Name: [APAC] Dissecting Golden SAML attack attackers used to exploit SUNBURST backdoor
Start: 2021-05-13T02:00:00Z
End: 2021-05-13T02:01:34.000Z
Location: BrightTALK
Rating: 4

Exabeam is a global cybersecurity leader that delivers AI-driven security operations. High-integrity data ingestion, powerful analytics, and workflow automation power the industry’s most advanced self-managed and cloud-native security operations platform for threat detection, investigation, and response (TDIR). With a history of leadership in SIEM and UEBA, and a legacy rooted in AI, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline security operations. Learn more at www.exabeam.com. 

46% of organizations find themselves struggling with the balance between limited resources and upholding a proactive, as opposed to reactive, approach to cybersecurity.

Along the same lines, many organizations continue to be challenged with finding the sweet spot between maintaining compliance while continuing to stay competitive and drive business value.

In this episode of The State of Security Teams webinar series, learn strategies for developing a more proactive security posture despite limited resources, and ways to integrate compliance into your broader business strategy.

Episode 4: How Security Teams Can Confront Compliance and Resource Constraints

July 2024 marks LogRhythm’s 9th consecutive quarterly release, bringing you new product enhancements to help safeguard your environment with confidence.

Product leaders will share the latest news and enhancements.

July 2024 Quarterly Launch - Cloud-Native SIEM

July 2024 marks LogRhythm’s 9th consecutive quarterly release, bringing you new product enhancements to help safeguard your environment with confidence.

Learn more about the latest enhancements to LogRhythm SIEM, our self-hosted SIEM platform. Product leaders will demo the latest enhancements and provide guidance on how to apply these enhancements to your team.

July 2024 Quarterly Launch - LogRhythm SIEM

The communication gap between security teams and non-security executives has always been a persistent barrier to effective cybersecurity management. In fact, more than 50% of cybersecurity professionals report difficulty in conveying the need for specific security solutions to executives who may not have a technical background.

In this episode of The State of the Security Team webinar series, learn how you can tailor your security communication to reach a shared organization-wide understanding of how to protect your company’s sensitive data and infrastructure.

Episode 3: Bridging the Communication Gap in Cybersecurity

Embark on a transformative journey into the heart of cybersecurity excellence this Valentine’s day with LogRhythm's CEO, Chris O'Malley, and Kev Eley, VP of Sales Europe, in this dynamic webinar that addresses why you should love your SIEM.

The foundation of a successful cyber security strategy lies in cultivating a robust partnership with a SIEM vendor that is attuned to your unique requirements and wants to build a loving long term relationship.
LogRhythm marks its seventh consecutive quarter of significant innovation, reaffirming our commitment to helping customers detect and respond to cyber-attacks. Encapsulating an unwavering commitment to innovation, a proactive approach to challenging the status quo, and a consistent history of fulfilling promises to serve customers.

Join us to explore LogRhythm's SIEMphony of love – detailing how their unique stance and partnership, not only guides organizations through evolving challenges but transforms the very essence of SIEM. You will depart with insights from proven strategies that ensures your security teams are equipped to navigate the future with skill and confidence.

Loving Your Logs This Valentine's Day

In this webinar, Jake Anthony will discuss the principals of Living off the Land (LOTL) attacks, the potential impact on today’s organizations, and how this type of threat actor may be more difficult to detect due to it using built-in legitimate tools and processes in an organizations’ operating systems. He will also discuss what security tools can be implemented and used to help protect an organization from LOTL attacks, detailing a real-life case study, and LogRhythm customer example.  
You will learn:
• The essentials of Living off the Land attacks, what they are, and how they are being used by today’s cyber criminals
• How the Volt Typhoon attack group recently used LOTL to pre-position themselves on IT networks for disruptive or destructive cyberattacks against critical infrastructure organizations 
• How a security information event management solution can be put in place to monitor, detect, investigate, and respond to such stealthy and sophisticated attacks

Living Off the Land Attacks: How best to protect your organizations' assets

PCI DSS is a set of security policies that protects credit card data and transactions. If your business processes credit card payments, you are likely required to comply. Demonstrating your PCI DSS compliance is no easy feat, but it can be made a lot easier with the right tools and processes in place.

