are people on this earth (seven billion), we have all the ingredients for a Perfect Cyber Storm.

    Join me for an informal discussion of the challenges for our profession, and some possible solutions.
  • Do you feel alone? No resources? No help? If you are like many security practitioners faced with a mountain of tasks each day and a small (or non-existent) team to help, prioritization and efficiency are key. Join Joe Schreiber, Solutions Architect for AlienVault for this practical session outlining habits to get the most out of your limited resources.

    In this session, you'll learn how to develop routines to efficiently manage your environment, avoid time-sucks, and determine what you can do by yourself and where you need help.

    In this practical session, Joe will cover:
    - How to work around the limitations of a small (or one person) team
    - Tips for establishing a daily routine
    - Strategies to effectively prioritize daily tasks
    - Benefits of threat intelligence sharing
    - Critical investigation & response steps when the inevitable incident occurs
  • Do you feel alone? No resources? No help? If you are like many security practitioners faced with a mountain of tasks each day and a small (or non-existent) team to help, prioritization and efficiency are key. Join Joe Schreiber, Solutions Architect for AlienVault for this practical session outlining habits to get the most out of your limited resources.

    In this session, you'll learn how to develop routines to efficiently manage your environment, avoid time-sucks, and determine what you can do by yourself and where you need help.

    In this practical session, Joe will cover:
    - How to work around the limitations of a small (or one person) team
    - Tips for establishing a daily routine
    - Strategies to effectively prioritize daily tasks
    - Benefits of threat intelligence sharing
    - Critical investigation & response steps when the inevitable incident occurs
  • Cutting down on the time taken to complete complex document review cycles allows the modern lawyer to operate at the pace required by their industry.

    Join our webinar to learn top tips for shortening these review cycles without losing document integrity and risking corruption. We’ll also cover what technologies are available to provide a quick and accurate way to improve document review efficiency.
  • FireEye recently released a new report that documents how and why governments around the world are turning to the cyber domain as a cost-effective way to spy on other countries, steal technology, and even wage war.

    Whether it’s sensitive military, diplomatic, or economic information, governments depend on the integrity of their data. If that data falls into the wrong hands, the consequences could be severe.

    In the wake of two apparent state- and government-sponsored attacks, APT1 and APT28, government agencies must understand why they are in attackers’ crosshairs, what attackers might be seeking, and how they can protect themselves.

    Join us for a dynamic discussion with subject matter experts where you will learn:

    •What makes your government-related organization an appealing target – whether you’re a political opponent, business, agency or vendor
    •Why it’s important to determine who could be planning an attack, their motives, and how they might carry out their goals
    •How to assess your level of preparedness and how to protect yourself if you are not ready for this new era of cyber warfare
  • Don’t let your security programme fall behind. In a world where executives are asking more questions about security and high-profile breaches and critical vulnerabilities are reported in prime time, rigid policy frameworks and traditionally slow (but cautious) decision making are no longer sufficient.

    Security departments in organisations of all sizes and across all industries must ensure that business critical assets are protected, compliance and regulatory requirements are met, and rapidly changing business goals are supported.

    In this webinar we will discuss:

    • The current state of the art for security programmes
    • How to work with your organisation to ensure that security becomes a business enabler
    • How to build a supportive security programme within an ever-evolving threat landscape
  • Channel
  • Channel profile
  • Outmaneuvering Evasive Threats - The next generation of security defense Recorded: Mar 5 2015 57 mins
    A new category of threat is emerging – a threat designed to evade traditional signature-based technologies such as Anti-Virus and Intrusion Detection. Attempting to meet the challenge is a new class of technology, “Advanced Malware Protection” or “AMP,” which is an industry term for technology designed to continuously monitor for, offload and detonate files in a sandbox - safely away from the main environment - to observe and detect malicious objects.

    If a security device produces an alert in the forest, who’s there to hear it?

    The challenge is these next generation advanced malware detection solutions produce so much detail about the suspicious activity that most organizations do not have the resources to thoroughly investigate/analyze. The best technology means nothing if you don’t have the right expertise to react to the alert, quickly decipher complex reports, investigate the threat, and determine the right response. And meanwhile, the threat actors aren’t standing still – they’re developing measures to circumvent controls in some traditional sandbox environments.

