Name: Dissecting the Golden SAML Attack Used by Attackers Exploiting SUNBURST Backdoor
Start: 2021-03-05T14:55:00Z
End: 2021-03-05T14:56:34.000Z
Location: BrightTALK
Rating: 2

Exabeam is a leader in intelligence and automation that powers security operations for the world’s smartest companies. As a global cybersecurity leader, Exabeam provides industry-proven, security-focused, and flexible solutions for faster, more accurate threat detection, investigation, and response (TDIR). Cutting-edge technology enhances security operations center performance, optimizing workflows and accelerating time to resolution. With consistent leadership in AI innovation and a proven track record in security information and event management (SIEM) and user behavior analytics, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline operations. Learn more at www.exabeam.com.

本セミナーでは実際に起こり得る内部不正シナリオをもとに、内部不正対策の基本原則をご説明し、AIを活用した内部不正行為の可視化や、検知、調査、対応の自動化を実現するための具体的な方法や、その際に立ちはだかる様々な障害をどのように乗り越えるべきかについて解説いたします。

AIを活用した内部不正行為の可視化と調査、対応の自動化

Join us for an exclusive global partner call where we’ll unveil exciting updates and celebrate our collective success. This session will spotlight:

Q3 Highlights and key achievements across the partner ecosystem.
The relaunch of the APEX Partner Program, designed to drive greater value and growth.
Training and Certification enhancements to empower your teams.
Powerful marketing tools you can start using today.
Expanded support for our Managed Security Service Providers (MSSPs).
Insights from Exabeam executives on strategy and vision.
Recognition of excellence with our Q3 Partner Awards.

Whether you're a long-time partner or newly onboarded, this is your opportunity to stay informed, inspired, and connected. Don’t miss out—register now!

Have queries about the webinar or other topics? Submit them to partnerprograms@exabeam.com

Exabeam APEX Partner Program November Briefing- (APJ)

Join us for an exclusive global partner call where we’ll unveil exciting updates and celebrate our collective success. This session will spotlight:

Q3 Highlights and key achievements across the partner ecosystem.
The relaunch of the APEX Partner Program, designed to drive greater value and growth.
Training and Certification enhancements to empower your teams.
Powerful marketing tools you can start using today.
Expanded support for our Managed Security Service Providers (MSSPs).
Insights from Exabeam executives on strategy and vision.
Recognition of excellence with our Q3 Partner Award.

Whether you're a long-time partner or newly onboarded, this is your opportunity to stay informed, inspired, and connected. Don’t miss out—register now!

Have queries about the webinar or other topics? Submit them to partnerprograms@exabeam.com

Exabeam APEX Partner Program November Briefing- (Americas, Europe, Middle East)

Recent breaches have exposed a critical vulnerability in modern security strategies: The overreliance on endpoint-centric tools. As attackers increasingly exploit third-party integrations and OAuth token abuse to bypass traditional defences, it’s clear that application security is no longer secondary – it’s the new frontline.

This session explored how the focus on endpoint protection has created dangerous blind spots in SaaS and application ecosystems. We dissected one of these breaches, examined token-based compromises, and questioned the assumption that EDR and log-based SIEM tools are sufficient.

We also explored a new approach to modern security, emphasising the correlation of user and entity behaviour across endpoints, applications and cloud services. By stitching together cohesive threat timelines, applying business context and leveraging AI-driven risk scoring, security teams can better detect lateral movement, credential abuse and application-layer threats missed by traditional tools.

Key Takeaways:
• Learn the mechanics and lessons of an application centric breach.
• Identify gaps in endpoint and traditional SIEM strategies.
• See how behavioural analytics and timeline investigations can streamline responses.

The Blind Spot: When Endpoint Obsession Leaves Applications Exposed

Elevating Your Security Operations 

In today's fast-paced security landscape, organizations operating on-prem SIEMs face the daunting task of maintaining dependable log management, ensuring efficient workflows, and achieving clear visibility into threats and cases. These challenges are critical to keeping pace with growing security demands. 

With these updates, LogRhythm empowers your organization with stronger data availability across geographies, faster access to actionable insights, and a more streamlined analyst experience. These improvements are designed to help your team maximize the value of your existing SIEM investments, ensuring that you stay ahead of emerging threats and maintain a robust security posture. 

Join us for an exclusive webinar where we delve into the latest LogRhythm SIEM updates. Discover how our new features, including multi-cluster log forwarding, advanced metric widgets, and the unified Threat Center tab, can transform your security operations. Learn how these enhancements provide stronger data availability, faster insights, and a more efficient analyst experience.  

Register now to secure your spot!

October 2025 Quarterly Launch, LogRhythm SIEM

Exabeam is proud to announce the latest advancements in the New-Scale Security Operations Platform, transforming SOCs from reactive entities into proactive strategic partners. This release addresses key industry challenges such as alert fatigue, manual workflows, and fragmented automation.    

