Hi [[ session.user.profile.firstName ]]

Adapting to Change: Cybersecurity strategies to help manage today’s challenges.

As the workforce has pivoted to a predominately remote work environment, a holistic security operations strategy is more imperative than ever. Organizations need to quickly assess and implement measures to mitigate and absorb risk. Parts of your security program might be working well, but there are likely areas where you could use sound guidance and advice from industry practitioners and proven leaders.

During this webinar, Rich Bakos, Director of Sales Engineering - LogRhythm, and Kat (Kathryn) Hall, Director of Security Operations, Global Services Demand – Optiv, will discuss topics that include:
• Adopting and leveraging managed security services
• Best practices to support a remote workforce
• Addressing resource constraints
• Overcoming infrastructure challenges

Register Now!
Recorded Apr 29 2020 42 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Rich Bakos, Director of Sales Engineering - LogRhythm, and Kat (Kathryn) Hall, Director of Security Operations - Optiv
Presentation preview: Adapting to Change: Cybersecurity strategies to help manage today’s challenges.

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • [APAC] CISO to CISO: How to Be Security First Sep 7 2021 2:00 am UTC 65 mins
    James Carder and Paul Caiazzo
    Today’s CISO faces many challenges, including building security operations center teams and retaining that talent, getting financial support from the board, and balancing where they invest that money to enhance their security posture. Another challenge that CISOs face today is how to successfully set a security-first mindset across the organization.

    LogRhythm CSO, James Carder, and Avertium CISO, Paul Caiazzo, discussed how to overcome the many challenges they face in the current cybersecurity landscape. This roundtable discussion includes hot topics like ransomware, XDR, Zero Trust, and so much more.

    James and Paul explored important topics such as:
    • Threat trends and countermeasures in the healthcare and technology sectors
    • How we are seeing customers leverage XDR, NDR, and ZTN to prevent and detect threats
    • An open conversation around ransomware and data theft

    This interactive webinar is a can’t miss for security leaders who want to be security first. Watch on-demand now!
  • [APAC] Threat Intelligence Platforms and LogRhythm Aug 24 2021 2:00 am UTC 50 mins
    Oliver Gheorghe, Enterprise Sales Engineer and Sander Bakker, Enterprise Sales Manager
    According to Gartner "Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.”

    In this on-demand webinar you’ll discover how SIEM technology provides a way of reducing your mean time to detect and respond to potential threats.

    Using threat intelligence to identify potential risks to organisations that have not been observed and providing additional context around potential threats by combining external threat feeds with the LogRhythm platform.

    Watch Oliver Gheorghe, Enterprise Sales Engineer and Sander Bakker, Enterprise Sales Manager, LogRhythm, who will outline the following:
    - Introduction to threat intelligence
    - Threat Intelligence Platform Overview and Use-cases
    - Automating threat intelligence with LogRhythm
  • [APAC] Avoiding or Minimizing Ransomware Impact to the Bottom Line Aug 12 2021 2:00 am UTC 61 mins
    John Pescatore, SANS Director of Emerging Security Trends and Benjamin Wright, lawyer and SANS Senior Instructor
    In the event of a ransomware attack, security managers must be able to give business-relevant risk recommendations to CEOs and boards of directors. Most of the thought and effort required to do so must take place well before the attack.

    On this webcast, John Pescatore, SANS Director of Emerging Security Trends, and Benjamin Wright, lawyer and SANS Senior Instructor, will discuss key ransomware issues, including:
    - Key security processes to avoid ransomware attacks
    - Issues around ransomware payoffs if an attack succeeds
    - How cyber insurance can play a role in reducing the financial impact of an attack

    Register now!
  • Executive Order Makes the Case for Zero Trust: Get Started with LogRhythm Aug 4 2021 3:00 pm UTC 60 mins
    Eric Serrano and Jeff Koehly
    In May, President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks. This is the first of many steps to modernizing the federal government’s cybersecurity defenses. Specifically, the executive order calls out cloud security and Zero Trust architectures amongst other things. But where do you begin?

    Regional Sales Manager, Eric Serrano, will introduce you to the LogRhythm NextGen SIEM Platform and how it can help you achieve the security architecture required for federal agencies. This overview of the platform will then be followed by a demonstration by Jeff Koehly, Senior Sales Engineer, where he will show how the LogRhythm SIEM can help your security teams identify and remediate threats to the organization. Learn how to:

    · Set up automated rules with our SmartResponse capabilities
    · Reduce time identifying and responding to threats
    · Empower your small, but mighty, security teams

    Register today!
  • [APAC] Aligning Security Controls with Leading Cybersecurity Frameworks Recorded: Jul 28 2021 90 mins
    Nick Cavalancia and Rem Jaques
    The success of every cyberattack today rests solely on what kind of user accounts the bad guys can get their hands on. The goal is to achieve elevated levels of access, whether accomplished by obtaining and abusing existing account credentials or by leveraging vulnerabilities to bypass User Account Control.

