Name: [APAC] Dissecting Golden SAML attack attackers used to exploit SUNBURST backdoor
Start: 2021-05-13T02:00:00Z
End: 2021-05-13T03:34:00.000Z
Location: BrightTALK
Rating: 4

LogRhythm helps busy and lean security operations teams save the day—day after day. There’s a lot riding on the shoulders of security professionals—the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources—the weight of protecting the world.

LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps.

Data exfiltration is not new, but a resurfacing risk factor to businesses all over the globe. 
 
According to Ponemon Institute's 2022 Cost of Insider Threats Global Report, insider threat incidents have increased by 44 percent during the past two years, with the global cost per incident of $15.38 million escalating quickly. Your organization must be ready to defend against these risks and challenges. 
 
In this webinar, LogRhythm International VP Joanne Wong, explores the origin of the increase in insider attacks, implications these attacks can have on your business, and outlines a holistic plan for organizations to reduce the risk of insider threats. Joanne walks you through: 
 
• Data exfiltration  
• Changes to work culture 
• Business ramifications 
 
Join us to learn how to overcome these challenges and what tools to deploy to detect and pinpoint these threat actors before they wreak havoc to your organization.

[APAC] The Ex(filtrated) Files: How to Reduce Insider Risk to Your Organization

LogRhythm’s customer obsession towards our current and future users is focused on making it easier for security analysts to monitor, detect, investigate, and respond to threats. This quarter, our product innovations are dedicated to making life easier for security teams with streamlined analyst experiences, deeper context into potential threats, and new resources for swifter adoption and sustained success.

LogRhythm SIEM version 7.12 will give analysts a simplified experience with a streamlined process for collecting and monitoring new security data sources and automated log source onboarding. LogRhythm NDR will introduce a new UI and training experience to help increase analyst productivity and create faster time to value, and that’s only the beginning!

Join us as our Product Leadership team takes a deep dive into all of this quarter’s customer-focused product enhancements.

April 2023 Quarterly Launch

Security analysts are playing an never-ending game of Mafia when it comes to insider threats. Except, unlike playing a game, failing to mitigate the threat in time will cause serious loss to the company. And there’s no reset button.

With such high stakes, it’s crucial that your team is equipped with tools that can capture information to detect when a user is behaving ‘sus’.

Join our APJ Head of Solution Engineering, Leonardo Hutabarat, as he guides you through the LogRhythm UEBA (formerly known as CloudAI) module, designed to help you do just that. He’ll go through:
- What is UEBA, and why you need it
- Use cases of LogRhythm UEBA
- UEBA Best practices

Using Advanced UEBA To Detect the ‘Imposter’ Within Your Network

Security leaders need to routinely assess security risks and leverage best practices for mitigating risks. Software as a Service (SaaS) is a delivery model for software application in which the provider hosts the application and makes it available to customers over the internet. SaaS is becoming increasingly popular as more organizations look to move their operations to the cloud. However, this also presents several security challenges. 

This presentation provides an overview of the security risk associated with SaaS, as well as best practices for mitigating these risks and protecting data. Matt Willems, Director of Product from LogRhythm, will discuss: 

• Overview of SaaS security challenges
• Importance of data encryption and secure communication protocols
• Evaluating the security controls of SaaS providers
• Best practice for securing access to SaaS applications
• Managing and monitoring SaaS usage 
• Improving incident response and disaster recovery in SaaS environment 

This webinar will conclude with discussing the importance of regularly reviewing and updating SaaS security practices to ensure ongoing protection of data in an ever-changing threat landscape.

Entering the Cloud-Native Security Era

Der Schutz Ihrer Umgebung vor Cyberangriffen ist eine komplexe Herausforderung für das gesamte Unternehmen. Und es ist eine Herausforderung, die es auch in der Zukunft noch geben wird. 

In einer Welt, in der eine Kompromittierung eine Frage des „wann“ und nicht des „ob“ ist, können es sich Analytiker nicht leisten, Lücken in der Sichtbarkeit zu belassen und Zeit mit Fehlalarmen zu vergeuden. Sie müssen sich einen Überblick über ihre gesamte Umgebung verschaffen, damit sie automatisch die wichtigsten zu untersuchenden Bedrohungen erkennen können. 

Gleichzeitig stehen Beauftragte für die Informationssicherheit (CISOs) unter enormem Druck, um Budgets und begrenzte Ressourcen mit der Unvermeidbarkeit einer Sicherheitsverletzung in Einklang zu bringen. 

Um die Belastung zu verringern, benötigen Unternehmen eine Lösung, die die Unsicherheiten durch moderne Bedrohungen, die den Schutzbereich umgehen, beseitigt und ein umfassendes Bild der Risiken erstellt, denen ihr Unternehmen ausgesetzt ist. 

