Seeing the Unseen – Detecting the Advanced Persistent Threat
Learn how Threat Hunting delivers high certainty in detecting compromise
Many organizations have information security protections in place that still fail to answer with high a level of certainty, "Have we already been compromised?" A cyber threat such as malware or even a large scale Advanced Persistent Threat could be hiding in areas of your network and go unnoticed by the untrained eye.
That’s where Threat Hunting comes in.
During this interactive webinar, Justin Turner, Director of the Targeted Threat Hunting & Response Team, will share what Hunting is, what it should tell you, and cut through industry noise. He will share experiences and insights from actual hunting engagements and will also provide recommendations for security leaders and practitioners on how to identify indicators of attacker presence leveraging threat intelligence for context to determine how to engage and resist the adversary.
In addition, you will:
- Learn what Targeted Threat Hunting must do for you
- Hear real-world examples of previous incidents and how targeted threat hunting was used to remove entrenched adversaries
- Get recommendations on strategies and tactics to aid you in your hunting
RecordedSep 14 201663 mins
Your place is confirmed, we'll send you email reminders
Matthew Webster, Senior Security Researcher, Secureworks Counter Threat Unit
All too often companies are learning the hard way — during an incident — how they could have been better prepared to stop the threat or reduce the damage. Join us for a one hour webcast, hosted by SC Magazine, featuring the key findings of Secureworks newly-released Incident Response Insights Report 2018: Risks, Remedies, and Best Practices for Defending Against Cyber Threats.
Webcast takeaways will include:
- Threat and attack trends identified by responders in 2017.
- Lessons learned by organizations in a wide variety of incident response (IR) scenarios.
- Key recommendations for IR planning, practices and capabilities that improve security defenses and mitigate business risk.
- Live Q&A with experts from our Counter Threat Unit™ (CTU) and Incident Response team.
In 2017, Secureworks’ team of incident responders helped hundreds of organizations navigate through complex and high-risk security incidents. Now the top insights from those collective engagements will be shared by speakers from the Secureworks Counter Threat Unit and Incident Response practice.
This program offers the support you need to prepare better for emerging threats, understand how you might be vulnerable, and respond more effectively when an incident does occur. Program content is appropriate for cybersecurity leaders, incident responders, CIOs, CTOs, and executives with responsibility for enterprise risk management.
Andy Norton, Director, Threat Intelligence, Lastline and Michael Rico, Senior Intrusion Analyst, Secureworks
Layered security has been the mantra for many years, but this methodology leaves gaps the adversary can leverage to compromise your organization. Applying high fidelity cyber acumen with innovative Behavioral Intelligence technology can help increase your cybersecurity resilience. With this combination of advanced technology and human expertise you can better identify and remediate malicious web and email activity to improve your security program and close gaps.
What You Will Learn:
- The factors leading to Cyber Global Warming and how you can avoid the pitfalls
- Global threat trends identified via Lastline’s behavioral intelligence
- How to measure your cyber resilience
- Why structured investigations help you get more value from your security tools
- How a managed network sandbox with Secureworks expertise helped an organization identify a real life attack
Alex Tilley, Secureworks Senior Security Researcher
From July 2017 through June 2018, Secureworks Counter Threat Unit® (CTU®) researchers analyzed incident response outcomes and conducted original research to gain insight into threat activity and behavior across 4,400 companies. Their findings, which include new data about who is conducting what types of attacks and why, will be shared in person by CTU experts on this webcast.
We’ll examine a small subset of professional criminal actors responsible for the bulk of cybercrime-related damage worldwide and explain: how they’re leveraging the underground hacker economy, why they can’t be seen by researchers and law enforcement who monitor the dark web, and how we know their tools and techniques are as sophisticated, targeted and insidious as most nation-state actors.
You’ll also learn how constant “background noise” from low-level criminality is impacting businesses around the world and see latest cost of stolen goods, hacking tools, and hacking services on the underground marketplace.
Additionally, get insight on these key findings from the report:
- Ransomware is now more sophisticated than ever. Secureworks’ CTU researchers observed no less than 257 new and distinct ransomware families in 12 months
- Cryptocurrency mining remains an extremely popular way for criminals to monetize access to infected computers. In 2017, at least one in three organizations experienced cryptocurrency mining activity on their network.