    In the past few years, we’ve seen a massive development in cybersecurity frameworks designed to provide organizations with strategic guidance on how to best secure environments against the ever-changing face of cyberthreats. But how do you turn cybersecurity frameworks like NIST 800-171, CMMC, ISO 27001, and CIS Critical Security Controls into practical and actionable steps to improve your organization’s cybersecurity stance and protect against specific tactics, techniques, and procedures (TTP) outlined in MITRE?

    In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:

    - Which cybersecurity frameworks should you be paying attention to?
    - Compliance vs. Security: Why frameworks and MITRE aren’t (and never will be) aligned
    - Attempting to map framework controls and objectives with MITRE TTPs

    Rem Jaques, Senior Engineer – Compliance Research, from LogRhythm will also join Nick. Rem provides an outline of MITRE TTP T1078: Valid Accounts, covering related procedures, mitigations, and detection methods via LogRhythm SIEM with practical implementation through detections for privilege escalation and brute force authentication. Rem then displays related account management and access control objectives found in major compliance frameworks and provide insight on how these objectives overlap and intersect with MITRE.

    Watch on-demand now!
  • The Modern CISO Panel: Making Security Priorities Business Priorities Recorded: Jul 22 2021 58 mins
    Seth Shestack of Temple University and Joseph P. Reynolds of BioReference Laboratories
    Did you know that 93% of security leaders are not reporting to the CEO and, on average, they are three levels away from the CEO? This makes it difficult for security leaders to build awareness around their security programs and the many security risks facing the organization.

    Recently, LogRhythm worked with Ponemon Institute to survey 1,426 cybersecurity professionals in the US, EMEA, and Asia-Pacific to learn valuable information about the role and responsibilities of today’s cybersecurity leaders. Additionally, the survey explored the challenges that security leaders face in creating a strong security posture.

    In this on-demand webcast, a panel of security leaders talk about the findings from the Ponemon survey and their experiences and challenges obtaining executive support. Learn how you can make security priorities business priorities. Register today!
  • Moving Laterally to the O365 Cloud Using a Domain Trust Modification Attack Recorded: Jul 22 2021 90 mins
    Nick Cavalancia, Dan Kaiser, Brian Coulson, and Sally Vincent
    The months following last December’s SolarWinds SUNBURST supply chain attack have brought forth plenty of intelligence around the tactics, techniques, and processes used to compromise thousands of organization’s networks. The threat actors, dubbed the APT group UNC2452, were able to not just move laterally within the victim’s on-premises environment, but also jumped from on-prem to their Microsoft 365 tenant.

    This hybrid movement can occur via a “Golden SAML” attack, that includes the manipulation of the domain federation trust settings in Azure and potentially within the on-premises AD Federated Services deployment (MITRE ATT&CK technique T1484.002 - Domain Trust Modification) by configuring the domain to accept authorization tokens signed by UNC2452’s SAML signing certificate (technique T1606.002 – Forge Web Credentials: SAML tokens).

    In this on-demand webinar, Microsoft MVP and cybersecurity expert Nick Cavalancia will first discuss:
    - The role of ADFS, domain trusts, and certificates
    - The value of moving laterally from on-prem to the cloud
    - The potential impact both for the initial and subsequent attacks

    Nick is then joined by Brian Coulson - Threat Research Principal Engineer, Sally Vincent – Threat Research Senior Engineer, and Dan Kaiser – Threat Research Senior Engineer all at LogRhythm, who provide multiple perspectives while simulating the attack and exploring the log artifacts of the attack from within the LogRhythm SIEM.

    Brian, Sally, and Dan will explore how a malicious actor could add a federated domain to a Microsoft 365 tenant and discuss how the addition of the federated domain will enable the attacker’s progression towards their objectives. They will simulate the attack and then consider the attack from the standpoint of threat hunter or detection engineer, examining the log artifacts from Azure and on-premises sources. Finally, they will demonstrate threat hunting and real time detection of this technique in the LogRhythm SIEM.
  • Data Science and Machine Learning in cybersecurity Recorded: Jul 22 2021 47 mins
    LogRhythm's Melissa Ruzzi, S Product Owner, Phil Villella, Chief Scientist & Co-founder, Geoff Mattson, VP Product Management
    With the dramatic increase in the number of cyberattacks – and their advanced complexity and sophistication – over the past year, Data Science (DS) and Machine Learning (ML) are currently hot topics in cybersecurity.