    You will learn:
    1.How the threat is evolving and how actors are employing evasive practices to overcome traditional and even some more sophisticated security defenses
    2.Why next generation sandboxing and full-system emulation are the keys to combatting evasive malware threats
    3.The expertise needed to accurately identify and diagnose the threat once the alert is received
    4.How to ensure your organization has the ability to respond effectively to the incident and close all the backdoors a threat actor may have opened
  • New Solution: Advanced Malware Protection and Detection Recorded: Feb 11 2015 34 mins
    This is an exclusive introduction to our brand-new service – Advanced Malware Protection and Detection (AMPD).

    The fully managed service deploys a lightweight appliance on your network monitored by our Advanced Analyst team. Embedded with CTU Intelligence, the AMPD service continuously monitors your network for signs of compromise, putting the right technology, intelligence and expertise in place to detect and respond to advanced and evasive threats, ensuring your organization isn’t the next big news story.

    You will learn:
    1. How threat actors are using increasingly sophisticated malware designed to evade traditional signature-based and sandboxing technologies
    2. How next-generation sandboxing technology utilizing full-system emulation and elite threat intelligence allows you to detect advanced malware activity as soon as it happens
    3. How Advanced Malware Protection and Detection provides fast, accurate diagnosis with actionable information to accelerate incident response and eradicate the threat
  • Order from Chaos: The Importance of Digital Forensics in Incident Response Recorded: Dec 2 2014 61 mins
    When a breach happens, chaos ensues. However, for proactive organizations, a digital forensics capability can bring order to chaos and contribute to minimizing overall business impact. Digital forensics plays an integral role in any effective response to a security incident and in its aftermath.

    Digital forensics investigations can help you:
    •Assess which assets were compromised
    •Determine what unauthorized activities were carried out
    •Establish an appropriate mitigation strategy
    •Assess impact to the organization for a variety of stakeholders
    •Learn from previous incidents to adjust security strategy using your own threat intelligence

    In this webcast, Randy Stone of the Dell SecureWorks’ Incident Response and Digital Forensics practice will share examples of how digital forensics techniques were used to understand threat actors, attack methods, and impact to organizations. Randy will highlight key operational and technical capabilities required to build and sustain a digital forensics function. He will share common mistakes made by response teams that inhibit the ability to investigate and determine the facts around an incident. Lastly, he will share tips and guidance for how organizations can assess the maturity of their digital forensics capabilities.

    In this webcast, you will:
    •Hear examples of previous incidents and how digital forensics techniques were used to assess impact and respond accordingly
    •Find out common pitfalls that prevent an effective forensic investigation of an incident
    •Learn strategies for assessing the digital forensics capabilities of your organization’s incident management function
  • PCI 3.0: Bridging the Gap – Lessons Learned and Tips for Success Recorded: Nov 18 2014 60 mins
    With PCI DSS version 3.0 nearing its full implementation and adoption, companies must assess where they currently stand in relation to the new and evolving requirements. . Staying updated to changes within the PCI DSS is critical for companies to meet and sustain compliance in their day-to-day operations, now and in the future. Unfortunately, the transition to PCI 3.0 has not been an easy one for many organizations. .

    In this webcast, Kevin Eaton, Senior Security Consultant and Qualified Security Assessor at Dell SecureWorks will provide an in-depth view of several key changes to the PCI DSS with respect to new 3.0 requirements. Kevin will discuss what to be on the lookout for and share examples of real-world struggles of companies going through the transition. Most importantly, Kevin will provide practical guidance for how your organization can avoid those same struggles and work toward continued compliance under the new standard. This webcast will cover:
    •An in-depth view of the key changes to PCI DSS that matter most to you.
    •Managing third-party relationships, and addressing new third-party requirements
    •Creating a policy driven environment which provides a solid backbone for compliance
    •Navigating and addressing changes to the Self-Assessment Questionnaires (SAQs)
    •Validating and confirming the scope of cardholder data environment (CDE), and scope reduction strategies
    There will also be time for questions and answers with Qualified Security Assessors (QSAs) on the SecureWorks team!
  • What Your Employees Don’t Know Can Hurt You Recorded: Oct 16 2014 52 mins
    What Your Employees Don’t Know Can Hurt You – Creating the Vigilant Employee in the Cyber Security War

    Recent major breaches all share one common denominator – employees have been targeted through phishing and spear-phishing techniques that have opened the door for threat actors to cause substantial harm. Though Security Awareness Training is not new, the imperative for organizations to change employee behavior has never been greater.

