Hi [[ session.user.profile.firstName ]]

[EMEA] Logging & threat detection in the cloud

The momentum behind the growth of cloud services is unstoppable, as businesses seek software, applications, and infrastructure that are more flexible and cost-effective. According to analysts, nearly half of all application spend is now invested in cloud services, and this cloud-first trend is only going in one direction.

In this technical webinar LogRhythm’s Daniel Crossley outlines logging and threat detection strategies within cloud environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and Office 365.

The session covers:
• Logging: An overview of cloud logging mechanisms
• Log ingestion: Log collection from cloud environments
• Analytics: Threat detection use cases for cloud environments

The aim of this session is to give you a better understanding of logging and threat detection in cloud environments.
Jun 22 9:00 am UTC 43 mins
Starting in 00:00:00
Your place is confirmed,
we'll send you email reminders
Presented by
Dan Crossley, SE CISSP, LogRhythm
Presentation preview: [EMEA] Logging & threat detection in the cloud

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Dissecting the Golden SAML Attack Used by Attackers Exploiting SUNBURST Backdoor Jul 21 2021 4:00 pm UTC 95 mins
    Randy Franklin Smith, Sally Vincent, and Dan Kaiser
    In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

    Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
    •How a Golden SAML attack works
    •Possible ways to mitigate via preventive controls
    •Methods for detection via SIEM rules and threat hunting
    •What Office 365 logs do and don’t tell us about federated logins

    You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from:
    •Domain controllers
    •ADFS servers
    •Office 365 audit log

    This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

    Watch on-demand now!
  • Reducing corporate security risk with next-gen security operations Jul 12 2021 8:00 am UTC 60 mins
    Amjad Khader, Enterprise Sales Manager, LogRhythm & Elie Sfeir, Senior Business Development Manager, Dimension Data
    Today’s security operations center (SOC) teams face more challenges than ever before. The remote working environment caused by Covid-19 has presented new challenges and enhanced business and technical requirements, meaning SOCs have had to pivot their focus from traditional network perimeter defences.

    In this live webinar Amjad Khader, Enterprise Sales Manager, LogRhythm is joined by Elie Sfeir, Senior Business Development Manager, Dimension Data, to discuss how digital transformation in business is introducing many new and evolving technologies, such as cloud computing, big data, social media, and IoT. They will outline how traditional security information and event management (SIEM) and other analytical tools are no longer sufficient to monitor more complex environments. Highlighting the need for SOC teams to evolve to extend monitoring beyond on-premise into cloud services, mobile devices, and more.

    In this session you’ll hear:
    - Current cybersecurity trends and the impacts of Covid-19 on the industry
    - How digital transformation is introducing new and enhanced security risks and growing the network perimeter
    - Why traditional SIEM lacks performance compared to next-gen security solutions
  • CISO to CISO: How to Be Security First Jun 22 2021 5:00 pm UTC 60 mins
    James Carder and Paul Caiazzo
    Today’s CISO faces many challenges, including building security operations center teams and retaining that talent, getting financial support from the board, and balancing where they invest that money to enhance their security posture. Another challenge that CISOs face today is how to successfully set a security-first mindset across the organization.

    LogRhythm CSO, James Carder, and Avertium CISO, Paul Caiazzo, will discuss how to overcome the many challenges they face in the current cybersecurity landscape. This roundtable discussion will include hot topics like ransomware, XDR, Zero Trust, and so much more.

    James and Paul will explore important topics such as:
    • Threat trends and countermeasures in the healthcare and technology sectors
    • How we are seeing customers leverage XDR, NDR, and ZTN to prevent and detect threats
    • An open conversation around ransomware and data theft

    This interactive webinar is a can’t miss for security leaders who want to be security first. Register now!
  • [EMEA] Logging & threat detection in the cloud Jun 22 2021 9:00 am UTC 43 mins
    Dan Crossley, SE CISSP, LogRhythm
    The momentum behind the growth of cloud services is unstoppable, as businesses seek software, applications, and infrastructure that are more flexible and cost-effective. According to analysts, nearly half of all application spend is now invested in cloud services, and this cloud-first trend is only going in one direction.