    But applying these new technologies effectively to enhance your security posture is no simple task. The type of data available for the models, the variety of models available, and the nature of the tactics and techniques used by threat actors today requires a combination of both domain and technical (DS and ML) expertise.

    In this on-demand session, join LogRhythm's Melissa Ruzzi, Senior Product Owner, Phil Villella, Chief Scientist & Co-founder and Geoff Mattson, VP, Product Management, to discover:
    • The fundamental concepts of DS and ML
    • Recent cybersecurity trends
    • A holistic approach to cyber defence
    • How DS and ML can be applied to cybersecurity and the potential challenges
  • The evolution of SIEM: An introduction into XDR Recorded: Jul 22 2021 52 mins
    Fran Howarth, Practice leader, Security, Bloor Research & Jonathan Zulberg, VP Field Engineering, LogRhythm
    The security infrastructure landscape has changed a lot in the last few years and now just having a Security Information & Event Management (SIEM) platform isn’t enough to keep most organisations safe.

    In this on-demand webinar join Fran Howarth, Practice leader, Security, Bloor Research and Jonathan Zulberg, VP Field Engineering, LogRhythm, who will take you through the fundamentals of Extended Detection and Response (XDR) and what it can do to strengthen your cybersecurity defences including:

    • An overview of XDR and its use in your security infrastructure portfolio
    • How XDR can compliment all the other platforms you’re using
    • Why XDR makes such a good addition to your security stack
  • Aligning Security Controls with Leading Cybersecurity Frameworks Recorded: Jul 22 2021 90 mins
    Nick Cavalancia and Rem Jaques
    The success of every cyberattack today rests solely on what kind of user accounts the bad guys can get their hands on. The goal is to achieve elevated levels of access, whether accomplished by obtaining and abusing existing account credentials or by leveraging vulnerabilities to bypass User Account Control.

    In the past few years, we’ve seen a massive development in cybersecurity frameworks designed to provide organizations with strategic guidance on how to best secure environments against the ever-changing face of cyberthreats. But how do you turn cybersecurity frameworks like NIST 800-171, CMMC, ISO 27001, and CIS Critical Security Controls into practical and actionable steps to improve your organization’s cybersecurity stance and protect against specific tactics, techniques, and procedures (TTP) outlined in MITRE?

    In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:

    - Which cybersecurity frameworks should you be paying attention to?
    - Compliance vs. Security: Why frameworks and MITRE aren’t (and never will be) aligned
    - Attempting to map framework controls and objectives with MITRE TTPs

    Rem Jaques, Senior Engineer – Compliance Research, from LogRhythm will also join Nick. Rem provides an outline of MITRE TTP T1078: Valid Accounts, covering related procedures, mitigations, and detection methods via LogRhythm SIEM with practical implementation through detections for privilege escalation and brute force authentication. Rem then displays related account management and access control objectives found in major compliance frameworks and provide insight on how these objectives overlap and intersect with MITRE.

    Watch on-demand now!
  • CMMC: The Tools for Success Recorded: Jul 21 2021 55 mins
    Scott McDaniel of Simple Helix and Brad Tompkins of LogRhythm
    By 2026, all DoD government contractors must meet the Cybersecurity Maturity Model Certification (CMMC) standard to win contracts. This has led to contractors hastily buying tools and services without fully knowing how they will be implemented and managed to gain and maintain compliance. During this segment of the summit, Simple Helix CEO, Scott McDaniel and Brad Tompkins, Sales Engineer at LogRhythm, discussed some lessons learned from early adopters of this standard. McDaniel also explored the most daunting controls within the standard and talk through what to expect from the tools you’ll need to meet them. Watch on-demand as we examine a variety of options that will bolster your compliance success and will help foster a security-first mindset within your organization.
  • Dissecting the Golden SAML Attack Used by Attackers Exploiting SUNBURST Backdoor Recorded: Jul 21 2021 95 mins
    Randy Franklin Smith, Sally Vincent, and Dan Kaiser
    In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

    Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
    •How a Golden SAML attack works
    •Possible ways to mitigate via preventive controls
    •Methods for detection via SIEM rules and threat hunting
    •What Office 365 logs do and don’t tell us about federated logins

    You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from:
    •Domain controllers
    •ADFS servers
    •Office 365 audit log

