The CMO Imperative: Adapting your 2020 strategy during the pandemic
Marketing leaders need to immediately embrace change and find creative solutions to add value with an increased emphasis on the digital world. This talk brings CMOs from around the US to share how they're adapting to our new reality with an emphasis on:
- Reaching your audience when travel is restricted and conferences are cancelled
- Adapting your content and standing out when everyone is doubling down on digital
- Pivoting your field marketing and event strategy to focus on digital opportunities
- Filling the lead gen and brand building gap
- Shifting channel strategies, plans, budget and resources
- Keeping your employees motivated during the crisis
- Messaging effectively around coronavirus
BrightTALK has teamed up with Boston Content, DC MarTech Talks and Obility B2B to deliver this special talk.
RecordedMar 27 202081 mins
Your place is confirmed, we'll send you email reminders
Threat hunting with MITRE ATT&CK techniques can be approached in several ways.
Join members of the LogRhythm Labs team as they take you on a journey of how to use MITRE ATT&CK techniques and LogRhythm to make your threat hunting activities more valuable and effective. They will start the journey using the known techniques of MITRE ATT&CK Group APT 29, also known as the Russian threat actor group The Dukes or Cozy Bear. The team will describe the known Indicators of Compromise (IOCs) like file hashes, IP addresses, etc., and how IOCs play into MITRE ATT&CK technique searches, and dashboards. Finally, the team will dig into more unknown, or suspicious activity based on the techniques by focusing on encoded PowerShell.
- Threat hunting made easy using MITRE ATT&CK techniques
- How to create custom LogRhythm dashboards and searches.
- Moving from known, to unknown, and back to known to increase your detection capabilities
James Carder, Jeff Schmidt, Rob Sweeney, Stephen Dyson, Robert M. Lee, Sam Masiello
Attacks on operational technology (OT) have been on the rise the for decades. The rise began with the Stuxnet worm that attacked Programmable Logic Controllers (PLCs) in SCADA systems and has increased sharply in the last few years. Not only do these attacks threaten national interests, but as OT continues to be vital in day to day operations, overall business continuity is also endangered. As such, detecting OT threats has become a top priority as governments and organizations around the world implement programs and deliver mandates to protect critical infrastructure and business operations, across all sectors and verticals.
While limiting security and operational risk is a crucial issue, sometimes it’s easier said than done. Join our replay of "Managing Security and Operational Risk in Critical Infrastructure Panel" -- a top viewed session from this year's RhythmWorld conference. In this panel, security experts from across industries discuss business challenges, ways to evaluate risk, and strategies to reduce business risk with operational technology. Moderated by James Carder, LogRhythm Chief Security Officer.
- Overview of operational risk and technologies associated with different critical industry
- How security plays a role in operations and achieving business continuity
- Ways your peers have effectively met business challenges
- Recommendations to manage security and operational Risk
This on-demand webcast takes a deeper dive into the SANS white paper, How to Address a Pervasive and Unrelenting Threat, written by SANS instructor Justin Henderson. Justin moderated a panel that as they explored major themes of the paper and answered some of the leading industry questions about ransomware, including:
- What are ways that organizations can protect against infection vectors?
- What are some of the trends occurring with recent ransomware attacks?
- How does the prevention and detection of ransomware change with remote workforces?
Watch this on-demand webcast for the answers to these questions and so much more!
Ransomware is a fast-growing threat affecting thousands of government agencies and municipalities, and now it's even targeting critical ICS/SCADA operations. This webcast will explain why and how ransomware is spreading, as well as introduce standards and provide guidance for detecting and recovering from ransomware based on US-CERT and NIST resources.
Specifically, the webcast will cover how attendees can:
- Adapt their architectures to enable more effective ransomware detection and response
- Secure their systems against phishing, USB, web drive-bys and other attack vectors
- Reduce vulnerabilities through appropriate policies and user training
- Use baselining, monitoring, logging and analysis to detect ransomware
- Engage reporting, forensics and secure storage in the battle against ransomware
- Address RIPlace ransomware and its abuse of the Rename operation
Attendees will also learn about special considerations that ICS/SCADA organizations need to address.
Watch this on-demand webcast to get up to speed on the latest in ransomware and how to best defend your organization from this type of attack.
James Carder, Karen Holmes, Kip James, Christopher Mitchell, Dilip Singh
During our RhythmWorld 2020 Security Conference, a panelist of five security executives met to discuss some of the major challenges, changes, and opportunities facing chief information security officers (CISOs) today.