Benchmarking and Risk Prioritization from continued development of  Exabeam Nova AI agents  
Outcomes Navigator is intelligent and insightful. It now offers dual benchmarking, allowing CISOs to measure security posture against industry peers and compliance frameworks. This provides data-driven insights powered by the first peer benchmarking Agent improves security decisions by comparing results against industry, region, and organizational size. Additionally, it also aligns to compliance benchmarking, which measures against adopted frameworks such as HIPAA, PCI, ISO, and NIST. Strategically, Customizable Risk Ratings add business context to threat triage, enabling SOCs to prioritize detections based on business priorities and reduce noise.  

Enhanced Automation and Success Center  
The embedded Success Center accelerates adoption by providing onboarding plans, documentation, and resources directly within the product. Expanded automation capabilities include new out-of-the-box integrations, a community-driven playbook marketplace with GitHub support, and secure behind-the-firewall execution, ensuring comprehensive response actions across cloud, hybrid, and on-prem environments.  

With these updates, Exabeam redefines the role of a security operations platform. It continuously advises, adapts, and accelerates SOC workflows, enabling organizations to close gaps faster, reduce analyst fatigue, and deliver measurable improvements in security posture with greater confidence.

October 2025 Quarterly Launch, New-Scale Security Operations Platform

Insider threats have entered a new era — fueled by AI, shaped by behavioral blind spots, and overlooked by executive leadership. Join the TEN18 by Exabeam team as we break down the findings from our 2025 global Insider Threat Report: From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk.
 
In this session, our security experts and threat researchers will analyze the latest data from over 1,000 cybersecurity professionals and provide actionable insights for security analysts, SOC leaders, and CISOs alike. You’ll walk away with a clear understanding of:

- How GenAI and AI agents are changing the definition of “insider”
- Where visibility is breaking down—and what tools and analytics can close the gap
- What role leadership plays in underestimating the threat—and how to change the conversation
- How your region and industry stack up against global benchmarks.

Whether you're building your first insider threat program or looking to level up detection and response, this session will ground you in the data and help you reimagine your strategy for the AI era.

From Human to Hybrid: How AI and the Analytics Gap Are Fueling Insider Risk

In this conversational session hosted originally by SASIG, we explored the often-overlooked risks posed by insiders, including third parties, contractors, and even long-time employees.

From grey areas of access to personal motives and hidden intent, we’ll challenge common assumptions and shine a light on the dangers that arise when trust goes unchecked.

What we covered:

- Exposing blind spots – how those closest to your organisation can pose the biggest risks.
- Rethinking insider risk – It’s more than just employees; third parties and trusted partners matter too.
- Understanding intent – Before it becomes a costly incident.
- Harnessing analytics – Use behavioural insights and data to uncover early warning signs.

We heard real stories, experiences, and real-world takeaways.

Trusted and Not Verified: The Blind Spots Fuelling Insider Threats

We listened to your feedback, benchmarked against the best in the industry, and built a next-generation partner program focused on what matters most: delivering value and driving outcomes through competency, collaboration, and clarity.

Join us for an exclusive partner session featuring insights from our Global Channel Chief and Regional Channel Leaders as we unveil the new Exabeam APEX Partner Program — designed to accelerate your success and unlock powerful new opportunities.

What’s in store:
• The New APEX Program – streamlined tiering, enhanced benefits, and a clear path to growth
• Partner Activation & Enablement – new MDF programs, revamped certifications, and demo tools to accelerate value
• Technical & Success Support – dedicated PTAMs and coordinated Customer Success to ensure partner and customer outcomes
• Elevated Experience – improved communications, more events, and tighter go-to-market alignment
• Expanded Channel Team – new leadership and focused program & marketing resources to scale execution
• Regional Partner Summits – coming in the second half of the year to bring the program to life near you

Whether you're a long-time partner or just getting started, this is your front-row seat to the future of Exabeam partnerships.

Don’t miss it — register now and get ready to scale faster, sell smarter, and win bigger.
LETS GOOOOOOOOO!

Exabeam APEX Partner Program: Channel Evolution - APJ

Exabeam APEX Partner Program: Channel Evolution - Americas/LATAM

Exabeam APEX Partner Program: Channel Evolution – Europe

Exabeam APEX Partner Program: Channel Evolution - iMETA

Join Steve Wilson, Chief AI and Product Officer at Exabeam, for a forward-looking discussion on how agentic AI is reshaping the future of security operations. Steve will break down the promise of multi-agent AI — a groundbreaking approach where intelligent agents work alongside security teams to automate and accelerate every phase of the SOC workflow.

