Hi [[ session.user.profile.firstName ]]

[APAC] Aligning Security Controls with Leading Cybersecurity Frameworks

The success of every cyberattack today rests solely on what kind of user accounts the bad guys can get their hands on. The goal is to achieve elevated levels of access, whether accomplished by obtaining and abusing existing account credentials or by leveraging vulnerabilities to bypass User Account Control.

In the past few years, we’ve seen a massive development in cybersecurity frameworks designed to provide organizations with strategic guidance on how to best secure environments against the ever-changing face of cyberthreats. But how do you turn cybersecurity frameworks like NIST 800-171, CMMC, ISO 27001, and CIS Critical Security Controls into practical and actionable steps to improve your organization’s cybersecurity stance and protect against specific tactics, techniques, and procedures (TTP) outlined in MITRE?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:

- Which cybersecurity frameworks should you be paying attention to?
- Compliance vs. Security: Why frameworks and MITRE aren’t (and never will be) aligned
- Attempting to map framework controls and objectives with MITRE TTPs

Rem Jaques, Senior Engineer – Compliance Research, from LogRhythm will also join Nick. Rem provides an outline of MITRE TTP T1078: Valid Accounts, covering related procedures, mitigations, and detection methods via LogRhythm SIEM with practical implementation through detections for privilege escalation and brute force authentication. Rem then displays related account management and access control objectives found in major compliance frameworks and provide insight on how these objectives overlap and intersect with MITRE.

Watch on-demand now!
Recorded Jul 28 2021 90 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Nick Cavalancia and Rem Jaques
Presentation preview: [APAC] Aligning Security Controls with Leading Cybersecurity Frameworks

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Data Science und maschinelles Lernen in der Cybersicherheit Oct 21 2021 2:00 pm UTC 60 mins
    Melissa Ruzzi, Senior Product Owner bei LogRhythm
    Die dramatische Zunahme der Cyberangriffe im vergangenen Jahr – und ihre wachsende Komplexität und Raffinesse – haben den Einsatz von Data Science (DS) und maschinellem Lernen (ML) in der Cybersicherheit zu einem Top-Thema gemacht.
    Allerdings ist es nicht einfach, diese neuen Technologien so anzuwenden, dass sie die Sicherheit auch wirklich erhöhen. Die Datentypen, die für die Modelle zur Verfügung stehen, die Vielzahl der verfügbaren Modelle und die heute von den Angreifern eingesetzten Taktiken und Techniken machen eine Kombination aus Sicherheitswissen und technischem Know-how (DS und ML) erforderlich.

    In diesem Live-Webinar erläutert Melissa Ruzzi, Senior Product Owner bei LogRhythm:
    • Die grundlegenden Konzepte von DS und ML
    • Aktuelle Trends in der Cybersicherheit
    • Einen ganzheitlichen Ansatz zur Cyberabwehr
    • Wie sich DS und ML in der Cybersicherheit anwenden lassen und welche Herausforderungen dabei auftreten können
  • Alphabet soup: Making sense of XDR, EDR, NDR and SIEM Sep 30 2021 9:00 am UTC 60 mins
    Jonathan Zulberg, VP Field Engineering, and Andrew Hollister, VP Labs and Deputy CISO
    There are many acronyms in the cybersecurity world, but what do they all mean, how do they work and how do the technologies fit into your security portfolio?

    Join this live webinar with Jonathan Zulberg, VP Field Engineering, and Andrew Hollister, VP Labs and Deputy CISO to answer:

    What is the difference between these platforms?
    Which of these products best suits the security portfolio you’re trying to build?
    What can these technologies do for your organisation?

    This isn’t one to miss - register now.
  • [APAC] CISO to CISO: How to Be Security First Recorded: Sep 7 2021 65 mins
    James Carder and Paul Caiazzo
    Today’s CISO faces many challenges, including building security operations center teams and retaining that talent, getting financial support from the board, and balancing where they invest that money to enhance their security posture. Another challenge that CISOs face today is how to successfully set a security-first mindset across the organization.

    LogRhythm CSO, James Carder, and Avertium CISO, Paul Caiazzo, discussed how to overcome the many challenges they face in the current cybersecurity landscape. This roundtable discussion includes hot topics like ransomware, XDR, Zero Trust, and so much more.

