Hunting for the active threat in your environment.
It can take weeks, months or even years to detect a sophisticated adversary operating within your environment. Many organizations struggle to defend their network from common cyber-security threats, much less proactively hunt for an advanced and entrenched adversary. Recent network security breaches have raised the intensity of focus on detection of new threats, but what if your organization is already breached?
During this webcast, Aaron Hackworth, Executive Director of the Dell SecureWorks Counter Threat Unit Special Operations team will discuss the importance of hunting for an active adversary in your environment - an effort that goes beyond technology, engaging the adversary to identify the scope of the present threat and ensure its complete eradication.
Aaron will discuss the benefits of Targeted Threat Hunting and share examples of tactics used by targeted threat actor groups to evade detection and maintain access to their victim's systems and data. Aaron will also provide recommendations on what your team can do to heighten information security and make your environment more resistant to determined adversaries who may already be operating in your network.
RecordedFeb 24 201449 mins
Your place is confirmed, we'll send you email reminders
Ross Kinder, Senior Security Researcher, SecureWorks
Real world strategies for migrating to the cloud securely
When companies move their IT assets to the cloud, they have an opportunity to realize cost savings, accelerate innovation and improve IT performance. Unfortunately, the utility of the cloud is constrained by perceptions and misperceptions about security and control. And even without appropriate controls in place, organizations are moving to the cloud at a very fast pace.
For those of us responsible for security, this is a terrifying proposition--our most precious assets are seemingly moving outside of our control. However, perhaps, the cloud is more secure than you realize. Perhaps the cloud is a chance for a restart for how your organization looks at security of its data and applications. In this webcast, we’ll dispel some of the misperceptions that exist and jump right into both “lift and shift” and cloud native strategies for migrating to the cloud securely. Knowledge is power and this is an opportunity to advance your team’s understanding of the cloud and how to accelerate the transition.
You will learn how to:
- Develop an organization-wide cloud strategy
- Assess your risk as you adopt cloud solutions
- Identify common practices and frameworks for cloud migrations
- Determine which cloud migration architecture meets your business objectives
James Bettke, Counter Threat Unit researcher, Sean O'Connor & Shawn Cozzolino, Senior Intelligence Analysts - CISO Team
It’s a Good Time to Be a Bad Guy
Imagine a marketplace where illegal vendors offer hackers a wide range of goods, tools, and training to enable them to exploit or breach unsuspecting individuals, groups or organizations. Now imagine the walls of this marketplace lined with advertisements offering services and information. The point is, the underground marketplace is booming and only getting bigger, more sophisticated, and competitive.
Register to take a journey with James Bettke, SecureWorks Counter Threat Unit (CTU) researcher, Sean O’Connor and Shawn Cozzolino from the SecureWorks CISO Intel team as they walk you through their time spent in the Underground, tracking hackers in numerous forums and marketplaces all over the world.
When you attend this interactive webinar, you will walk away with:
- Notable trends occurring year over year in the underground hacker market
- Real examples of goods and services for sale to enable cyber-crime
- Tips on how to protect data and additional security advice
Justin Turner, Director of the Targeted Threat Hunting & Response Team, SecureWorks
Learn how Threat Hunting delivers high certainty in detecting compromise
Many organizations have information security protections in place that still fail to answer with high a level of certainty, "Have we already been compromised?" A cyber threat such as malware or even a large scale Advanced Persistent Threat could be hiding in areas of your network and go unnoticed by the untrained eye.
That’s where Threat Hunting comes in.
During this interactive webinar, Justin Turner, Director of the Targeted Threat Hunting & Response Team, will share what Hunting is, what it should tell you, and cut through industry noise. He will share experiences and insights from actual hunting engagements and will also provide recommendations for security leaders and practitioners on how to identify indicators of attacker presence leveraging threat intelligence for context to determine how to engage and resist the adversary.
In addition, you will:
- Learn what Targeted Threat Hunting must do for you
- Hear real-world examples of previous incidents and how targeted threat hunting was used to remove entrenched adversaries
- Get recommendations on strategies and tactics to aid you in your hunting
This webinar will explore another aspect of the CISO’s role as an essential business leader: guiding the organization through the crisis of a breach.
Featuring insights from CISOs and C-suite leaders who have been there and done that, the program will address incident response planning, setting C-suite and board expectations, and tips for providing the right information in a breach crisis situation to aid decision-making and public disclosures. Learn how to establish your role as part of the solution team, and how to avoid a reactionary response that too often leads to finger-pointing at the security team. You’ll take away actionable insights to apply to your own journey as an essential business leader.