    In this webcast, Dane Boyd, Security Awareness Training Consultant in the Dell SecureWorks CISO Office, provides a high-level view into the latest threat actor strategies and tradecraft for phishing, spear phishing and social engineering. Dane will discuss how raising the vigilance of your employees must go beyond common training approaches used today. In addition, Dane will elaborate a vision for how employees must be part of a broader solution to address the threat and provide real world examples.

    In this webcast, you will:

    - Gain insights into the latest threat actor phishing and social engineering tactics
    - Be put to the test to determine if even you can spot the phish
    - Learn strategies for changing employee behavior and creating the “Vigilant Employee”

    In addition, in recognition of National Cyber Security Awareness Month, we’re taking a little different twist to put you to the test to ask if you can “Spot the phish?”

    This webcast is intended for Security leaders and security practitioners and their counterparts in IT. So do your part for Cyber Security Awareness Month and extend this invitation to your colleagues to join us as well.
  • Security Street Smarts Series Recorded: Sep 10 2014 53 mins
    Understanding Threat Actor Tradecraft from the Experts

    Operating from the belief that insight is powerful, our foremost security researchers will give you a window in the world of threat actors and their tradecraft. Our upcoming webcast will sharpen your understanding of the methods and tools used by threat actors as well as raise your security IQ. This series is based upon the belief that if you understand the nature of the threat, you will know how to counter it more efficiently and effectively.

    Joe Stewart and Pat Litke, Senior Security Researchers from the Counter Threat Unit (CTU), will discuss how threat actors are launching attacks mining bitcoin and digital currency not seen before. They will review how the scheme was uncovered as well as how the actor was thwarted. User traffic destined to 51 networks from 19 different Internet service providers was hijacked. Dr. Brett Stone-Gross, Senior Security Researcher, will present a malware family that is using digital steganography to hide information in image files. He will discuss the use of digital steganography and how it can make detection significantly more difficult.

    In this webcast, you will:

    - Gain insight on new and innovative strategies cyber criminals are using
    - Practical tips on how to look at the problem
    - Sharpen your ‘security street smarts’ and strengthen your security posture
  • Next Generation Vulnerability Management Recorded: Aug 13 2014 54 mins
    A Discussion on Trends and Dell SecureWorks’ New Vulnerability Prioritization Service with Risk I/O

    As a valued client of Dell SecureWorks, we are inviting you to a discussion about our Vulnerability Monitoring and Prioritization service.

    Vulnerability management is critical to any comprehensive defense strategy, and yet, organizations struggle with prioritizing vulnerabilities for remediation based on real risk to their organization.

    Please join Dell SecureWorks’ David Langlands, (Director, Security and Risk Consulting), and Risk I/O’s David French, (Vice President), as they discuss how organizations are currently approaching vulnerability management today and the limitations with how risk associated with vulnerabilities is classified and remediated.

    Dell SecureWorks, in collaboration with Risk I/O will paint a vision of how organization’s need to evolve their vulnerability management so that they are better assessing and remediating technical and business risk to their organization.

    Presenters will discuss:
    •Current state of vulnerability management and where it needs to go
    •Intelligence-driven prioritization of vulnerabilities defense
    •Visualization of vulnerability risk for effective decision-making
  • Game Over for Gameover Zeus: Disrupting a Global Cybercriminal Operation Recorded: Jul 31 2014 60 mins
    On June 2, 2014, Operation Tovar was announced, a multi-national initiative to disrupt the Gameover Zeus botnet and seize infrastructure supporting Cryptolocker ransomware. This initiative was, in part aided by security experts from the Dell SecureWorks Counter Threat Unit (CTU). Gameover Zeus and Cryptolocker were part of a larger cybercriminal ecosystem representative of threats faced by many organizations today.