- Criminal gangs have combined advanced social engineering and network intrusion techniques with POS malware to generate millions of dollars of revenue through stolen payment card data. According to the FBI, business email compromise and business email spoofing alone have now generated $12B in financial losses since October 2013.
Panel of Secureworks Information Security Strategic and Technical Consultants
As the scope for security skill and expertise demanded of organizations extends, CISOs are increasingly turning to security consulting partners for strategic guidance and technical and advisory expertise.
There are a broad range of organizations in today’s market offering security consultancy services based on best practices and standard frameworks. Partnering with one of these firms can provide your organization with the technical expertise to improve network visibility and gain a clearer understanding of your vulnerabilities, provide the strategic and practical guidance that helps you prioritize and build out programs that enable business objectives, as well as advise on how to effectively engage with the C-suite.
What truly sets Secureworks’ information security consulting services apart is how we utilize our Counter Threat Unit™ and knowledge garnered from thousands of client engagements to ensure you are being consulted on the latest industry trends and threats. This way, the outcome is based on real-world scenarios that matter to your organization.
Join consultants across our technical and strategic practices as they share lessons learned from their most challenging engagements and the value that real-time threat intelligence has brought to those engagements.
Key topics discussed include:
• Examples of real-world engagements where the CTU™ and Consulting Practice improved the outcomes for clients
• Tools consultants use to ensure that your outcome is based on real-world scenarios and threats that matter to your organization
• Lessons learned from our most strategic and complex engagements
John Collins, SecureWorks Counter Threat Unit Principal Architect | Mike Viscuso, Carbon Black CTO
There seems to be no shortage of threats these days with attackers constantly innovating and combining different techniques with classic malware. New ransomware variants, targeted espionage campaigns, and attacks that don’t use malware at all are just a few threats that put your organization at risk. As each new attack generates global headlines, it can feel a bit overwhelming.
It’s increasingly clear that the signature-based approach of traditional antivirus (AV) can no longer provide the protection needed to keep attackers off your endpoints. Join John Collins, SecureWorks Counter Threat Unit Principal Architect and Mike Viscuso, Carbon Black CTO, as they discuss how managed Next-Generation Antivirus (NGAV) goes beyond malware prevention to ensure that organizations of all sizes stay out of the security headlines and one step ahead of emerging cyber threats.
You will learn:
• What are the indicators that I need NGAV?
• How do I know when it is time to make the move from traditional AV to NGAV?
• Why is managed NGAV better able to address Ransomware, PowerShell and WMI threats?
• What managed NGAV can do for you
Lee Lawson, Special Operation Resercher, SecureWorks Counter Threat Unit
Windows Management Instrumentation (WMI) is a Microsoft Windows administrative tool that has access to all system resources, making it powerful for both legitimate and illegitimate use. Via WMI you can do things like execute, delete and copy files; change registry values; and identify what security products are installed to aid in bypassing them.
The malicious use of WMI and other legitimate tools continues to grow and was identified as a top trend in a recent SecureWorks Threat Intelligence Executive Report. Like PowerShell, WMI is often used to create file-less attacks that are difficult to identify and stop with technology alone. This makes WMI the perfect tool for threat actors to use as camouflage while acting inside your organization.
Join us to learn:
• Why WMI is so risky
• Tips to identify malicious use of WMI
• How threat actors hide their tracks and how you can unmask them
• WMI threats identified by SecureWorks researchers
• How you can avoid becoming a victim to this growing threat vector
In a world where physical attack vectors are no longer the preferred way to attack a person of notoriety or a chief executive sta¬tus individual, the need for cyber executive protection to enhance existing cybersecurity programs and traditional executive protection has become greater than ever. With expanded use of information sharing through social media and use of technologies such as home automation, Executive’s habits, families and close personnel staff are being monitored, targeted and shared via the dark web for a number of reasons such as disruption of business, personal or brand embarrassment and financial gain just to name a few.