This webinar will provide tips for successfully navigating the expanding role of the Chief Information Security Officer as an essential business leader. Explore leading practices for managing cybersecurity risk as a people, process and IT leader. Get tips for building a working relationship with other executive stakeholders in audit, compliance and enterprise risk. And hear how other CISOs are establishing more productive reporting relationships with the board of directors. Whether you’d like to expand your role as a risk and security professional, gain more executive support for key initiatives, or improve your relationship with the board, you’ll take away actionable insights to apply to your own journey as an essential business leader.
Hadi Hosn, Head of Security Strategy & GRC Consulting, SecureWorks
For many organizations, investments in new processes and technologies is on top of the priorities list. From behavioral analytics, big data solutions, and “one touch” processes that require no manual intervention, companies are always on the lookout for technology innovations that can achieve a considerable return on investment. When companies consider Cyber Security in such a technology dependent world, most ask, “How can we secure our business and comply with the changing legal and regulatory standards?” instead of “How do we make business focused, intelligent investments given the cyber security risks we face?”
In this webcast, Hadi Hosn, Head of Security Strategy & GRC Consulting at Dell SecureWorks, will discuss the risk based Cyber Security operating model to help companies identify and protect their most critical information assets and business processes. Hadi will focus on the most critical actions for any organization building a risk based security program.
Key topics covered include:
- Prioritizing information assets based on value to the organization
- Identifying and prioritizing risks to the assets
- Reduce risks with quick wins
- Build and deliver a security plan that aligns business and technology
- Ensure continuous business engagement on the topic of cyber security
Harlan Carvey, Security Analysis Senior Consultant, SecureWorks Counter Threat Unit Research Team
The proliferation of Ransomware has ushered in a new wave of extortionware and a new generation of malware attacks. While these types of attacks are not new, they have become more insidious and sophisticated, growing in popularity in concert with the expansion of electronic payment systems such as bitcoin. In April, the US and Canada both issued formal warnings and suggestions, but how much that is reported about this new malware is true? Are we being naïve in our efforts to block these Ransomware attacks?
Attend this webcast to learn not only the truth behind Ransomware attacks, but also how to protect your organization utilizing a holistic and unifying visibility into your network and endpoints. Secureworks Security Analysis Senior Consultant, Harlan Carvey will answer vital questions about the nature of Ransomware and provide more insight into the actors, their methods, and their motivations:
- What is Ransomware?
- How does it proliferate?
- How do I detect and block it?
- How do I know what systems are compromised or how the attacker got in?
- Do I pay the ransom if I am attacked?
- How do I ensure that I don’t become a victim (again)?
Tom Finney and Matthew Webster, Counter Threat Unit security researchers at Dell SecureWorks
Observations of Geopolitical Conflicts Transitioning to Cyberattacks
Geopolitical conflicts are more publicly transitioning into the cyber realm. With current conflicts, a cyber-component is almost always included – and the outcome can be observed in the physical world. What is the impact of these events? Can it expose trade secrets? Shut down financial markets? Or worse?
During this interactive webinar, Tom Finney and Matthew Webster, Counter Threat UnitTM security researchers at Dell SecureWorks, will cover known events, discuss the actors behind them and generally talk about the potential impacts from these threats.
In addition you will:
- Understand the relationship between specific geopolitical events and cyberattacks
- Learn about the actors behind these cyberattacks and the impact to your businesses
- Get insight into the latest attack trends
- Receive recommendations on security solutions and threat intelligence to help protect your network
Tony Kirtley, Senior Incident Response Consultant at Dell SecureWorks
Ensuring your CIRP is a plan for disaster – not a disaster waiting to happen.
Most organizations establish Cybersecurity Incident Response Plans (CIRP) with great intentions of leveraging them during security breaches. The reality is, many times once a CIRP is established it gets filed away to collect dust on a shelf until a breach occurs, leaving it out of date and out of mind. If a breach occurred tomorrow, would your organization know the proper steps and procedures to eradicate the threat... who the key stake holders are and the communications flow... when and how to reach out to a third-party for support?
All of these are included as a part of your CIRP, but using a dusty CIRP as a guide for the first time during a breach is not a plan – it’s a disaster waiting to happen. Testing your plan prior to an incident is the key to minimize the duration, impact and cost of a breach to your organization.
During this interactive webinar, Tony Kirtley, Senior Incident Response Consultant at Dell SecureWorks, will share the importance of testing your CIRP plan through regular tabletop exercises to help identify your organization's strengths and weaknesses, and further the development of your proactive security capabilities.
In addition you will learn:
- What makes an effective tabletop exercise?
- Real stories of how organizations benefited from tabletop exercises.
- The benefit of bringing in an objective third party to facilitate your table top exercise.