The Modern and Evolving Security Leader: Security Executive Panel, explores insider secrets on:
Register now to gain access to the replay on our BrightTALK channel for a limited time. You'll have one month to get the inside scoop from industry veterans James Carder, Karen Holmes, Kip James, Christopher Mitchell, and Dilip Singh. Watch the panel before it expires on November 30, 2020!
Barry Krauss (Training Director), Justin McNichol (Global Service Desk Manager) and Rob Sweeney (Technical Account Manager)
It’s an oft-repeated adage in cybersecurity: employees are your first line of defense. And while security awareness is being discussed now more than ever, statistics show that this defense could stand to improve.
For example, 43% of employees are still unaware that clicking a suspicious link or attachment could lead to a malware infection.* But of course, making meaningful improvements in security awareness is often easier said than done.
Now is the time to re-examine the state of security awareness so you're better equipped to facilitate those improvements: what are the biggest gaps in awareness, what tactics can organizations implement to address these gaps, and how will security awareness evolve as the workforce evolves?
Addressing these questions requires a variety of perspectives, so we brought together LogRhythm experts from across the organization. The following folks joined us for this discussion:
- Barry Krauss, Director of Training and Enablement
- Justin McNichol, Manager of LogRhythm’s Global Service Desk
- Rob Sweeney, Technical Account Manager and former LogRhythm customer
Watch this on-demand webinar to get answers to the above questions and more!
Eric Johnson (Principal Security Engineer at SANS)
In previous years, SANS research has examined how security and risk management leaders are leveraging modern technologies, such as infrastructure as code, containerization and security automation, to manage security in fast-paced Agile and DevOps environments.
In this years survey, authors Jim Bird and Eric Johnson will continue to explore how organizations are extending their DevSecOps security controls beyond their on-premises environments into the public cloud to secure their cloud networks, services and applications. Some highlights from the survey investigations include:
- How the cloud helps organizations move faster
Whether organizations are putting their emphasis more on the left (Dev) or the right (Ops) of DevSecOps as implemented in the cloud
- How InfoSec can take advantage of DevOps feedback loops and experiments to continuously assess, learn and improve the security of systems
- How cloud continuous integration, continuous delivery and configuration management tools are being used compared with on-premises options
Randy Franklin Smith (Ultimate Windows Security), Dan Kaiser (LogRhythm) and Sally Vincent (LogRhythm)
Threat research can be an invaluable asset to security teams when attempting to formulate a proactive stance or reactive response. Whether the subject is a previously undocumented attack type or a new variant of a well-known threat, research can provide needed context and insight that help practitioners identify and resolve gaps in their security program in order to avoid being exploited.
But techniques, methods, and actions found in threat research don’t always easily translate into practical steps you can take to prevent, detect, mitigate, or respond should a particular attack occur. While research can offer up specifics that can educate you on what occurs during an attack, what you really need is for those details to be transformed into strategies and actions based on the cybersecurity frameworks you rely on — including MITRE ATT&CK and NIST — to make the research truly valuable.
So, how can you take third-party threat research and turn it into actionable takeaways for your specific team?
During this on-demand webinar, Dan Kaiser and Sally Vincent from the LogRhythm Labs team walked through their process for reviewing third party reports using the real-world example of Maze ransomware, demonstrating how threat research can be truly useful in protecting your organization from the latest developments in cyberattacks. Specifically, they reviewed how to:
- Turn threat details into new monitoring and threat hunting techniques
- Configure your security solution to incorporate those actionable takeaways
- Use samples of Maze that have been reverse engineered to test your newly configured solution
They also demonstrated how to map third-party threat reports to ATT&CK techniques that can be used to develop mitigation, detection and response actions including:
Andy Smith (Centrify), Allen Moffett (Atos); Eric Uythoven (LexisNexis Risk), James Carder (LogRhythm)
As the number of identities an organization manages explodes, making sure the right resources (human and non-human) have the right access can be overwhelming. Whether driven by compliance requirements or security risk management, attestation processes can provide periodic visibility into dynamically changing access – who has access, who granted it and who approved it. Automating those processes is a critical step to keeping access rights in line with the principle of least privilege and more importantly, can be automatically triggered as a result of a high-risk event.