In this webcast, Chris Bullock, SecureWorks Managing Principal, will cover a new approach to mitigating risk to this emerging threat that encompasses:
• Analyzing ten domains of risk to an Executive, their family and close staff
• How to assess potential risk and exposure to the brand or reputational damage
• Guidance on which specific risk factors to monitor regularly to ensure preparedness
• How to implement the most effective and appropriate safeguards
Hadi Hosn, Head of Security Strategy and GRC Consulting, EMEA
Whether you like it or not, the security industry is being cloudified.
As IT moves into the Cloud, security must follow, and with IT losing its grip on the endpoint, Cloud is the only Security option. In addition, the Internet of Things continues to scale upwards, and Cloud computing will be its data repository, application engine, provisioning system and Security platform.
Join Hadi Hosn, Head of Security Strategy & GRC Consulting in EMEA, as he explains why cloud security is so important, and provides guidance on key considerations when building out a cloud security program.
In this webcast you will learn:
• 3 key principles for managing cloud security risk
• 5 common misconceptions and how to avoid them
• The 5 fundamental cloud security controls you should implement
Derek Brink, VP and Research Fellow (Aberdeen Group) | John Collins, CTU Special Operations Manager (SecureWorks)
The stakes for enterprise investments in threat detection and incident response capabilities are getting higher, as evidenced by empirical data from successful cyber attacks detected and remediated by SecureWorks, a Dell Technologies company.
The sheer growth and complexity of the technical threat landscape and vulnerability landscape means that merely keeping up is no longer enough. In cyber security, time is currently working in favor of the attackers — and time is the strategic advantage that the defenders need to regain.
Join Derek Brink, vice president and research fellow for Aberdeen Group, and John Collins, Operations Manager for the SecureWorks Counter Threat Unit Special Operations Team and Advisory Systems Engineer for threat intelligence services , to gain fact-based insights into:
• Real use cases where time to detect has impacted the business outcome
• Trends in threat actors and motivations – and how this affects your strategies for protection, detection, and response
• Quantifying the value and ROI of faster detection and response – for both attacks on availability (e.g., unplanned downtime or slowdown), and attacks on confidentiality (e.g., a data breach)
• The increasingly important role played by third party threat detection and incident response, in this rapidly evolving context
Most enterprise organizations have set up a security model that includes a first layer of security event management, responsible for capturing of logs, notification, filtering and some level of correlation. However, with the escalating number of users and logs from more and more devices, making sense of the noise and translating them into incidents that matter can be a daunting task.
In this webcast, Tony Merritt, SecureWorks Managing Principal, will cover how to leverage logs and tactics to integrate the proper incident response. Topics covered include:
• Sensing: The challenge of ever increasing in-bound noise and priorities
• Improving Sensing: What logs and events matter? How do you ensure you have visibility?
• Sense Making: Not all logs are created equal. The importance of correlation, business context, rules and use cases to determine if the incident matters.
• Decisions Making: An event has passed a threshold of incident viability. How do you connect logs and tactics into actionable response?
Aaron Shelmire and Mike McLellan, Security Researchers, Counter Threat Unit
SecureWorks Counter Threat Unit™ (CTU) researchers will discuss details of the “NotPetya” Ransomware attack. Our experts will discuss this and similar attacks, help organizations explain the importance of avoiding malicious attempts and discuss the value of recommended mitigation tactics.
In this webcast we will discuss:
• History and timeline of this attack and how it began
• What is this ransomware, how is it different from others and how it operates
• Why this is not Petya or Goldeneye
• How to be vigilant of misinformation
• SecureWorks recommended actions to protect yourself
• Interactive Q&A session
Lee Lawson, Special Operation Resercher, SecureWorks Counter Threat Unit
In a recent SecureWorks engagement, 98.5% of the 3,477 commands executed by threat actors were native to the Windows operating system.
PowerShell is a popular tool that Microsoft has been including with the Windows OS since 2009, but malicious PowerShell use is rivaling ransomware in popularity with threat actors. Security products focused on preventing endpoint threats are often not enough to differentiate legitimate from malicious PowerShell use. Join us for a discussion of why PowerShell is so risky, how SecureWorks researchers identify PowerShell threats, and how you can defend your organization.