    In this technical webinar LogRhythm’s Daniel Crossley outlines logging and threat detection strategies within cloud environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and Office 365.

    The session covers:
    • Logging: An overview of cloud logging mechanisms
    • Log ingestion: Log collection from cloud environments
    • Analytics: Threat detection use cases for cloud environments

    The aim of this session is to give you a better understanding of logging and threat detection in cloud environments.
  • [APAC] Moving Laterally to O365 Cloud Using a Domain Trust Modification Attack Jun 22 2021 2:00 am UTC 90 mins
    Nick Cavalancia, Dan Kaiser, Brian Coulson, and Sally Vincent
    The months following last December’s SolarWinds SUNBURST supply chain attack have brought forth plenty of intelligence around the tactics, techniques, and processes used to compromise thousands of organization’s networks. The threat actors, dubbed the APT group UNC2452, moved laterally within the victim’s on-premises environment and jumped to their Microsoft 365 tenant.

    This hybrid movement can occur via a “Golden SAML” attack, that includes the manipulation of the domain federation trust settings in Azure and potentially within the on-premises AD Federated Services deployment (MITRE ATT&CK technique T1484.002 - Domain Trust Modification) by configuring the domain to accept authorization tokens signed by UNC2452’s SAML signing certificate (technique T1606.002 – Forge Web Credentials: SAML tokens).

    In the first part, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:
    - The role of ADFS, domain trusts, and certificates
    - The value of moving laterally from on-prem to the cloud
    - The potential impact both for the initial and subsequent attacks

    Brian Coulson - Threat Research Principal Engineer, Sally Vincent and Dan Kaiser, both Threat Research Senior Engineers all at LogRhythm, then provide multiple perspectives while simulating the attack and exploring log artifacts of the attack from within the LogRhythm SIEM.

    Brian, Sally, and Dan explore how a malicious actor could add a federated domain to a Microsoft 365 tenant and discuss how the addition of the federated domain will enable the attacker’s progression towards their objectives. They simulate the attack and consider the attack from the standpoint of threat hunter or detection engineer, examining the log artifacts from Azure and on-premises sources. Finally, they demonstrate threat hunting and real time detection of this technique in the LogRhythm SIEM.
  • Aligning Security Controls with Leading Cybersecurity Frameworks Recorded: Jun 15 2021 90 mins
    Nick Cavalancia and Rem Jaques
    The success of every cyberattack today rests solely on what kind of user accounts the bad guys can get their hands on. The goal is to achieve elevated levels of access, whether accomplished by obtaining and abusing existing account credentials or by leveraging vulnerabilities to bypass User Account Control.

    In the past few years, we’ve seen a massive development in cybersecurity frameworks designed to provide organizations with strategic guidance on how to best secure environments against the ever-changing face of cyberthreats. But how do you turn cybersecurity frameworks like NIST 800-171, CMMC, ISO 27001, and CIS Critical Security Controls into practical and actionable steps to improve your organization’s cybersecurity stance and protect against specific tactics, techniques, and procedures (TTP) outlined in MITRE?

    In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:

    - Which cybersecurity frameworks should you be paying attention to?
    - Compliance vs. Security: Why frameworks and MITRE aren’t (and never will be) aligned
    - Attempting to map framework controls and objectives with MITRE TTPs

    Rem Jaques, Senior Engineer – Compliance Research, from LogRhythm will also join Nick. Rem provides an outline of MITRE TTP T1078: Valid Accounts, covering related procedures, mitigations, and detection methods via LogRhythm SIEM with practical implementation through detections for privilege escalation and brute force authentication. Rem then displays related account management and access control objectives found in major compliance frameworks and provide insight on how these objectives overlap and intersect with MITRE.

    Watch on-demand now!
  • [APAC] Automate Threat Detection with LogRhythm MistNet NDR & SIEM Recorded: Jun 10 2021 58 mins
    Leonardo Hutabarat, LogRhythm APAC Sales Engineering Manager
    In this webinar, we'll showcase how to leverage machine learning-driven threat detection and customizable automation to achieve a truly unified view of your environment. Efficiently automate mitigation strategies based on real-life adversarial attacks for streamlined threat detection.