Join Mikiann McIntosh, Risk & Compliance Engineer, and Kyle Dimitt, Compliance Research Engineer, for this on-demand webinar outlining everything you need to know for your PCI DSS compliance efforts. Through their conversation, you’ll learn:

• What PCI DSS compliance is and an overview of requirements
• Actionable steps to become PCI compliant
• How to demonstrate PCI compliance with a SIEM

How to Be PCI DSS Compliant: Tips, Tools, and Processes

This year, companies are experiencing better alignment of security strategies with business objectives, and increased confidence in budget allocation and perception of security effectiveness.

In this episode of The State of the Security Team webinar series, learn more about the success metrics of modern security teams and how you can create a proactive and resilient security culture within your organization.

Episode 2: How Modern Security Teams are Finding Success In 2024

Cybersecurity strategies are changing at an unprecedented pace — 95% of companies report having altered their security strategies within the last 12 months.

In this episode of The 2024 State of the Security Team webinar series, learn catalysts of these changes, the impact of customer demands on security strategies, and where professionals believe breach responsibilities lie within their organization.

Episode 1: The Evolving Security Landscape & Its Impact on Security Strategies

Jake Haldeman & Mike Villavicencio are your hosts of "The Cybersecurity Brew," a podcast-style webinar series providing expert advice on navigating the ever-changing threat landscape. 

During this series, our hosts share their thoughts around the latest and most significant cybersecurity headlines that impact you and answer your most pressing questions to help you defend and protect your environment. 

Each episode brings new insights and understanding into the threat landscape, so make sure to subscribe to our BrightTALK channel and series to watch every session.

The Cybersecurity Brew: Episode 8

Security teams face the challenge of staying ahead of new and advanced threats. By harnessing the combined power of LogRhythm Axon's analytics and SOC Prime's cutting-edge capabilities, security teams can proactively defend against attacks.

Watch this on-demand joint partner webinar to learn how SOC Prime’s solutions for advanced detection engineering and threat hunting, in combination with LogRhythm Axon’s real-time analytics and threat management, help you elevate your defenses at scale.

You’ll learn how to:
-Apply a collective cyber defense approach to elevate detection engineering
-Leverage a tailored rule feed on the latest adversary TTPs to enable proactive cyber defense
-Improve visibility into the cyberthreats you anticipate most
-Create high-quality detection code faster and smarter while enhancing visibility into a broader range of threats
-Improve MTTD & MTTR metrics.

Scaling Up Cyber Defense: Best Practices by SOC Prime and LogRhythm

Operational technology (OT) keeps critical infrastructure and industrial environments functioning, and due to this importance it is a high-value target for cybercriminals. It’s not just data they’re compromising – essential resources are at risk. The impact of a successful attack has the potential to cause major disruption.

LogRhythm’s Ben Oakley will take you through a real world example that demonstrates the key principles behind OT security monitoring and how to detect and respond to the unseen dangers facing our critical infrastructure.

You will learn: 
- The importance of integrating IT and OT environments to eliminate blind spots and provide robust protection against cyber threats.
- How implementing a centralized cloud-native security information and event management (SIEM) platform can upgrade your security monitoring.
- Why detecting and responding to incidents early has a greater impact on improving your security posture.

Operational Technology: The Latest Battlefield in the Ongoing Cyber War

How to Supercharge Your SecOps

It's no secret that companies are facing a huge cybersecurity talent shortage, but what can we do to help address this gap? Improve hiring processes, increase training and therefore retention, entice more women to join the industry, prevent burnout and alarm fatigue, and implement more efficient tools and technologies, could be some of the answers.
 