SecureWorks Counter Threat Unit - Special Operations Researcher, Lee Lawson, will discuss how security leaders and practitioners can leverage his experience to reduce the risk and understand how to defend against PowerShell threats in your organizations.
You Will Learn:
• What PowerShell is and how it is used in “living off the land” attacks
• Why built-in tools like PowerShell are so attractive to threat actors
• Examples of malicious PowerShell use
• How to defend your organization against common methods to evade prevention and detection
Travis Wiggins, Principal Cyber Security Operations Consultant, SecureWorks
According to a recent SANS report, more than 60 percent of large-company CISOs brief the board at least annually and by the end of 2018, 70 percent of all boards will require CISOs to brief them quarterly.^
Deciding to what degree your security operations should be in-house vs outsourced is a major decision with significant cost and resource ramifications. Currently organizations globally face persistent security challenges, which collectively require people, process, technology, and strategy to address. This collection of challenges are further complicated by evolving business needs; expanding toolsets and platform options; and staffing retention and attrition. Join us to learn how a modern approach to security operations can help address these challenges.
SecureWorks Principal Cyber Security Operations Consultant and former Security Operations Center (SOC) manager, Travis Wiggins, will discuss how security leaders and practitioners can leverage his experience to more clearly define the requirements and make informed decisions about protecting your organization.
You Will Learn:
• Why making the right security operations decisions is critical to reduce business risk
• What to consider when planning a SOC and how to position the plan to leaders
• How to address talent retention, accountability, and scalability
• Why strategy and proper tools are key components in a successful SOC implementation
^ Cyber Security Trends: Aiming Ahead of the Target to Increase Security in 2017 - https://www.sans.org/reading-room/whitepapers/analyst/cyber-security-trends-aiming-target-increase-security-2017-37702
The nation's first state-mandated cybersecurity regulations regarding banking and financial services companies went into effect in New York state on March 1st. However, many businesses subject to the regulations are asking, what are these rules and how will they affect my business operations.
SecureWorks invites you to join us on April 27th for a webcast designed to help you understand these new mandates and develop an approach to ensure that your organization has a mature and effective security program in place that will not only help you achieve compliance but will improve your overall information security posture.
What you will learn:
• Which entities are covered by the mandate and what type of data needs protecting.
• The five core elements needed to establish a comprehensive cybersecurity program.
• Critical questions you should be asking your security program partner.
Fifty-two percent of security leaders rate their organizations at above average or superior when it comes to detecting or blocking ransomware before it locks or encrypts data in their systems. Yet, 36 percent also say their organizations were victims of ransomware in the past year. And 57 percent say they are more likely to be a ransomware target in 2017.
These are among the results of the 2017 Ransomware Defense Survey. Aimed at determining the true impact of ransomware on organizations across industries, the survey uncovers some stark contrasts.
ISMG Vice President of Editorial, Tom Field and SecureWorks Senior Security Researcher, Keith Jarvis, will analyze the Ransomware Defense Survey results and will discuss how security leaders can put these findings to work in their organizations.
You Will Learn About:
• The true impact of ransomware on organizations across industries
• What works and doesn't work when it comes to detecting and remediating ransomware
• Key investments enterprises are making in 2017 to shore up their ransomware defenses
• How to prevent and detect ransomware before it takes root and cripples your operations
In our "2017 Cybersecurity Threat Insights Report for Leaders" report, we shared several key findings and observations from our client engagements and about the security industry. This webcast covers our findings and observations but will also provide you with clear direction on where you need to focus your resources to evoke positive action in your security program.
During this webcast one of our lead Counter Threat Unit™ researchers, Chris Yule, who helped develop the report, gives his perspective, observations and guidance through responses to a series of questions led by our Product Marketing Director, David Puzas.
You Will Learn About:
• Our observations from our engagements and findings
• How you need to rethink core security processes and operations
• Whether the current nature and behaviors of the threat are evolving or staying constant
• What the common attack vectors are and how to protect your organization against the fundamentals of cyber-attacks
• How to focus your resources from a tactical and strategic perspective
While many organizations have technical testing performed a couple of times a year for a number of reasons: such as identifying network vulnerabilities or satisfying industry compliance requirements, the results and lessons learned are typically limited.