    Join us in this LIVE session to gain insights to:
    • A live demo where we quickly detect & mitigate malware and other use cases with MistNet NDR and LogRhythm SIEM
    • How LogRhythm's built-in MITRE ATT&CK Engine delivers a complete model of enterprise activity at network, host, user and process level.
    • Achieving accurate threat detection and block advanced attacks.

    Save your spot!
  • Staying agile and cyber resilient in a virtual world Recorded: May 27 2021 34 mins
    Jonathan Cummings, Director of Cyber Resilience, Direct Line Group & Kev Eley, VP of Sales Europe, LogRhythm
    Managing a successful security program can be hard. Ensuring your business remains agile and competitive whilst also being protected from adverse cyber incidents can be a balancing act. And proving value to the board can bring its own challenges.

    In this on demand Q&A Direct Line Group’s Director of Cyber Resilience, Jonathan Cummings and LogRhythm’s VP of Sales Europe, Kev Eley will delve into how Jonathan balances these requirements. The session answers questions such as:

    • How to communicate the necessity to operate a cyber resilience framework to the business?
    • What barriers need to be overcome to ensure that the framework can be implemented effectively?
    • Where to start in improving capabilities as part of the framework?
    • How does Direct Line maintain its cyber resilience in a virtual world?

    If you are struggling to get approval for your security program, this session may offer you some of the help you need.
  • [APAC] Introducing MistNet NDR by LogRhythm: Network Threat Detection Made Easy. Recorded: May 26 2021 58 mins
    Dan Crossley, Enterprise Sales Engineering Manager and John Golden, Enterprise Sales Manager, LogRhythm
    If we reflect on the cybersecurity news of 2020, it is clear that determined threat actors are using carefully planned and sophisticated attack techniques to breach the networks of target organisations. In any successful cyber intrusion, the threat actors successfully evaded the endpoint security systems, but the network communications provides us with an opportunity for detection.

    In this on-demand webinar, you will learn three key network-based techniques that threat actors will employ during a typical attack on a target environment. We discuss why these techniques are so successful and why you should consider an NDR solution to enhance your own threat hunting and detection approaches.

    Listen to Dan Crossley, Enterprise Sales Engineering Manager and John Golden, Enterprise Sales Manager, LogRhythm, to gain insight into the following attack techniques:
    - How attackers establish Command & Control (C2) communications and infrastructure
    - How Domain Generation Algorithms (DGAs) work and why they are used
    - How attackers can exfiltrate data via DNS tunnelling
  • Avoiding or Minimizing Ransomware Impact to the Bottom Line Recorded: May 24 2021 61 mins
    John Pescatore, SANS Director of Emerging Security Trends and Benjamin Wright, lawyer and SANS Senior Instructor
    In the event of a ransomware attack, security managers must be able to give business-relevant risk recommendations to CEOs and boards of directors. Most of the thought and effort required to do so must take place well before the attack.

    On this webcast, John Pescatore, SANS Director of Emerging Security Trends, and Benjamin Wright, lawyer and SANS Senior Instructor, will discuss key ransomware issues, including:
    - Key security processes to avoid ransomware attacks
    - Issues around ransomware payoffs if an attack succeeds
    - How cyber insurance can play a role in reducing the financial impact of an attack

    Register now for this on-demand webcast!
  • [EMEA] Five practical use cases to enhance threat detection and response Recorded: May 20 2021 43 mins
    Jake Anthony, Systems Engineer and Simon Hamilton, Client Manager, LogRhythm
    Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

