Name: Anatomy of an Advanced Persistent Threat
Start: 2012-05-31T17:50:00Z
End: 2012-05-31T17:50:44.000Z
Location: BrightTALK
Rating: 0

Secureworks® (NASDAQ: SCWX) a global cybersecurity leader, enables our customers and partners to outpace and outmaneuver adversaries with more precision, so they can rapidly adapt and respond to market forces to meet their business needs. With a unique combination of cloud-native, SaaS security platform and intelligence-driven security solutions, informed by 20+ years of threat intelligence and research, no other security platform is grounded and informed with this much real-world experience. 
www.secureworks.com

What you'll learn:
• A look back — and forward — at the cybersecurity landscape
• New technologies and strategies for managed security services
• Five things MSSPs need to offer today
• The role of intelligence in proactive threat hunting
• The need for open technology and industry collaboration

Managed security services are evolving rapidly in response to radical changes in the cybersecurity landscape. In this episode, we talk to Ajay Bhardwaj, General Manager of the Secureworks® Managed Security Services Program. Ajay explains how the unprecedented pace of change has shaped a need for more innovative and proactive managed services, including managed detection and response. He takes us through the must-have tools and technologies that MSSPs need to deploy in order to reduce alert fatigue, increase intelligence, and proactively hunt down threats. Openness and collaboration are also key take-home messages, not just in technology but throughout the cybersecurity ecosystem. Join us to discover how new and improved managed security services can help customers safeguard their systems.

Let's Talk SOC: Ep.11 - Proactive Threat Hunters: Transforming Managed Security

What you'll learn:
• The evolution of the ransomware “marketplace”
• Common vulnerabilities and pitfalls
• Real-life examples of ransomware engagements
• Cyber essentials for better protection
• How Secureworks can help minimize risk
• What does cybercrime have in common with your business? More than you might expect.

Terry McGraw, Secureworks VP of Global Cyber Threat Analysis, offers fascinating insight into the rise of ransomware as a service — and the increasing professionalism of the cybercrime “businesses” behind attacks. Drawing from his own experience across thousands of engagements, he’ll show you how best to protect your business, with methods ranging from patch management and MFA to identity management and backups.

Lets's Talk SOC: Ep.10 - Ransomware Goes Pro: How to Up Your Protection Game

What you'll learn:
• Incident management versus incident response
• How Secureworks takes a holistic approach
• Key lessons learned from real-life engagements
• The top three things to look for in providers

Incident management is about so much more than emergency response, something Kevin Strickland knows all about. In this episode, the Secureworks™ Director of Emergency Incident Response lays bare the scope and intricacies of effective incident management. 
You’ll hear how Secureworks anticipates, prevents, handles, and contains incidents – proactively and holistically – and how experience and lessons learned from client engagements are ultimately the best teacher. Get insight into the software and “cyber detectives” that root out and repel threats – plus, hear Kevin’s top tips for choosing the right provider.

Let’s Talk SOC: Ep.9 - Covering All the Bases for Successful Incident Management

As cyberattacks grow in frequency and severity, cyber insurance has never been more important. But rising risks can also mean rising premiums. How do you improve your security and minimize your premiums, while maximizing the value cyber insurance offers? In this episode, we talk to Florence Levy, Executive Vice President at INSUREtrust, a specialist cyber insurance broker. Florence offers fascinating insights on the interplay between cyber insurance and cybersecurity best practices — and the increasing role brokers are playing in helping clients improve their security posture and resilience. Find out what underwriters look for when evaluating your risk profile and the importance of threat prevention, detection, and response in assessing your cybersecurity strategy.

What We'll Cover

 - What is cyber insurance and what does it cover?
 - The role of cyber insurance in your overall security strategy
 - What brokers look for when assessing your risk profile
 - How to improve your security posture and reduce insurance costs
 - The role of managed services in mitigating cyber risk

Let’s Talk SOC: Ep 8 - Cybersecurity or Cyber Insurance?