In diesem Webinar erfahren Sie alles, was Sie über Network Detection und Response (NDR) und seine hochgradigen Schutzfunktionen zur Bewältigung moderner Sicherheitsherausforderungen wissen müssen. Das LogRhythm-Team wird Ihnen erläutern, wie Sie einen umfassenden Einblick in bekannte und unbekannte Bedrohungen in Ihrem Netzwerk erhalten können.  

Erfahren Sie mehr in folgenden Themen: 
• Reale Szenarien, in denen Angriffe durch NDR vereitelt wurden, die ansonsten unbemerkt geblieben wären 
• Die Möglichkeiten von NDR und wie es den Workflow von Analytikern erleichtern kann 
• Der Platz, den NDR in einer modernen Sicherheitsüberwachungsstrategie einnimmt

Verschaffen Sie sich Klarheit, wenn es um die Sichtbarkeit des Netzes geht: NDR

La protection de votre environnement contre les cyberattaques est un défi complexe qui concerne l'ensemble de vos activités. Les difficultés évoluent et les enjeux restent prioritaires à long terme.  

Comme le risque est toujours une question de "quand" et non de "si", les analystes ne doivent tolérer aucune vulnérabilité dans leur visibilité, ni perdre leur temps avec des fausses alertes. Une visibilité fine sur la totalité de l'environnement est indispensable pour identifier automatiquement les menaces les plus pertinentes.  

En parallèle, l'inévitabilité d'une violation exerce sur les responsables de la sécurité de l'information (RSSI) une pression énorme, confrontés aux problèmes d'équilibre entre besoins, budgets et ressources limitées.  

Pour réduire la pression et progresser, les entreprises ont besoin d'une solution capable d'éliminer les incertitudes liées aux menaces avancées qui échappent au périmètre et de dégager une image précise et complète des risques auxquels leurs activités sont exposées.  

Pendant ce webinaire, vous apprendrez tout ce dont vous avez besoin sur la NDR (Détection et Réponse sur Réseau) et ses capacités de protection de haut niveau pour résoudre les défis de la sécurité moderne. Avec l'équipe LogRhythm, vous découvrirez comment obtenir une visibilité à 360 degrés, couvrant les menaces connues et inconnues qui circulent sur votre réseau.  

Donnez-vous les moyens d'une visibilité complète sur votre réseau avec NDR: rejoignez-nous pour découvrir :  
• Des scénarios réels où la NDR a mis en échec des attaquants qui auraient pu passer inaperçus en son absence  
• Les capacités NDR et comment elles facilitent le workflow des analystes  
• Le rôle de la NDR dans une stratégie de sécurité moderne

Donnez-vous les moyens d'une visibilité complète sur votre réseau avec NDR

Protecting your environment against cyberattacks is a complex challenge for the whole organisation. And it’s a challenge that’s here to stay.
 
In a world where compromise is a matter of ‘when’ not ‘if’, analysts can’t afford to leave gaps in their visibility and wasting their time on chasing false alarms. They need to gain visibility to see their entire environment that automatically raises the most pertinent threats to investigate.
 
Meanwhile, Chief Information Security Officers (CISOs) are under huge amounts of pressure to balance budgets and limited resources with the inevitability of a breach.
 
To ease the burden, organisations need a solution that can remove uncertainty from advanced threats that evade the perimeter and build a comprehensive picture of the risks their organisation is facing.
 
In this webinar, you’ll learn all you need to know about network detection and response (NDR) and its high-level protection capabilities for overcoming modern security challenges. The LogRhythm team will delve into how you can gain 360-degree visibility into both known and unknown threats that cross your network.
 
Join us to discover:
• Real world scenarios where attackers were thwarted by NDR that could have been otherwise unnoticed
• The capabilities of NDR and how it can ease the analyst workflow
• NDR’s place in a modern security monitoring strategy

[APAC] Removing the Fog of War: Detect More with NDR

Cybersecurity is not a one-person job, but rather an entire organizational effort. In 2022, LogRhythm sought to understand the current state of the security team, stressors, and challenges they face, and how executives can help security teams overcome common obstacles. 

Join LogRhythm CISO Andrew Hollister and LogRhythm deputy CISO Kevin Kirkwood to learn more about the state of the security team and how to maximize your team’s efforts to increase security and productivity. Also learn about:  

• The CISO role at the C-Suite level and board
• Cybersecurity as a business imperative 
• How executives can support the security team 

Register for this webinar for an insightful look into the state of the security team and how to bridge the gap between execs and your security team to effectively protect and defend your environment.

First Line of Defense: The State of the Security Team

Security leaders need to routinely assess security risks and leverage best practices for mitigating risks. Software as a Service (SaaS) is a delivery model for software application in which the provider hosts the application and makes it available to customers over the internet. SaaS is becoming increasingly popular as more organizations look to move their operations to the cloud. However, this also presents several security challenges.