Our panel discussion at RhythmWorld Europe “Please Mind the Talent Gap: Innovations to Supercharge Your SecOps” took a deep dive into the challenges and provide insight into potential solutions organizations today should consider.

Hosted by Kev Eley, VP Europe at LogRhythm, he was joined by panelists, Pat Ryan, Founder of Cyber Girls First, Annabel Berry, Co-founder of Leading Cyber and Director of Ladies Hacking Society, and Chris Harding, Senior Director, Global Support Services at LogRhythm, to add their experience, expertise and suggestions to the discussion.

RhythmWorld Europe 2024 | Panel Discussion: Please Mind the "Talent" Gap

In this RhythmWorld Europe session hosted by Robin Vann, CEO at MXDR, hear how Security Orchestration Automation and Response (SOAR) can save hundreds of thousands of analyst hours, detecting events and mitigating risks faster and more efficiently than ever before. 

With experience of building SOAR solutions for large scale SOCs for many years, the duo are passionate about the benefits automation can bring in scaling human intelligence. 

This session will cover:
- Selecting and operationalizing the right SOAR/Automation platform
- Considerations for use cases, budget, and familiarity with the tooling
- Testing and how to evaluate
- The best ways of utilizing SOAR/Automation tooling to achieve three key goals
- Reduce detection time
- Speed up responses
- Increase efficiency 
- Measuring and evidencing the value of SOAR
- Plus much more…

RhythmWorld Europe 2024 | Automate to Accelerate with SOAR

Learn how a cloud-native SIEM solution can empower security teams to proactively identify and respond to threats, minimizing risk and bolstering resilience, while being agile and cost-effective. 

In this presentation you will hear about: 
• SaaS vs. Cloud-native
• Advantages of cloud-native SIEM
• Cloud-native SIEM adoption or migration considerations 
• And much more…

RhythmWorld Europe 2024 | The Advantages of Migrating to a Cloud-Native

In this panel discussion, hear first-hand from some of LogRhythm's customers about their SecOps experiences, challenges, and how they effectively utilize a SIEM solution to improve their security posture by detecting, investigating, and responding to cyberthreats efficiently, while protecting their critical data with confidence.

Moderator: 
Kev Eley, VP Europe, LogRhythm

Panelists:
- Lee Mitchell, Lead Information Security Analyst, Saga 
- David Graves, Security Architect, Institute of Chartered Accountants England and Wales
- Andrew Hollister, CISO, LogRhythm

RhythmWorld Europe 2024 | SOC-cess: Real-Life Customer Stories

Cybersecurity doesn’t operate in a vacuum! In this session Andrew will discuss the context of the emerging multi-polar threat landscape, the importance of a resilient cybersecurity program in the light of the developing threats, and how SIEM remains a critical element in modern approaches to Threat Detection and Incident Response.

RhythmWorld Europe 2024 | The Criticality of SIEM in a Multi-Polar World

Check out the highlights from RhythmWorld Europe 2024, LogRhythm's annual cybersecurity summit which took place on 30th April at CodeNode, London. In this short summary video see some of the day's activities featuring insights from our partners, customers, and prospects with key takeaways.

RhythmWorld Europe 2024 | Event Overview and Highlights

In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
•How a Golden SAML attack works
•Possible ways to mitigate via preventive controls
•Methods for detection via SIEM rules and threat hunting
•What Office 365 logs do and don’t tell us about federated logins

You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from: 
•Domain controllers
•ADFS servers
•Office 365 audit log

This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

Watch on-demand now!

[APAC] Dissecting Golden SAML attack attackers used to exploit SUNBURST backdoor

Cyber Attacks

Cyber Security

SIEM

Golden SAML

Threat Detection

Threat Hunting

Threat Research

Security Analysis

Security Analytics

Cyber Threats

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

[APAC] Dissecting Golden SAML attack attackers used to exploit SUNBURST backdoor

Presented by

About this talk

More from this channel