The increased complexity and frequency of attacks, combined with reduced effectiveness of detective or preventative control frameworks, elevate the need for organizations to roll out enterprise wide incident response initiatives to ensure rapid containment and eradication of threats.
In this webcast, Don Smith, Technology Director at Dell SecureWorks, describes three organization’s experience with “APT” actors, examining techniques deployed for intrusion, persistence, lateral expansion and exfiltration.
Don will highlight where changes to the detective or preventative control frameworks could have prevented the attackers from achieving their objectives and outline key steps to building a robust incident response plan.
Webcast takeaways include:
· Real-world examples of APT attacks
· The latest tools and techniques that advanced threat actors are using
· Recommendations for preventing and responding to APTs
Michael Musick, Solutions Architect - Public Sector, Dell SecureWorks
Today’s threat actors are more persistent and creative than ever. While anti-virus and firewalls are a good start, an effective information security program needs to be more sophisticated to protect your organization from threat actors intent on stealing sensitive data, causing disruption of services or hacktivism.
Attend this live and interactive webcast to hear Michael Musick, Solutions Architect for Dell SecureWorks, discuss how a strong cybersecurity program can protect the confidentiality, integrity and availability of sensitive data from theft, respond to ever –changing compliance regulations, and why an incident response plan is critical to risk management.
Click on the Attend button below to register for this webcast!
Chris Carlis, Principal Consultant, Dell SecureWorks Red Team
Every day your organization is under attack. External adversaries are probing your defenses, malicious insiders are looking to exploit their trusted positions and users are fighting to correctly identify the latest phishing attack.
Your adversaries are not going to play by the rules. They will use whatever methods are available to compromise your security and hit you where it hurts the most. Red Team testing can identify gaps in your defenses, show how minor vulnerabilities can result in large compromises and demonstrate the need for solid planning and preparation.
Red Team testing simulates a real-world attack by combining intelligence gathering, network and physical testing with social engineering to target your organization’s critical assets. This goal-based testing provides a depth of findings that vulnerability scanning and conventional penetration testing can’t achieve.
1.Learn How Red Team testing complements your existing security program.
2.Hear real-world examples of Red Team engagements.
3.Find out if a Red Team test is right for your organization.
Cyber criminals are targeting organisations more than ever and Australia is not immune. They know Australian organisations often lack the strong information security defenses and resources due to the lack of compliance mandates in Australia, offering a path of least resistance to assets.
While anti-virus software is an information security staple, it just isn't enough. So, where do businesses in Australia start when building a stronger plan?
In this webcast Jeff Multz, security evangelist for Dell SecureWorks, explains how the "50/30/20 Layered Security Rule" and incorporating IDS and IPS capability into your security posture is vital in fortifying your cyber defenses.
Justin Turner, Delivery Team Manager, Targeted Threat Hunting & Response
How Targeted Threat Hunting Inspects Your Network for Cyber Attacker Presence.
Many organizations have some form of information security protection in place but also wonder "Have I already been compromised?" A cyber threat such as malware or even a large scale Advanced Persistent Threat could be hiding in file systems and several other areas of your network that may go unnoticed by the untrained eye. A deep inspection of your networks is an excellent way to identify the presence of compromises and entrenched threat actors operating in your environment.
During this interactive webinar, Justin Turner, Delivery Team Manager from the Targeted Threat Hunting & Response Team, will share why it is critical to identify targeted threat indicators of attacker presence and leverage threat intelligence to provide context to determine how to engage and resist the adversary.
In addition you will:
- Learn what Targeted Threat Hunting is and why it is important.
- Hear real-world examples of previous incidents and how targeted threat hunting was used to remove entrenched adversaries.
- Receive a standard list of questions that should be answered during an engagement.
Pierre-Marc Bureau, Dell SecureWorks Counter Threat Unit Senior Security Researcher
Operating from the belief that education is the most powerful weapon, one of our foremost security researchers will provide an analysis on a recently documented stealthy malware family named Stegoloader. Our upcoming webcast will unveil the sophistication of Stegoloader’s characteristics which make it hard to analyze and detect. This webcast will help you understand the nature of Stegoloader in order to counter it more efficiently and effectively.
Pierre-Marc Bureau, Senior Security Researcher from the Counter Threat Unit (CTU), will discuss how Stegoloader cloaks its main component as a harmless Portable Network Image (PNG) while it extracts and executes malicious code hidden within an image. Although CTU researchers have not observed Stegoloader being used in targeted attacks, it has significant information stealing capabilities. Malware authors are constantly looking for ways to adapt and improve detection mechanisms, which makes Stegoloader a prime candidate for cyber-criminals arsenals. Learn how digital steganography may be a new trend for threat actors globally.