In this panel, part of the Security Outcome Deep Dive Series, identity and security experts will provide real world examples about the role of attestation processes in a security risk management program, the key stakeholders involved and how it can be achieved using technologies that may already be deployed
Andrew Hollister, Head of LogRhythm Labs & Security Advisor to the CSO
Working in security can sometimes feel as though you are sitting on top of a powder keg. It’s a fact that cybersecurity professionals are reporting higher levels of stress than they did just two years ago. We wanted to learn the causes of tension and anxiety — as well as understand potential ways teams might alleviate and remediate the potential of job burnout.
Our global survey of more than 300 security professionals and executives investigated the reasons behind increased stress on security teams, solution capabilities, deployment strategies, technology gaps, and more. In this webinar, we explored some of the key findings from this research, including:
- Why security professionals say they have more work stress than they did just two years ago.
- Just how many teams feel that they have adequate executive support.
- How capable teams say they are to detect known security threats.
- The number one reason security professionals say they would leave their jobs.
If you work in security, hearing that stress is impacting your space is likely no surprise.
Listen to this on-demand webcast to learn from Andrew Hollister, Head of LogRhythm Labs & Security Advisor to the CSO at LogRhythm, about why your team may be experiencing more stress than ever before, the effect executive support has on your program and some indicators on how to alleviate some of the issues your team may be facing.
Randy Franklin Smith (Ultimate Windows Security) and Brian Coulson (LogRhythm)
Today, ransomware attackers won’t simply back down if an organization refuses to pay the demanded sum in order to get their files back. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding ransom. Then if the victim refuses payment and initiates restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online if the ransom goes unpaid.
That threat is a completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat. And of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.
During this webcast, Randy Franklin Smith from Ultimate Windows Security provided an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He also discussed detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks, such as:
- Phishing (T1566)
- System Services (T1569)
- Command and Scripting Interpreter (T1059)
Then, Brian Coulson from LogRhythm’s Threat Research team demonstrated how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.
Watch the on-demand webcast now to learn about the latest trends in ransomware and how you can protect your organization from them.
John Pescatore, SANS Institute Director of Emerging Security Trends
Any successful security operations center (SOC) will combine skilled people, effective processes and efficient technology. Previous SANS surveys have shown that the skills of the people are the prime prerequisite to enable organizations to define critical SOC processes; create use cases, hypotheses and plans; architect effective security solutions; and efficiently deploy, operate and maintain security systems. From that skills base, sophisticated technology and tools can be used as a force multiplier. CISOs and SOC managers who can reduce or close their critical skills gaps have the highest probability of minimizing business impact from cyberattacks when budgets and staffing are constrained.
Watch the webcast to learn:
- Where hiring managers turn when sourcing potential new hires
- Which skill areas are most sought after
- What technologies employers wish new hires had hands-on experience using
- Which security technologies are perceived as enabling organizations to delay or mitigate the need for additional staff
In this webcast, SANS reviews findings from a recent report, providing expert guidance to help cyber defense professionals learn how to best leverage the MITRE ATT&CK Framework to improve their organization’s security posture.
The Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project by MITRE is an initiative started in 2015 with the goal of providing a knowledge base of adversarial tactics, based on real-world observations and accessible globally. With its rapid uptake by vendors and information security teams, ATT&CK now provides a key capability that many organizations have traditionally struggled with: A standard language of attack techniques, groups that use them, and the data sources that detect them.
This webcast reviews key ideas and strategies for using ATT&CK to inform security defenses, improve them, and quantify and demonstrate that improvement.
Watch the webcast to learn more as John Hubbard from SANS presents his findings.
James Carder (CSO and VP of LogRhythm Labs, LogRhythm) and Kevin McDonald (Healthcare Cybersecurity Advisor)
The healthcare industry already faces a number of unique challenges and threats. The data that these organizations collect includes extremely sensitive — and therefore valuable — information, making those organizations a target among cyberattackers. As telemedicine continues to grow, healthcare providers will have to address the proliferation of these threats, as well as the new cybersecurity concerns that come with a rise in adoption.
Listen to this on-demand webinar to learn about the current telemedicine landscape and the future risks and requirements healthcare organizations will need to address if they want to secure ongoing and evolving telemedicine initiatives. You’ll hear from James Carder, LogRhythm’s CSO and former healthcare security director, and Kevin McDonald, a healthcare cybersecurity advisor with decades of experience in the industry.