    This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

    Watch on-demand now!
  • Lessons from our Zero Trust journey: Successes, failures & dodging pitfalls Recorded: Jul 21 2021 48 mins
    Andrew Hollister, Deputy CISO and VP of LogRhythm Labs
    A lot of vendors are jumping on the Zero Trust bandwagon, toting potential benefits and implementation paths; but how many have actually implemented it themselves? Stop talking hypotheticals and start talking about real experiences. Join Andrew Hollister, Deputy CISO and VP of LogRhythm Labs for this on demand webinar to hear his learnings, successes and failures from LogRhythm’s Zero Trust journey.
  • Detection and Response Strategies for Cloud Security Incidents Recorded: Jul 21 2021 21 mins
    Daniel Crossley, LogRhythm, Sales Engineering Manager, UK
    Join Daniel Crossley, LogRhythm, Sales Engineering Manager, UK, to discover common security incidents that happen in AWS environments and gain helpful tips for detecting and responding to them.

    In this session you will learn:
    • Common security incident types in AWS
    • The various log types in AWS
    • Helpful response strategies
  • Reducing corporate security risk with next-gen security operations Recorded: Jul 12 2021 59 mins
    Amjad Khader, Enterprise Sales Manager, LogRhythm & Elie Sfeir, Senior Business Development Manager, Dimension Data
    Today’s security operations center (SOC) teams face more challenges than ever before. The remote working environment caused by Covid-19 has presented new challenges and enhanced business and technical requirements, meaning SOCs have had to pivot their focus from traditional network perimeter defences.

    In this on-demand webinar Amjad Khader, Enterprise Sales Manager, LogRhythm is joined by Elie Sfeir, Senior Business Development Manager, Dimension Data, to discuss how digital transformation in business is introducing many new and evolving technologies, such as cloud computing, big data, social media, and IoT. They outline how traditional security information and event management (SIEM) and other analytical tools are no longer sufficient to monitor more complex environments. Highlighting the need for SOC teams to evolve to extend monitoring beyond on-premise into cloud services, mobile devices, and more.

    In this session you’ll hear:
    - Cybersecurity trends and the impacts of Covid-19 on the industry
    - How digital transformation is introducing new and enhanced security risks and growing the network perimeter
    - Why traditional SIEM lacks performance compared to next-gen security solutions
  • Don't Gamble with Golden SAML Recorded: Jun 30 2021 62 mins
    Dan Kaiser, Sally Vincent, and Jake Williams
    On December 8, 2020, FireEye announced that they had been the subject of a cybersecurity incident. Through their investigation, they discovered the SUNBURST backdoor and notified SolarWinds of the issue just four days later. This backdoor gave attackers access to Orion systems on victim networks, and once you gain control of a system like Orion, you have a ticket to ride. And ride they did.

    The attack compromised victims Office365 email accounts. But how did attackers get from the on-prem Orion systems to the Microsoft cloud?

    The Golden SAML attack.

    Golden SAML is a federated attack that steals the private keys of your ADFS server and uses them to forge a SAML token trusted by your Office 365 environment. This allows the attacker to access any O365 resource available to the impersonated user, including their mailbox.

    In this webinar, Dan Kaiser and Sally Vincent, threat research engineers from the LogRhythm Labs team, will walk through what the Golden SAML attack is and is not, how it works, and how to identify and prevent the attack in your environment. SANS senior instructor, Jake Williams, will join in on the conversation and help answer your questions about supply chain attacks.

    It's time to stop gambling with threats like Golden SAML. Watch on-demand today to learn how to detect and prevent supply chain attacks from threat research experts.
  • CISO to CISO: How to Be Security First Recorded: Jun 22 2021 65 mins
    James Carder and Paul Caiazzo
    Today’s CISO faces many challenges, including building security operations center teams and retaining that talent, getting financial support from the board, and balancing where they invest that money to enhance their security posture. Another challenge that CISOs face today is how to successfully set a security-first mindset across the organization.

    LogRhythm CSO, James Carder, and Avertium CISO, Paul Caiazzo, discussed how to overcome the many challenges they face in the current cybersecurity landscape. This roundtable discussion includes hot topics like ransomware, XDR, Zero Trust, and so much more.

    James and Paul explored important topics such as:
    • Threat trends and countermeasures in the healthcare and technology sectors
    • How we are seeing customers leverage XDR, NDR, and ZTN to prevent and detect threats
    • An open conversation around ransomware and data theft

    This interactive webinar is a can’t miss for security leaders who want to be security first. Watch on-demand now!
  • [EMEA] Logging & threat detection in the cloud Recorded: Jun 22 2021 43 mins
    Dan Crossley, SE CISSP, LogRhythm
    The momentum behind the growth of cloud services is unstoppable, as businesses seek software, applications, and infrastructure that are more flexible and cost-effective. According to analysts, nearly half of all application spend is now invested in cloud services, and this cloud-first trend is only going in one direction.