Join Stefan Oancea, Principal Security Engineer at Secureworks, to find out how Secureworks is extending the value of Microsoft security solutions to deliver customers greater value. He’ll offer insights on the latest Microsoft security offerings, including ways to determine if Sentinel is the right choice to run your threat prevention, detection, and response operations. Plus, learn how Secureworks integrates with your IT environment to maximize your existing investments and fill any cybersecurity talent gaps, all while reducing risk. 

What We'll Cover 

 - Latest Microsoft security offerings 
 - Microsoft Sentinel – is it right for you? 
 - How Secureworks™ and Microsoft E5 work together 
 - How a dual approach elevates your defenses

Let’s Talk SOC: Ep 7 – Doubling Down on Defense with Secureworks & Microsoft

Expanding security threats require an expansive response, but how do you move beyond the endpoint without increasing complexity and risk? All too often, extended detection and response (XDR) is a complex hash of disjointed systems that struggle to plug the growing gaps in your attack surface. In this episode, Senior Product Marketing Manager George Anderson will tell you more about the “X” in XDR. He’ll explain what XDR is, including the distinction between XDR, EDR and MDR – and why you need to know the difference. We’ll discuss what to look out for in a vendor and how to know if a solution measures up. And we’ll explain why open, extensible security platforms hold the key to the future of XDR. 

What We'll Cover 

 - EDR, MDR, and XDR: What’s the difference? 
 - Why make the move to extended detection and response (XDR)? 
 - How much more protection does XDR offer? 
 - What to look for in an XDR vendor 
 - The unique Secureworks approach

Let’s Talk SOC: Ep 6-Understanding Your Attack Surface & Extending Your Response

What We'll Cover 

 - The current state of cybersecurity in manufacturing
 - Risks and impact of cyberattacks 
 - How manufacturers can justify security spend 
 - How Managed Detection & Response (MDR) can help 

When it comes to cyberattacks, today’s manufacturers are in the front line defending their IT and OT landscape. Rapid digital transformation has exposed cracks in the defenses of many in the industry. Join Stacy Leidwinger, Vice President of Portfolio Marketing, to hear her take on rising threat levels in the industry. Discover the true cost of potential breaches and the best lines of defense – taking a comprehensive and proactive approach to prevention, detection, and response.

Let’s Talk SOC: Ep 5 - Manufacturing Under Attack: Defending Against Ransomware

What We'll Cover 

- EDR and XDR: a comparison 
- Combining XDR and MDR in the future
- EDR vendors: The secret to success 
- How to find the right cybersecurity partner 
- Secureworks transformation and emphasis 

The era of solely relying on endpoint detection and response (EDR) is rapidly coming to an end. Even EDR vendors offering MDR or a cobbled-together extended detection and response (XDR) solution can’t solve growing attack surface gaps. In this Let’s Talk SoC podcast, Kyle Falkenhagen, Vice President of Product at Secureworks, discusses how organizations can move beyond their reliance on EDR to a solution that provides holistic security coverage that covers cloud, network, endpoint, and more using a purpose-built XDR security operations platform.

Let’s Talk SOC: Ep 4 - Moving Beyond the Endpoint: Why EDR Isn’t Enough

What We'll Cover 

 - XDR vs. SIEM 
 - Investment level needed for a SIEM purchase 
 - SOAR platform: necessary or not? 

Security Information and Event Management (SIEM) has been the solution of choice for many organizations over the years, but is it keeping up with the current demands of security teams? If you’re considering SIEM as a cybersecurity solution, listen in on this conversation with Justin Davis, Senior Systems Engineer, for what you need to know about SIEM before making additional investments.

Let’s Talk SOC: Ep 3 - What to Know Before Reinvesting in SIEM

What We'll Cover 

 - Top tips for cyber incident preparedness
 - Most common mistakes organizations make in a cyberattack 
 - Planning ahead and best practices 
 - The importance of roles and responsibilities in your response
 - The value of threat intelligence during an incident
 - Automation vs. the human touch in Cybersecurity 

In this Let’s Talk SOC podcast, Lina Lau, Principal Incident Response Consultant at Secureworks, shares top tips to improve your incident preparedness. Learn the three most common mistakes Lau sees organizations make when they fall victim to a cyberattack while getting her most-recommended steps to improve the outcome of an incident. Finally, listen in as Lau discusses the limitations of EDR — and how organizations like yours can experience the value of responding to incidents with improved speed, expert insight, and security analytics.