    During this interactive webcast, Ben Feinstein, Director of CTU Operations and Development, will discuss details of the adversary’s operations and tradecraft behind Gameover Zeus and Operation Tovar. Ben will also share clear guidance on how to defend against similar threats in the future. As a result, security professionals can draw lessons on how to better defend against and respond to this broader class of threats. The webcast will answer key questions such as:

    - How did the Gameover Zeus botnet operate and deliver its malware payloads to thousands of systems worldwide?
    - How was the Gameover Zeus threat group monetizing their botnet?
    - What was Operation Tovar and how did it work?
    - Why do these threats matter to your organization?
    - What concrete actions should your organization be taking to address this class of threats?
  • Expose' of Threat Groups Recorded: Jul 16 2014 60 mins
    Lessons Learned on How to Combat the Threat

    Join the Dell SecureWorks Counter Threat (CTU) Special Operations team to dig deeper into the threat groups responsible for recent, targeted intrusions. Their experience of engaging with the threat actors allows for a unique opportunity to gather intelligence from the front line. CTU Researchers will share observations on the actors and their tradecraft. Even more importantly, they will share practical guidance on specific steps your organization can take to combat similar threats.

    Key Takeaways from this Webcast Include:

    1 - Tradecraft used by some of the most notorious threat actor groups
    2 - How to use threat intelligence to aid in the mitigation of future incidents
    3 - Practical guidance on steps your organization can take to combat similar threats
  • The Battle for Your Endpoints: The Next Frontier in the Cybersecurity War Recorded: Jun 10 2014 60 mins
    In nearly every major security breach in the past 12 months involving an actor operating from outside, endpoint compromise has been a consistent theme. Compromising endpoints is a threat vector of choice, especially for advanced actors who specifically target their victims. Indeed, Trend Micro reported that 91% of targeted attacks involved use of a spear phishing attack to gain access

    During this special webcast, Jon Ramsey – Chief Technology Officer for Dell SecureWorks and, Benjamin Johnson, Chief Evangelist of Bit9/Carbon Black, discuss the realities confronting organizations today and why endpoint security is increasingly critical for security teams and leaders to address.

    The webcast will provide an overview of the threat landscape, what the latest tradecraft threat actors are employing and answer why traditional detection technologies are insufficient to address the problem. The webcast will establish what endpoint capabilities are critical for detecting advanced threats and disrupting the actor’s “Kill Chain” sooner. Finally, the webcast will address what other steps organizations must take to address the risk posed by endpoints.
  • Counterstrategies for Combatting Social Engineering: A CISO’s View Recorded: May 1 2014 21 mins
    In 2014, Social Engineering is proving costlier than ever, especially phishing and spear phishing. Social Engineering is not new. But with recent breaches, the imperative to counter social engineering effectively takes on a whole new level of urgency.

    In this webcast, Doug Steelman, Chief Information Security Officer for Dell SecureWorks, discusses the realities of social engineering and what your organization must do to counter it effectively. From expanding visibility across your environment to instrumenting rapid alerting of suspected threat activity to security awareness training, Doug will share recommendations on how you can make your environment more resistant to determined adversaries seeking to exploit the trust relationships of your employees.

    Doug will share:

    - The importance of 360 degree visibility across your environment
    - Why intelligence to add context to the threat is so critical
    - The need for security awareness training and testing layered into your overall defense posture
    - Instrumenting your environment to accelerate detection of threats as a result of social engineering
  • Are you already compromised? Recorded: Feb 24 2014 49 mins
    Hunting for the active threat in your environment.

    It can take weeks, months or even years to detect a sophisticated adversary operating within your environment. Many organizations struggle to defend their network from common cyber-security threats, much less proactively hunt for an advanced and entrenched adversary. Recent network security breaches have raised the intensity of focus on detection of new threats, but what if your organization is already breached?

    During this webcast, Aaron Hackworth, Executive Director of the Dell SecureWorks Counter Threat Unit Special Operations team will discuss the importance of hunting for an active adversary in your environment - an effort that goes beyond technology, engaging the adversary to identify the scope of the present threat and ensure its complete eradication.