    In this technical webinar LogRhythm’s Daniel Crossley outlines logging and threat detection strategies within cloud environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and Office 365.

    The session covers:
    • Logging: An overview of cloud logging mechanisms
    • Log ingestion: Log collection from cloud environments
    • Analytics: Threat detection use cases for cloud environments

    The aim of this session is to give you a better understanding of logging and threat detection in cloud environments.
  • [APAC] Moving Laterally to O365 Cloud Using a Domain Trust Modification Attack Recorded: Jun 22 2021 90 mins
    Nick Cavalancia, Dan Kaiser, Brian Coulson, and Sally Vincent
    The months following last December’s SolarWinds SUNBURST supply chain attack have brought forth plenty of intelligence around the tactics, techniques, and processes used to compromise thousands of organization’s networks. The threat actors, dubbed the APT group UNC2452, moved laterally within the victim’s on-premises environment and jumped to their Microsoft 365 tenant.

    This hybrid movement can occur via a “Golden SAML” attack, that includes the manipulation of the domain federation trust settings in Azure and potentially within the on-premises AD Federated Services deployment (MITRE ATT&CK technique T1484.002 - Domain Trust Modification) by configuring the domain to accept authorization tokens signed by UNC2452’s SAML signing certificate (technique T1606.002 – Forge Web Credentials: SAML tokens).

    In the first part, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:
    - The role of ADFS, domain trusts, and certificates
    - The value of moving laterally from on-prem to the cloud
    - The potential impact both for the initial and subsequent attacks

    Brian Coulson - Threat Research Principal Engineer, Sally Vincent and Dan Kaiser, both Threat Research Senior Engineers all at LogRhythm, then provide multiple perspectives while simulating the attack and exploring log artifacts of the attack from within the LogRhythm SIEM.

    Brian, Sally, and Dan explore how a malicious actor could add a federated domain to a Microsoft 365 tenant and discuss how the addition of the federated domain will enable the attacker’s progression towards their objectives. They simulate the attack and consider the attack from the standpoint of threat hunter or detection engineer, examining the log artifacts from Azure and on-premises sources. Finally, they demonstrate threat hunting and real time detection of this technique in the LogRhythm SIEM.
  • Aligning Security Controls with Leading Cybersecurity Frameworks Recorded: Jun 15 2021 90 mins
    Nick Cavalancia and Rem Jaques
    The success of every cyberattack today rests solely on what kind of user accounts the bad guys can get their hands on. The goal is to achieve elevated levels of access, whether accomplished by obtaining and abusing existing account credentials or by leveraging vulnerabilities to bypass User Account Control.

    In the past few years, we’ve seen a massive development in cybersecurity frameworks designed to provide organizations with strategic guidance on how to best secure environments against the ever-changing face of cyberthreats. But how do you turn cybersecurity frameworks like NIST 800-171, CMMC, ISO 27001, and CIS Critical Security Controls into practical and actionable steps to improve your organization’s cybersecurity stance and protect against specific tactics, techniques, and procedures (TTP) outlined in MITRE?

    In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:

    - Which cybersecurity frameworks should you be paying attention to?
    - Compliance vs. Security: Why frameworks and MITRE aren’t (and never will be) aligned
    - Attempting to map framework controls and objectives with MITRE TTPs

    Rem Jaques, Senior Engineer – Compliance Research, from LogRhythm will also join Nick. Rem provides an outline of MITRE TTP T1078: Valid Accounts, covering related procedures, mitigations, and detection methods via LogRhythm SIEM with practical implementation through detections for privilege escalation and brute force authentication. Rem then displays related account management and access control objectives found in major compliance frameworks and provide insight on how these objectives overlap and intersect with MITRE.

    Watch on-demand now!
Be Security First.
LogRhythm’s award-winning NextGen SIEM Platform makes the world safer by protecting organizations, employees, and customers from the latest cyberthreats. It does this by providing a comprehensive platform with the latest security functionality, including security analytics; network detection and response (NDR); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR). Learn how LogRhythm empowers companies to be security first at logrhythm.com.

To learn more, please visit logrhythm.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Adapting to Change: Cybersecurity strategies to help manage today’s challenges.
  • Live at: Apr 29 2020 5:00 pm
  • Presented by: Rich Bakos, Director of Sales Engineering - LogRhythm, and Kat (Kathryn) Hall, Director of Security Operations - Optiv
  • From:
Your email has been sent.
or close