Let’s Talk SOC: Ep 2 - The First 24 Hours after a Cyberattack

What We'll Cover 

 - Maximizing talent to address risks: Minimizing the spend footprint 
 - CISO: The evolution of the role 
 - Security tech: Artificial Intelligence (AI) and incorporating humanization 
 - Focusing on the basics: What will pay the biggest dividends 
- About Secureworks: Technology security solutions 
 - Looking ahead: Upcoming security threats and trends in 2023 

What do you learn being a CISO at a company that helps support other CISOs? Ken Deitz, Chief Security Officer & Chief Information Security Officer at Secureworks, joins the Let’s Talk SOC podcast to discuss the current and upcoming security challenges CISOs are facing today and how they can best address them.

Let’s Talk SOC: Ep1 - Defending the Defenders: Lessons Learned as a CISO

When ransomware-as-a-service (RaaS) was introduced to the cybercrime landscape in the mid-2010s, it significantly lowered the bar to entry for cybercriminals. As a result, the scale of ransomware operations expanded, allowing cybercrime groups and their affiliates to exploit more networks resulting in higher revenue. Expertise also improved as each element of the process became specialized, making ransomware the formidable threat it is today. 

 In this session, Senior Security Researcher and intel analysis lead for cybercrime Tim Mitchell will discuss why understanding and tracking the TTPs of everyone involved in ransomware operations is important, regardless of the variant. He’ll also outline why the attribution of precursor activity is important, and how accurately doing so can inform our customers and better protect them from ransomware.

The Ransomware Ecosystem: Operators, Affiliates & Access Brokers

French subtitled

An overreliance on endpoint detection and response (EDR) alone is bound to leave holes in your cyber defense. That’s because cybersecurity incidents now originate from almost anywhere in the IT stack. In the case of our 4,500+ customers, over 60% of essential threat event and detection data comes from beyond the endpoints. 

Join us to learn how evolving threats are outpacing common defense strategies, leading many security organizations to rethink how to strategically upgrade their security and which security partner is best positioned to support them. We’ll also discuss the shortfalls of EDR protection alone — and how many organizations are looking beyond the endpoint for a more effective and efficient approach to cybersecurity. 

What you’ll learn:  
Why cybersecurity needs to move beyond the endpoint to keep pace with evolving threats and a growing attack surface 
The pitfalls of relying too heavily on endpoint detection and response (EDR) in your cyber defenses 
How to strategically improve your cybersecurity and choose the right security partner

FR: Beyond the Endpoint – Tackling Your Biggest Cybersecurity Problems

There’s no doubt that security information and event management (SIEM) platforms provide powerful threat detection tools. But SIEM technology has its (long) list of challenges - cost, skills shortages and configuration hurdles among them. As a result, the security industry is experiencing a shift, with forward-thinking businesses embracing Extended Detection and Response (XDR) due to its ability to offer improved security visibility, operational investigations capabilities and response actions across the enterprise. 

But how can security leaders know that it’s the right time for them to be embracing this shift towards XDR, and what are the best ways to get started on re-solutioning their SIEM technology? 

In ‘3 Signs It Is Time to Re-Solution Your SIEM for XDR’, Secureworks and a guest expert are here to help. Host Nick Cavalancia is joined by Ryan Alban, Senior Manager - Systems Engineering at Secureworks and Carrie Goetz, CTO of StrategITcom, to discuss: 

- The 3 signs every CISO should be aware of that it may be time to embrace XDR over SIEM technology 
- How XDR is enabling security leaders and SecOps teams to prepare for and respond to the current and emerging threat landscape  
- Best practices for getting started on your XDR journey 
- The ROI and resource benefits that XDR can drive 
- And more

3 Signs It Is Time to Re-Solution Your SIEM for XDR

The last few years have seen 10 years of digital transformation compress into 3 years and as a result, the entire architecture behind IT has changed beyond recognition for many organizations.

At the same time, the methods bad actors use to compromise IT infrastructure have also changed and innovated, too. This has resulted in the fact that many organizations' approach to securing their IT infrastructure has fallen behind, and they drastically need to keep up in order to protect their data.