    In this on-demand webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

    These include:
    • Integrating endpoint detection for improved threat hunting capabilities
    • Combining logical and physical authentication to spot anomalous access
    • Automating detection and response to phishing attacks
    • Detecting possible indicators of bit-coin mining
    • Improving incident response times through audio and visual alerting
  • [APAC] Ransomware & Zero Trust: Cyber resilience for a ‘work anywhere’ world Recorded: May 20 2021 20 mins
    James Carder, CSO & VP of Labs
    Hackers compromised Solarwinds’ source code to inject a backdoor, propagating a vast infrastructure attack impacting 18,000 customers. James Carder, CSO & VP of Labs, LogRhythm, discusses honing in on methods used in the breach and preparing for when threat actors strike again – in old or new ways. He also shares top security risks, concerns, and strategies for CISOs and businesses, including what to expect with threats like ransomware.
  • Moving Laterally to the O365 Cloud Using a Domain Trust Modification Attack Recorded: May 18 2021 90 mins
    Nick Cavalancia, Dan Kaiser, Brian Coulson, and Sally Vincent
    The months following last December’s SolarWinds SUNBURST supply chain attack have brought forth plenty of intelligence around the tactics, techniques, and processes used to compromise thousands of organization’s networks. The threat actors, dubbed the APT group UNC2452, were able to not just move laterally within the victim’s on-premises environment, but also jumped from on-prem to their Microsoft 365 tenant.

    This hybrid movement can occur via a “Golden SAML” attack, that includes the manipulation of the domain federation trust settings in Azure and potentially within the on-premises AD Federated Services deployment (MITRE ATT&CK technique T1484.002 - Domain Trust Modification) by configuring the domain to accept authorization tokens signed by UNC2452’s SAML signing certificate (technique T1606.002 – Forge Web Credentials: SAML tokens).

    In this on-demand webinar, Microsoft MVP and cybersecurity expert Nick Cavalancia will first discuss:
    - The role of ADFS, domain trusts, and certificates
    - The value of moving laterally from on-prem to the cloud
    - The potential impact both for the initial and subsequent attacks

    Nick is then joined by Brian Coulson - Threat Research Principal Engineer, Sally Vincent – Threat Research Senior Engineer, and Dan Kaiser – Threat Research Senior Engineer all at LogRhythm, who provide multiple perspectives while simulating the attack and exploring the log artifacts of the attack from within the LogRhythm SIEM.

    Brian, Sally, and Dan will explore how a malicious actor could add a federated domain to a Microsoft 365 tenant and discuss how the addition of the federated domain will enable the attacker’s progression towards their objectives. They will simulate the attack and then consider the attack from the standpoint of threat hunter or detection engineer, examining the log artifacts from Azure and on-premises sources. Finally, they will demonstrate threat hunting and real time detection of this technique in the LogRhythm SIEM.
  • [APAC] Dissecting Golden SAML attack attackers used to exploit SUNBURST backdoor Recorded: May 13 2021 94 mins
    Randy Franklin Smith, Sally Vincent, and Dan Kaiser
    In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

    Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
    •How a Golden SAML attack works
    •Possible ways to mitigate via preventive controls
    •Methods for detection via SIEM rules and threat hunting
    •What Office 365 logs do and don’t tell us about federated logins

    You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from:
    •Domain controllers
    •ADFS servers
    •Office 365 audit log

    This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

    Watch on-demand now!
  • Supercharging LogRhythm: Using Jupyter Notebook to enhance threat hunting Recorded: May 12 2021 42 mins
    Jake Anthony, Enterprise Sales Engineer, LogRhythm
    Having a well-run, foundational SIEM for your security posture is a fantastic goal for most organizations, however that shouldn’t be where the drive to improve organizational security stops.

    In this webinar replay, Jake Anthony, Enterprise Sales Engineer, LogRhythm, looked at how combining Open Source technologies such as Jupyter Notebook can enhance your security posture through optimization and integration with the LogRhythm NextGen SIEM Platform.

    Watch on-demand to discover:
    • LogRhythm & Open Source
    • What is Jupyter Notebook
    • How you can leverage it in your environment to:
    o Streamline MITRE ATT&CK tag creation
    o Expand visualisation capabilities
    o Enhance threat hunting playbooks
  • [EMEA] When ATT&CK is the best form of defence Recorded: May 10 2021 48 mins
    Kev Eley, Client Director, LogRhythm and Dan Crossley, SE CISSP, LogRhythm
    “If you know the enemy and know yourself you need not fear the results of a hundred battles” Sun Tzu. The MITRE ATT&CK knowledge base provides a mechanism to understand the tactics employed by adversaries to compromise systems and ultimately exfiltrate data.