    Aaron will discuss the benefits of Targeted Threat Hunting and share examples of tactics used by targeted threat actor groups to evade detection and maintain access to their victim's systems and data. Aaron will also provide recommendations on what your team can do to heighten information security and make your environment more resistant to determined adversaries who may already be operating in your network.
  • Adapting Incident Response to Meet the Threat Recorded: Jan 28 2014 66 mins
    As the frequency and sophistication of cyber-attacks continue to evolve, so too must your capabilities to respond. The reality of information security today is that a breach is inevitable and you must ask yourself:

    - Am I prepared for a major compromise today and how will I adapt to a changing threat in the future?
    - Do I really know my environment?
    - Do I really understand the threat?
    - Do I know where to focus my limited incident Response Capabilities?
    - Do I know how to measure the success of my Incident Response and Security plan?

    In this webcast, Jeff Schilling - Director of Incident Response and Digital Forensics at Dell SecureWorks, provides a vision for how IT security must evolve to combat the changing nature of the cyber security threat. Jeff will discuss & share:

    - The best methods for layering incident response into the security stack
    - Developing a proven capability to handle a major data breach.
    - Examples of actual incidents
    - And also provide practical recommendations you can implement quickly to minimize the "detection to response" window and better protect your networks, servers, hosts and end users.
  • Taking the Cloak off Targeted and Sophisticated Threats Recorded: Nov 19 2013 55 mins
    Cyber security is a process, not a destination. Sophisticated attackers are constantly changing tactics, techniques and procedures. Organizations must move 'in lock-step' with them to mitigate risk to operations, reputation, productivity and financials.

    During this interactive webinar, Jon Ramsey, Chief Technology Officer at Dell SecureWorks, will discuss a real-world example of a sophisticated adversary to answer the questions:

    - How is a sophisticated attack different from a commodity attack?
    - What kind of malware do sophisticated attackers use?
    - How do sophisticated attackers maneuver around your network?
    - What can you do to stop them?
  • Threat Intelligence – Staying in Lock-Step with Attackers Recorded: Oct 30 2013 52 mins
    A rapidly evolving threat landscape is being driven by a growing sophistication among attackers. As a result, organizations must move closer to the threat they face and marshal change in their operations to move ‘in lock-step’ with attackers that pose a direct and credible threat to their operations and reputations. Threat intelligence provides the visibility into threats brewing across the Internet beyond the network edge – closing the gap between what organizations can see today and where these actors reside.

    In this webinar, Mike Rothman, President of Securosis and prolific security blogger, and Rick Hayes, Sr. Consultant for Cyber Intelligence Services at Dell SecureWorks, pair up to discuss the challenges ahead for organizations and how focused Threat Intelligence has a key role to play. The session will discuss why a threat intelligence capability is so critical, share insights into specific threat vectors and how threat intelligence played a direct role in countering threats.

    Topics covered:

    - How the threat landscape is evolving and driving new approaches for security organizations to counter the threat
    - Why threat intelligence must become a key element of security operations going forward
    - Show how threat intelligence can counter the threat posed to organizations
  • Battle Test Your Security Defenses Recorded: Jul 30 2013 30 mins
    Learn How Red Team Testing Can Prevent Breaches.

    On July 18, over 500 individuals from U.S. financial institutions and the government participated in Quantum Dawn 2, a simulated cyber-attack designed to test security defenses and incident response plans. The exercise is a massive Red Team/Blue Team exercise to test the security defenses and responses of participating organizations against cyber threats to identify vulnerabilities and areas for improvement.

    Red Team testing is an adversary-based assessment of risk. It helps you understand how your security systems will respond to attacks in a controlled, non-hostile environment.

    Rick Hayes, Senior Manager of Dell SecureWorks Security and Risk Consulting practice, will discuss how Red Team Testing works and provide real-world examples.

    Topics covered:

    - What is Red Team Testing
    - How is Red Team Testing different than network-defense techniques like Penetration Testing
    - What tactics do attackers use today that can be addressed through Red Team Testing
  • Breaking the Kill Chain Recorded: Apr 24 2013 55 mins
    How Threat Intelligence Shortens the Incident Response Timeline

    When sophisticated and organized threat actors target your organization, stopping their campaign before sensitive assets have been compromised is the priority. The steps the actors take are part of a well-defined process referred to as the 'kill chain.' However, the kill chain can vary for each actor, making it difficult to contain and disrupt the threat. For this reason, many organizations are working to develop stronger threat intelligence capabilities that can supply information on threat actors and their tradecraft.