However, wouldn’t it be nice to see what tactics and techniques some of the most skilled testers out there are utilizing across all industries in all different levels of scope? Think of it as opportunity to learn from the good guys simulating the bad guys without having to have it done to your organization.
Watch this webcast and hear from some of SecureWorks most skilled technical testers, Nate Drier and Trenton Ivey, talk about lessons learned from some of their most challenging engagements and the trends they are seeing with clients and their defense practices.
Key topics covered include:
- Examples of real-world engagements
- Tactics and techniques commonly used to achieve their objectives
- Trends and weaknesses they are seeing in defenses
- Lessons learned
Clifford Kittle - Principal, SecureWorks Healthcare Information Security
There has been a proliferation of ransomware attacks against healthcare organizations that has ushered in a new wave of extortionware and a new generation of malware attacks. While these types of attacks are not new, they have become more insidious, sophisticated and are growing in popularity.
In order to defend against such attacks, healthcare organizations need to develop an enterprise information security strategy that not only provides visibility into networks and endpoints but also outlines comprehensive response plans in the event of an attack.
Attend this webinar to learn the truth behind ransomware attacks and also how to better prepare your organization to think beyond HIPAA compliance and think holistically about its information security program. SecureWorks Healthcare Information Security Principal, Cliff Kittle, will answer vital questions about the nature of ransomware and provide actionable recommendations to meet the challenges of today's threat environment. You will learn valuable insights about how your organization can best adopt the right strategies, tools and skills needed for a stronger information security position.
In this webinar, you will learn:
- What is the motivation behind the proliferation of Ransomware attacks? What are the projections for 2017?
- How does my organization prepare to detect and block ransomware?
- What information security strategies do healthcare organizations need to be protected?
- How does my organization respond if attacked by ransomware?
- How do I ensure that I don't become a victim (again)?
Cloud computing is enabling business transformation as organizations accelerate time to market and business agility.
Evolving cloud technologies and approaches, however, can create security gaps and human errors. Data protection rests with you and your organization and not the cloud provider.
Attend this webinar and you will:
- Discover key cloud security trends and insights for 2017 and beyond
- Understand the state of public cloud security today
- Find out how you can exceed Board expectations around the cloud
- Learn why no cloud organization is too small or too remote to be targeted
- Get steps you can take to ensure that your security meets evolving business demands
Ross Kinder, Senior Security Researcher, SecureWorks
Real world strategies for migrating to the cloud securely
When companies move their IT assets to the cloud, they have an opportunity to realize cost savings, accelerate innovation and improve IT performance. Unfortunately, the utility of the cloud is constrained by perceptions and misperceptions about security and control. And even without appropriate controls in place, organizations are moving to the cloud at a very fast pace.
For those of us responsible for security, this is a terrifying proposition--our most precious assets are seemingly moving outside of our control. However, perhaps, the cloud is more secure than you realize. Perhaps the cloud is a chance for a restart for how your organization looks at security of its data and applications. In this webcast, we’ll dispel some of the misperceptions that exist and jump right into both “lift and shift” and cloud native strategies for migrating to the cloud securely. Knowledge is power and this is an opportunity to advance your team’s understanding of the cloud and how to accelerate the transition.
You will learn how to:
- Develop an organization-wide cloud strategy
- Assess your risk as you adopt cloud solutions
- Identify common practices and frameworks for cloud migrations
- Determine which cloud migration architecture meets your business objectives
SecureWorks is a global provider of intelligence-driven information security solutions exclusively focused on protecting its clients from cyberattacks. SecureWorks’ solutions enable organizations to fortify their cyber defenses to prevent security breaches, detect malicious activity in real time, prioritize and respond rapidly to security breaches and predict emerging threats.
Seeing the Unseen – Detecting the Advanced Persistent ThreatJustin Turner, Director of the Targeted Threat Hunting & Response Team, SecureWorks[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]62 mins