• The current state of telemedicine
• The cybersecurity threats specific to telemedicine
• Future risks and requirements of securing telemedicine
• Examples of how your team can best use its tools to monitor for these risks
Looking to take the next step in your career? Find out how others paved the way for success in the security field.
In this roundtable, you'll hear from tenured security professionals on how they established their careers, overcame obstacles, and ascertained new roles and promotions. Most careers in cybersecurity are anything but linear. Learn how to navigate your own path — with or without a "traditional" background.
Panelists included Kevin McDonald, Principal Healthcare Cybersecurity Advisor at MedSec, Kyle Dimitt Compliance Research, Senior Engineer at LogRhythm, and Sam Straka, Manager, Product Owners at LogRhythm.
Watch the on-demand webinar today to find out how to achieve your career goals in the world of security.
Working with the DoD? The U.S. Department of Defense (DoD) requires that your organization meet the Cybersecurity Maturity Model Certification (CMMC) requirements to bid on contracts.
During this webinar, LogRhythm federal cybersecurity experts will discuss these new requirements and help your team prepare for CMMC certification.
- What the CMMC requirement is and if your organization needs certification
- An overview of the five certification levels
- When CMMC requirements will be required
- How to use LogRhythm’s downloadable mapping of NIST controls to CMMC practices
- Q&A panel
Randy Franklin Smith, Brian Coulson, Sallie Vincent
APT29, or Cozy Bear, is well-known for its alleged infiltration of the U.S. Democratic National Committee in 2016.
And whether 2020 election security is relevant to your organization, it's worthwhile to be familiar with the threat group; other actors can easily implement many of its behaviors to target organizations across industries.
During this webinar, Randy Franklin Smith from Ultimate Windows Security and LogRhythm Labs' Threat Research team will:
- Provide a holistic overview of APT29 and its notable activities
- Share commonly-used TTPs that other threat actors can easily implement
- Demonstrate how to identify and remediate threats resulting from these TTPs
Bill Larson, Sales Engineer at LogRhythm / Paul Caiazzo, SVP of Security & Compliance at Avertium
Recent world events (COVID-19) have fundamentally changed the way organizations enable employees and provide them access to critical applications and data.
During this webinar, Bill Larson, Sales Engineer at LogRhythm and Paul Caiazzo, SVP of Security & Compliance at Avertium, will discuss topics that include:
- Fundamental best practices when implementing remote security policies
- Compliance and privacy law considerations
- Monitoring considerations in a perimeter environment
- Overcoming infrastructure challenges
Randy Franklin Smith, Dan Kaiser, Brian Coulson, Sally Vincent
MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including:
- Initial Access: Get into your network
- Persistence: Maintain their foothold
- Privilege Escalation: Gain higher-level permissions
- Defense Evasion: Avoid being detected
- Credential Access: Steal account names and passwords
- Discovery: Figure out your environment
- Lateral Movement: Move through your environment
- Collection: Gather data of interest to their goal
- Exfiltration: Steal data
The only ones missing at this time are:
- Execution: Run malicious code
- Command and Control: Communicate with compromised systems to control them
- Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data.
In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework.
Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment:
Rich Bakos, Director of Sales Engineering - LogRhythm, and Kat (Kathryn) Hall, Director of Security Operations - Optiv
As the workforce has pivoted to a predominately remote work environment, a holistic security operations strategy is more imperative than ever. Organizations need to quickly assess and implement measures to mitigate and absorb risk. Parts of your security program might be working well, but there are likely areas where you could use sound guidance and advice from industry practitioners and proven leaders.
During this webinar, Rich Bakos, Director of Sales Engineering - LogRhythm, and Kat (Kathryn) Hall, Director of Security Operations, Global Services Demand – Optiv, will discuss topics that include:
• Adopting and leveraging managed security services
• Best practices to support a remote workforce
• Addressing resource constraints
• Overcoming infrastructure challenges
LogRhythm empowers more than 4,000 customers across the globe to measurably mature their security operations program. LogRhythm's award-winning NextGen SIEM Platform delivers comprehensive security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) within a single, integrated platform for rapid detection, response, and neutralization of threats.
The CMO Imperative: Adapting your 2020 strategy during the pandemicCindy Zhou, CMO (LogRhythm), Daniel Frohnen, CMO (Sendoso), and David Pitta, CMO (BrightTALK)[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]81 mins