    In this on-demand webinar, Kev Eley and Dan Crossley outline genuine attack scenarios in the context of ATT&CK and discuss effective techniques for thwarting bad actors.

    Watch this webinar if you are a SOC manager, security analyst, security architect and you are responsible for stopping cyberattacks to protect your organisation.
  • [EMEA] MITRE ATT&CK: An update in SIEM alignment Recorded: May 6 2021 40 mins
    Andrew Hollister, Senior Director, LogRhythm Labs Security, LogRhythm
    In this on-demand webinar, Andrew provides an overview of how security professionals and the businesses that employ them can benefit from integrating the MITRE ATT&CK framework into their SIEM. He also expands on how feeding data from a wide set of technologies including endpoint detection and response (EDR), antivirus/anti-malware, intrusion detection/prevention systems (IDS/IPS), and other products can help businesses get the most out of their SOCs.
  • [APAC] Detecting and Blocking Malware Threats with SIEM + EDR Recorded: Apr 28 2021 58 mins
    Harrison Midkiff and Brandon DeMeo
    As cyberthreats continue to grow, it’s crucial to focus on endpoint data and attacker behavior to achieve enterprise-wide visibility and enable proactive detection before threats become a high-impact incident.

    LogRhythm and Carbon Black together deliver a powerful integration that combines endpoint detection and response (EDR) with advanced analytics and automated response capabilities.

    In this on-demand webinar, co-presented with VMware Carbon Black, you will see how EDR and the LogRhythm NextGen SIEM Platform work together to reduce your time to respond to malware threats.

    Watch the on-demand webcast today to listen in on Harrison Midkiff and Brandon DeMeo as they walked through two live demonstrations and a use case examples showing the value of these two solutions working together!
  • [EMEA] Threat Intelligence Platforms and LogRhythm Recorded: Apr 22 2021 50 mins
    Oliver Gheorghe, Enterprise Sales Engineer and Sander Bakker, Enterprise Sales Manager
    According to Gartner "Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.”

    In this on-demand webinar you’ll discover how SIEM technology provides a way of reducing your mean time to detect and respond to potential threats. Using threat intelligence to identify potential risks to organisations that have not been observed and providing additional context around potential threats by combining external threat feeds with the LogRhythm platform.

    Watch Oliver Gheorghe, Enterprise Sales Engineer and Sander Bakker, Enterprise Sales Manager, LogRhythm, who will outline the following:
    - Introduction to threat intelligence
    - Threat Intelligence Platform Overview and Use-cases
    - Automating threat intelligence with LogRhythm
  • [APAC] Ransomware & Zero Trust: Cyber resilience for a ‘work anywhere’ world Recorded: Apr 20 2021 20 mins
    James Carder, CSO & VP of Labs
    Hackers compromised Solarwinds’ source code to inject a backdoor, propagating a vast infrastructure attack impacting 18,000 customers. James Carder, CSO & VP of Labs, LogRhythm, discusses honing in on methods used in the breach and preparing for when threat actors strike again – in old or new ways. He also shares top security risks, concerns, and strategies for CISOs and businesses, including what to expect with threats like ransomware.
Be Security First.
LogRhythm’s award-winning NextGen SIEM Platform makes the world safer by protecting organizations, employees, and customers from the latest cyberthreats. It does this by providing a comprehensive platform with the latest security functionality, including security analytics; network detection and response (NDR); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR). Learn how LogRhythm empowers companies to be security first at logrhythm.com.

To learn more, please visit logrhythm.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: [EMEA] Logging & threat detection in the cloud
  • Live at: Jun 22 2021 9:00 am
  • Presented by: Dan Crossley, SE CISSP, LogRhythm
  • From:
Your email has been sent.
or close