Learn how Exabeam Nova delivers industry-leading, end-to-end AI: from machine learning-driven threat detection, to intelligent agents that mimic the work of human analysts by building timelines, collecting evidence, and accelerating investigations. But it doesn’t stop there — Nova also operates as a virtual security advisor, surfacing recommendations for improving coverage, identifying gaps in data collection, and delivering strategic insights that help SOC leaders stay ahead of evolving threats.


If you have queries that have not been answered, please contact us at marketingconnect@exabeam.com

Episode 3: Agentic AI on the Cybersecurity Battlefield

The July 2025 release delivers powerful updates to LogRhythm SIEM, helping security teams detect threats faster, reduce manual effort, and streamline investigations.
 
Highlights include smarter alarm filtering to surface high-risk activity, instant log drill-down in Data Indexer Dashboards, and a new Developer Portal with prebuilt code and simplified API docs for faster automation.
 
Join Product Marketing Manager Raffaela Kenny-Cincotta,  Senior Product Managers Jake Haldeman and Ryan Gamboa for a live walkthrough of what’s new. See how these enhancements drive sharper investigations, cleaner workflows, and tighter integration across your detection and response ecosystem.

LogRhythm SIEM - July 2025 Quarterly Launch

Learn how to develop and automate interactions with large language models (LLMs). This session covers prompt engineering, workflow automation, and real-world end-to-end security use cases with third-party LLMs-equipping you with the technical skills to elevate your cybersecurity operations through advanced generative AI integration.

If you have queries that have not been answered above, please contact us at marketingconnect@exabeam.com

Episode 2: Fast-track security automation with LLM-driven workflows

Security operations are changing fast—and so are we. Join Kevin Binder, Sr. Product Marketing Manager, and Matt Willems, Director of Product Management, for an exclusive first look at the latest evolution of the Exabeam platform, New-Scale Security Operations Platform.

This upcoming release is packed with innovations designed to help you drive greater visibility for leadership, move from alert to action faster, and gain more control over how you scale and manage your security environment. While we can’t reveal the details just yet, we’ll be unveiling powerful new capabilities during this live webinar—plus demonstrating how they work in real-world scenarios.

Whether you're a CISO looking to prove program value, a SOC leader seeking efficiency, or an analyst battling alert fatigue, this release delivers something for everyone. Don’t miss your chance to be the first to see how Exabeam continues to lead the way in intelligent, adaptable, and outcome-driven security operations.

What You’ll Learn:
How this release pushes the boundaries of visibility, automation, and scale
Why these updates matter for SOC teams, security leaders, and platform owners
Live demonstrations of new features in action (revealed for the first time!)
Q&A with product experts on how to get the most from the new capabilities

Reserve your seat now—new innovations will be revealed live!

July 2025 Quarterly Launch - What’s New at Exabeam: Advancing the Future of Security Operations

Join Steve Wilson as he examines two real-world case studies-the British Library and Lapsus$ attacks alongside original research to reveal critical gaps in cybersecurity readiness. Discover how AI and machine learning can address these vulnerabilities, empowering teams to become more resilient, adaptive, and proactive defenders.

Connect with us at marketingconnect@exabeam.com for enquires and schedule a demo.

Episode 1: The Machines Are Learning, But Are We?

As AI continues to evolve, agentic AI – autonomous systems that make independent decisions – offers immense potential for cybersecurity. However, it also introduces new risks. This session explored how organisations can leverage Agentic AI for advanced cyber defences while addressing its associated challenges.

We examined both the successes and challenges faced in deploying AI-powered security operations platforms. These examples highlighted how businesses use AI to detect and respond to threats, as well as the lessons learned from real-world implementations.

Watch the session recording to gain practical insights on:

- AI-driven defence strategies
- The importance of continuous monitoring
- Key lessons learned in protecting organisations from evolving cyber risks

We also discussed how to build a resilient cybersecurity framework in an era where AI is both a tool and a potential threat.


Guest chaired by
Simon Mair, Consultant CISO, ACDS

Navigating Agentic AI: Strategies to Safeguard Against Cyber Risk

In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
•How a Golden SAML attack works
•Possible ways to mitigate via preventive controls
•Methods for detection via SIEM rules and threat hunting
•What Office 365 logs do and don’t tell us about federated logins

You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from: 
•Domain controllers
•ADFS servers
•Office 365 audit log

This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

Watch on-demand now!

Dissecting the Golden SAML Attack Used by Attackers Exploiting SUNBURST Backdoor

Cyber Attacks

Cyber Security

SIEM

Golden SAML

Threat Detection

Threat Hunting

Threat Research

Security Analysis

Security Analytics

Cyber Threats

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Dissecting the Golden SAML Attack Used by Attackers Exploiting SUNBURST Backdoor

Presented by

About this talk

Exabeam