In this webcast, you will:
- Gain insight on when and where Stegoloader was first encountered.
- Learn characteristics of Stegoloader and how it operates.
- Understand digital steganography trends and how to detect and remediate.
Rapidly Detecting and Responding to the Advanced and Evasive Threat
With today’s threat actors continuing to evolve their tradecraft by employing more advanced and evasive techniques, it’s all about mitigating risk and the potential reach of any intrusion. What options do concerned security leaders have to address this challenge? Attend the SC Magazine webcast on June 16th at 2:00pm ET to learn more about the benefits of unifying advanced detection technologies for the network and endpoint with the right intelligence, people and processes. In the webcast you will learn how this approach empowers security teams to reduce the time to detect, more quickly investigate alerts and diagnose attacks, identify true positives and reduce false positives, isolate infected systems fast and focus remediation on systems and devices known to contain advanced malware.
Tom Sammel, Senior Incident Management Consultant for Proactive Services at Dell SecureWorks
An Eyes-Wide-Open Approach to Cyber Security
The last thing any organization wants is its name in a headline due to a cyber-breach. With cyber-crime on the rise, how do organizations ensure that they have their eyes open to the ever-changing threat landscape and that they’re taking the best steps to mitigate risk before a breach occurs?
Watch this in-depth webcast to learn how the proactive measures of incident management benefit organizations more than reactive incident response alone. You’ll learn:
- Why investing in preparation up front is more valuable than investing after a breach occurs
- The key people, process and technology components of an effective incident management program
- The difference between the wise way and the risky way to manage an incident, through real examples
- How the evolution to proactive services will improve your security framework
Joe Stewart, CTU Director of Malware Research, and David Shear, Network Security Analyst
This On-Demand webcast features our researchers who developed the Underground Hacker Markets report for Dell SecureWorks. In it, they revisit the hacker underground, identifying changes from 2013 and highlighting notable trends. Viewers will learn valuable tips on how to protect customer data and security advice from the Dell SecureWorks Count Threat Unit (CTU) researchers.
Ben Feinstein, Director of Dell SecureWorks Counter Threat Unit Operations
A new category of threat is emerging – a threat designed to evade traditional signature-based technologies such as Anti-Virus and Intrusion Detection. Attempting to meet the challenge is a new class of technology, “Advanced Malware Protection” or “AMP,” which is an industry term for technology designed to continuously monitor for, offload and detonate files in a sandbox - safely away from the main environment - to observe and detect malicious objects.
If a security device produces an alert in the forest, who’s there to hear it?
The challenge is these next generation advanced malware detection solutions produce so much detail about the suspicious activity that most organizations do not have the resources to thoroughly investigate/analyze. The best technology means nothing if you don’t have the right expertise to react to the alert, quickly decipher complex reports, investigate the threat, and determine the right response. And meanwhile, the threat actors aren’t standing still – they’re developing measures to circumvent controls in some traditional sandbox environments.
You will learn:
1.How the threat is evolving and how actors are employing evasive practices to overcome traditional and even some more sophisticated security defenses
2.Why next generation sandboxing and full-system emulation are the keys to combatting evasive malware threats
3.The expertise needed to accurately identify and diagnose the threat once the alert is received
4.How to ensure your organization has the ability to respond effectively to the incident and close all the backdoors a threat actor may have opened
Randy Stone, Principal Consultant, Dell SecureWorks Incident Reponse and Digital Forensics Team
When a breach happens, chaos ensues. However, for proactive organizations, a digital forensics capability can bring order to chaos and contribute to minimizing overall business impact. Digital forensics plays an integral role in any effective response to a security incident and in its aftermath.
Digital forensics investigations can help you:
•Assess which assets were compromised
•Determine what unauthorized activities were carried out
•Establish an appropriate mitigation strategy
•Assess impact to the organization for a variety of stakeholders
•Learn from previous incidents to adjust security strategy using your own threat intelligence
In this webcast, Randy Stone of the Dell SecureWorks’ Incident Response and Digital Forensics practice will share examples of how digital forensics techniques were used to understand threat actors, attack methods, and impact to organizations. Randy will highlight key operational and technical capabilities required to build and sustain a digital forensics function. He will share common mistakes made by response teams that inhibit the ability to investigate and determine the facts around an incident. Lastly, he will share tips and guidance for how organizations can assess the maturity of their digital forensics capabilities.
In this webcast, you will:
•Hear examples of previous incidents and how digital forensics techniques were used to assess impact and respond accordingly
•Find out common pitfalls that prevent an effective forensic investigation of an incident
•Learn strategies for assessing the digital forensics capabilities of your organization’s incident management function
SecureWorks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.