This presentation provides an overview of the security risk associated with SaaS, as well as best practices for mitigating these risks and protecting data. Matt Willems, Director of Product from LogRhythm, will discuss:

• Overview of SaaS security challenges
• Importance of data encryption and secure communication protocols
• Evaluating the security controls of SaaS providers
• Best practice for securing access to SaaS applications
• Managing and monitoring SaaS usage
• Improving incident response and disaster recovery in SaaS environment

This webinar will conclude with discussing the importance of regularly reviewing and updating SaaS security practices to ensure ongoing protection of data in an ever-changing threat landscape.

UPLOAD: Entering the Cloud-Native Security Era

Want to hear about the biggest security headlines directly from industry leaders? 

"In the News" is a webinar series that provides expert advice on navigating and understanding the ever-changing threat landscape. Keep up to date with the latest and most significant cybersecurity headlines that impact you! 

LogRhythm Channel Sales Engineers Jake Haldeman & Mike Villavicencio are your hosts during this podcast-style webinar series. During this series, our hosts guide you through the latest security news and answer your most pressing questions to help you defend and protect your environment. 

Each episode brings new insights and understanding into the threat landscape, so make sure to subscribe to our BrightTALK channel and series to watch every session.

In the News [Part 5]

Les ransomwares sont l'une des formes de cyberattaques les plus dangereuses et les plus fréquentes auxquelles sont confrontées les entreprises modernes. Ils constituent un défi de sécurité en constante évolution. Au cours du premier semestre 2022, Statista* a comptabilisé un total de 236,1 millions d'attaques impliquant une technique de ransomware dans le monde. Ce type d'attaque est devenu une source de revenus de plus en plus lucrative pour leurs auteurs. Par conséquent, la préparation d'une défense spécialisée doit être une priorité absolue pour toute organisation.  

Dans ce webinaire, notre équipe expliquera comment détecter et contrer les attaques par ransomware. Elle se concentrera en particulier sur une nouvelle technique d'attaque, le ransomware Lilith. Basé sur la console C/C++, Lilith est un ransomware conçu pour verrouiller les machines Windows et imposer une double extorsion.  

Rejoignez-nous pour découvrir :  
- Pourquoi les attaques par ransomware sont plus répandues et plus destructrices que jamais  
- Des conseils pratiques pour mieux détecter et contrer les attaques par ransomware  
- Comment une solution SIEM permet de déployer des capacités de détection en temps réel.  
- Les avantages qu'apportent la personnalisation des règles pour accélérer la réponse aux tentatives du ransomware Lilith.  

* - https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/ 

Ne vous privez pas de ces connaissances clés – Inscrivez vous à cet événement (gratuit)

Résistez aux cyberattaques à double extorsion. Contrez le ransomware Lilith.

Are you in the Dark When it Comes to Network Visibility? Detect More with NDR

Ransomware ist eine der schädlichsten und häufigsten Formen von Cyberangriffen, mit denen moderne Unternehmen konfrontiert sind. Die Angriffe entwickeln sich ständig weiter, was immer neue Sicherheitsprobleme schafft. In der ersten Hälfte des Jahres 2022 fanden laut Statista* weltweit insgesamt 236,1 Millionen Ransomware-Angriffe statt. Da diese Angriffsmethoden für die Täter eine lukrative Einnahmequelle sind, müssen Unternehmen unbedingt auf Ransomware-Angriffe vorbereitet sein.  

In diesem Webinar erläutern unsere Mitarbeiter, wie Sie Ransomware-Angriffe erkennen und entschärfen können. Der Schwerpunkt liegt dabei auf einem neuen Angriffstool, der Ransomware Lilith. Lilith ist eine C/C++-Konsolen-basierte Ransomware, mit der sich Double-Extortion-Angriffe (Angriffe mit mehreren Druckmitteln) durchführen lassen, bei denen Windows-Rechner gesperrt werden.  

In unserem Webinar zeigen wir Ihnen: 
- Warum Ransomware-Angriffe heute weiter verbreitet und zerstörerischer sind als je zuvor  
- Praxistipps zur Erkennung und Entschärfung von Ransomware-Angriffen  
- Wie Sie mithilfe eines SIEMs Bedrohungen in Echtzeit entdecken können  
- Wie Ihnen benutzerdefinierte Regeln helfen können, schnell auf Angriffe mit der Ransomware Lilith zu reagieren   

* - https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/ 

Versäumen Sie dieses Event nicht – registrieren Sie sich jetzt (kostenlos)

Abwehr von Double-Extortion-Angriffen: So entschärfen Sie die Ransomware Lilith

Achieving compliance certification is a badge of honour. Not only does it give you a peace of mind knowing that your security stack is working to mitigate common risks, it also shows your business' commitment towards security, which builds trust and confidence in your customers.