    Jeff Schilling, director of our Incident Response team and former chief of current operations, U.S. Army Cyber Command, will share real-world examples of how intelligence on adversaries and their tradecraft can be applied to improve incident response. Jeff will provide insights on the kill chain and why threat intelligence is increasingly critical to defending against advanced attackers.

    Key Topics:

    Understanding the kill chain as a framework for understanding how threat actors operate
    Gaining insights on threat actors and their tradecraft
    How threat intelligence can enable Incident Responders to more effectively counter adversaries
    Real-world examples of threat intelligence helping Incident Responders identify and eradicate threats more quickly
  • Threat Indicators: Telltale Signs You’ve Been Owned Recorded: Apr 3 2013 43 mins
    Based on the recent high-profile reports of attackers compromising victims long before the breach is discovered, many security professionals want to know: “Are we already compromised?”

    Jeff Schilling, Director of our Incident Response team and former chief of current operations, U.S. Army Cyber Command, will discuss threat indicators, the subtle traces of an attacker’s tradecraft and presence in your environment. Jeff will share findings from helping organizations defend against targeted attacks, focusing on tactics, techniques and procedures (TTP) exhibited by organized cybercriminals and APT. He will also discuss using threat indicators to learn about the adversary, and how vital this intelligence is to successful incident response.
  • Why Your CIRP is Vital against Malware Attacks Recorded: Feb 14 2013 47 mins
    What every bank needs to know to handle a cyber attack.

    Do you know what to do first if you find malware on your network or if your website gets taken down by hackers? The more prepared you are to handle various incidents on your network, the better you are to remediate attacks. As long as your bank is under attack, not only can your confidential files can be compromised, they can also be exfiltrated.

    The best way to remediate an attack is by following a Computer Incident Response Plan (CIRP), which will help you get your network running securely and properly as quickly as possible. An effective CIRP will reduce the length of the attack, cut costs by shortening the “discovery to containment cycle” and quicken the response time needed to restore normal operations. A CIRP will also ensure that your bank has the team, skills, tools and policies in place to conduct the following activities:

    - Assemble log data
    - Conduct forensic investigations
    - Find and remove all malware
    - Stop further damage
    - Communicate appropriately with all stakeholders
  • Anatomy of an Advanced Persistent Threat Recorded: May 31 2012 45 mins
    Advanced Persistent Threat (APT) attacks are different from other types of cyber threats. They happen when someone or some entity decides you have something they want and they are willing to invest resources and time to get it. The defensive tools, procedures and security controls commonly used to handle traditional threats are often ineffective against APT attacks. Because of their level of operational sophistication and persistence, APT actors are making IT security professionals rethink how they should design their security defenses and approaches.

    Dennis Dwyer, Dell SecureWorks Counter Threat Unit security analyst, explains the APT phases and “lifecycle” and provides recommendations on what you can do to anticipate, prepare for, discover and mitigate APTs.

    - The lifecycle and anatomy of an Advanced Persistent Threat attack
    - How large scale and deep-rooted compromises work
    - Predictions on the evolution of this developing threat in 2012
World-Class Information Security Services
With thousands of clients worldwide, Dell SecureWorks processes more than 70 billion cyber events daily, giving the security provider an unparalleled view into the attack landscape. This intelligence, combined with the expertise of its renowned Counter Threat Unit (CTU) research team and the advanced technology of its Counter Threat Platform, enables Dell SecureWorks to correlate, analyze and condense billions of cyber events into actionable, meaningful intelligence.

Dell SecureWorks offers a wide-range of security solutions, including its award-winning Managed Security Services, Threat Intelligence, Security & Risk Consulting and Incident Response and Digital Forensics services.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Threat Indicators: Telltale Signs You’ve Been Owned
  • Live at: Apr 3 2013 6:00 pm
  • Presented by: Jeff Schilling - Director of Incident Response and Digital Forensics at Dell SecureWorks
  • From:
Your email has been sent.
or close
You must be logged in to email this