This BrightTALK panel discusses the shifts that have occurred and why so many organizations are now looking to partner and move away from an EDR cybersecurity approach and move to outside assistance in the form of MDR and Managed-XDR. And, how by expecting more, enterprises will be in position to better mitigate against both today’s and tomorrow’s compromises.

Compromises Have Moved Beyond the Endpoint - You Need to Too!

Network defenders often look at "dwell time" – the time between an adversary gaining access and achieving their objectives – as a key metric in understanding threat and risk. Based on Secureworks direct observations through incident response engagements, the average dwell time for post-intrusion ransomware attacks has remained fairly constant this year compared to last, at four and a half days in 2022 compared to five in 2021.  

What that means is that on average an organization has almost a whole working week to detect and contain an intrusion before the lights go out. Understanding how ransomware operators act once inside a network is the key to exploiting this "detection window." 

In this session, Director of Threat Research Chris Yule will lead a roundtable discussion looking at how best we can prepare for and defend against the pervasive threat of ransomware.

Understanding and Defending Against the Ransomware Threat

An overreliance on endpoint detection and response (EDR) alone is bound to leave holes in your cyber defense. That’s because cybersecurity incidents now originate from almost anywhere in the IT stack. In the case of our 4,500+ customers, over 60% of essential threat event and detection data comes from beyond the endpoints. 

Join us to learn how evolving threats are outpacing common defense strategies, leading many security organizations to rethink how to strategically upgrade their security and which security partner is best positioned to support them. We’ll also discuss the shortfalls of EDR protection alone — and how many organizations are looking beyond the endpoint for a more effective and efficient approach to cybersecurity. 

What you’ll learn:  
Why cybersecurity needs to move beyond the endpoint to keep pace with evolving threats and a growing attack surface 
The pitfalls of relying too heavily on endpoint detection and response (EDR) in your cyber defenses 
How to strategically improve your cybersecurity and choose the right security partner

Beyond the Endpoint – Tackling Your Biggest Cybersecurity Problems

The rise of AI has made its way to threat detection. With AI-enabled threat detection systems predicting new attacks and notifying admins of data breaches instantly, it’s safe to say that artificial intelligence is making its mark on the security landscape. 
 
But is AI worthy of all the plaudits it's receiving, and is it a silver bullet for threat detection? Or is it ‘just’ the next building block on the road to a robust as possible security set-up? In this Secureworks panel, George Anderson, Senior Product Marketing Manager at Secureworks is joined by experts Nash Borges - VP of Software Engineering at Secureworks, Dr Rebecca Wynn - Global Chief Security Strategist & CISO, Click Solutions Group and Simon Ratcliffe - Principal Consultant, Ensono to answer the question: ‘Is AI the panacea to doing threat detection right?’
 
Learn from their experience and insights and join this panel to hear:
- What AI-enabled threat detection looks like in the real-world, away from the hype
- The most common use cases that AI-enabled threat detection makes easier to detect
- Instances where AI could potentially cause CISOs and security leaders more headaches than it removes
- The types of additional contextual prioritization AI can give, and what this means for brand, customer and employee protection 
- And more

Is AI the Panacea to Doing Threat Detection Right?

Advanced Persistent Threat (APT) attacks are different from other types of cyber threats.  They happen when someone or some entity decides you have something they want and they are willing to invest resources and time to get it. The defensive tools, procedures and security controls commonly used to handle traditional threats are often ineffective against APT attacks. Because of their level of operational sophistication and persistence, APT actors are making IT security professionals rethink how they should design their security defenses and approaches.

Dennis Dwyer, Dell SecureWorks Counter Threat Unit security analyst, explains the APT phases and “lifecycle” and provides recommendations on what you can do to anticipate, prepare for, discover and mitigate APTs.

- The lifecycle and anatomy of an Advanced Persistent Threat attack
- How large scale and deep-rooted compromises work
- Predictions on the evolution of this developing threat in 2012

Anatomy of an Advanced Persistent Threat

advanced

persistent

threat

malware

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Anatomy of an Advanced Persistent Threat

Presented by

About this talk

More from this channel