As such, if it's not already a legal requirement, many companies are working towards achieving compliance in any relevant standards.

Join this webinar as Rohit Murali, Sales Engineer, APAC, walks you through just how you can do so with the LogRhythm SIEM. He will go through:
- The Consolidated Compliance Framework (CCF), and how its prebuilt modules allow you to comply to standards like the ISO 27001 out-of-the-box
- LogRhythm's comprehensive documentation resource which breaks down what content (Investigations, Correlation Rules, Alarms, and Reports) is bundled in each specific module
- How it shows up in your LogRhythm client, allowing SOC analysts to easily view and investigate any relevant alerts easily within a singular interface.

Meeting the Mark: Achieving Cybersecurity Compliance with SIEM

To gain full visibility into your data and quickly uncover threats, you need a robust log management solution that can identify useful insights using log analysis and big data analytics. Introducing LogRhythm Axon, a ground-breaking cloud-native SaaS platform built for security teams that are stretched thin by overwhelming amounts of data and an ever-evolving threat landscape.

In this session join Vaughn Adams, LogRhythm Director of Product Management to hear how Axon has been designed from the ground up to enable your security team to defend against cyberattacks effectively. Vaughn will outline the key benefits to LogRhythm Axon, including:

1. Save time and money
2. Find threats faster
3. See clearly
4. Execute seamlessly

Register today to discover how LogRhythm can enable your team to search through log data and respond to security incidents faster than ever before.

[APAC] Uncover Actionable Data with LogRhythm Axon's Log Management & Analysis

With so many phishing attacks targeting credentials, more organizations are realizing they need multi-factor authentication (MFA) for users with access to critical data.

In this webinar, four-time Microsoft MVP Nick Cavalanci, along with LogRhythm Threat Research Engineers, Sally Vincent and Dan Kaiser, discuss:

• Real-world examples of MFA prompt bombing
• Mitigation strategies to thwart this kind of attack

Sally and Dan guide you through an analysis of MFA product logs relevant to detect unusual authentication activity. Throughout their threat hunting example, you will observe real-time detection of multi-factor authentication request generation using LogRhythm’s dashboarding, investigation, and real-time analytics capability.

Watch this on-demand webinar to gain insight into MFA prompt bombing and mitigation strategies!

Deep Dive Analysis of Multi-Factor Authentication Request Generation Attacks

With organizations embracing remote work and welcoming digitalization, cybersecurity professionals must stay on top of cyberattack trends and prepare for what's to come to proactively defend their organization. 

In this webinar, join the following panel of LogRhythm executives and leaders as they discuss their cybersecurity predictions for 2023: 

• Andrew Hollister, CISO
• Kevin Kirkwood, Deputy CISO
• Eric Hart, Manager Subscription Services
• Charles Talley, Senior Director Services Operations 

Don’t miss your chance to hear from our security experts on potential threats and attack trends you may face this year, plus gain insight into how LogRhythm prepares for these perils. 

Watch this on-demand session at any time!

[APAC] Looking Forward: LogRhythm Cybersecurity Predictions 2023

Ransomware is one of the most damaging and frequent forms of cyberattack facing modern organizations and is a security challenge that is constantly evolving. During the first half of 2022, there were a total of 236.1 million ransomware attacks worldwide, according to Statista*. As these attack methods continue to be a lucrative source of income for threat actors, preparing for ransomware attacks needs to be a top priority for organizations. 

In this webinar, our team will discuss how to detect and mitigate ransomware attacks, with a focus on a new tool for attack, Lilith Ransomware. Lilith is a C/C++ console-based ransomware which is designed to lock Windows machines via a double extortion attack.

Join us to discover: 
• Why ransomware attacks are more prevalent and destructive than ever before
• Practical tips to help you detect and respond to ransomware attacks
• How a SIEM can be used to gain real-time threat detection capabilities 
• The benefit of utilizing customized rules to rapidly respond to Lilith ransomware attempts

* - https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/

Fight Back Against Double Extortion Cyberattacks: Mitigate Lilith Ransomware

In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
•How a Golden SAML attack works
•Possible ways to mitigate via preventive controls
•Methods for detection via SIEM rules and threat hunting
•What Office 365 logs do and don’t tell us about federated logins

You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from: 
•Domain controllers
•ADFS servers
•Office 365 audit log

This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

Watch on-demand now!

[APAC] Dissecting Golden SAML attack attackers used to exploit SUNBURST backdoor

Cyber Attacks

Cyber Security

SIEM

Golden SAML

Threat Detection

Threat Hunting

Threat Research

Security Analysis

Security Analytics

Cyber Threats

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

[APAC] Dissecting Golden SAML attack attackers used to exploit SUNBURST backdoor

Presented by

About this talk

More from this channel