    James and Paul explored important topics such as:
    • Threat trends and countermeasures in the healthcare and technology sectors
    • How we are seeing customers leverage XDR, NDR, and ZTN to prevent and detect threats
    • An open conversation around ransomware and data theft

    This interactive webinar is a can’t miss for security leaders who want to be security first. Watch on-demand now!
  • Executive Order Makes the Case for Zero Trust: Get Started with LogRhythm Recorded: Aug 24 2021 40 mins
    Eric Serrano and Jeff Koehly
    In May, President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks. This is the first of many steps to modernizing the federal government’s cybersecurity defenses. Specifically, the executive order calls out cloud security and Zero Trust architectures amongst other things. But where do you begin?

    Regional Sales Manager, Eric Serrano, introduces you to the LogRhythm NextGen SIEM Platform and how it can help you achieve the security architecture required for federal agencies. This overview of the platform was followed by a demonstration by Jeff Koehly, Senior Sales Engineer, where showed how the LogRhythm SIEM can help your security teams identify and remediate threats to the organization. Learn how to:

    · Set up automated rules with our SmartResponse capabilities
    · Reduce time identifying and responding to threats
    · Empower your small, but mighty, security teams

    Watch on-demand today!
  • [APAC] Threat Intelligence Platforms and LogRhythm Recorded: Aug 24 2021 50 mins
    Oliver Gheorghe, Enterprise Sales Engineer and Sander Bakker, Enterprise Sales Manager
    According to Gartner "Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.”

    In this on-demand webinar you’ll discover how SIEM technology provides a way of reducing your mean time to detect and respond to potential threats.

    Using threat intelligence to identify potential risks to organisations that have not been observed and providing additional context around potential threats by combining external threat feeds with the LogRhythm platform.

    Watch Oliver Gheorghe, Enterprise Sales Engineer and Sander Bakker, Enterprise Sales Manager, LogRhythm, who will outline the following:
    - Introduction to threat intelligence
    - Threat Intelligence Platform Overview and Use-cases
    - Automating threat intelligence with LogRhythm
  • [APAC] Avoiding or Minimizing Ransomware Impact to the Bottom Line Recorded: Aug 12 2021 61 mins
    John Pescatore, SANS Director of Emerging Security Trends and Benjamin Wright, lawyer and SANS Senior Instructor
    In the event of a ransomware attack, security managers must be able to give business-relevant risk recommendations to CEOs and boards of directors. Most of the thought and effort required to do so must take place well before the attack.

    On this webcast, John Pescatore, SANS Director of Emerging Security Trends, and Benjamin Wright, lawyer and SANS Senior Instructor, will discuss key ransomware issues, including:
    - Key security processes to avoid ransomware attacks
    - Issues around ransomware payoffs if an attack succeeds
    - How cyber insurance can play a role in reducing the financial impact of an attack

    Register now!
  • Detecting Ransomware Before It’s Too Late Using MITRE ATT&CK Recorded: Aug 6 2021 77 mins
    Randy Franklin Smith, Ultimate Windows Security; Michael McGinnis, LogRhythm
    Good backups are not the solution to ransomware. Backups take time – time when your business is in complete limbo because it chose to completely shut down business operations out of “an abundance of caution.”

    Paying the ransom isn’t a solution either because all that data usually needs to be decrypted. This takes time and may not fully recover all of the data or doesn’t work at all. In the case of the Colonial Pipeline, decryption took so long, they decided to restore data from their backups even after paying the ransom.

    Really the only true defense against ransomware is prevention combined with early detection and response capabilities. Beyond that, you need a well-honed and fast-as-possible, complete-as-possible recovery procedure which means automatic and secure. Fast recovery is a topic for another day. And for many organizations prevention requires redesign of network and re-thinking of security priorities – lots of rip and repair costs and support from management that has yet to materialize at most organizations I talk to. So, for now, how do you know where to spend your limited resources to detect ransomware early enough to prevent Impact (MITRE ATT&CK Tactic TA0040).

    In this real training for free session, Randy Franklin Smith of Ultimate Windows Security and LogRhythm will use MITRE ATT&CK as a guide for answering that question. We’ll look at the tactics an attacker must complete prior to triggering the ransom note (post Impact). Then we’ll explore key techniques associated with each of those tactics. The prerequisite tactics include:

    Reconnaissance
    Resource Development
    Initial Access
    Execution
    Persistence
    Privilege Escalation
    Defense Evasion
    Credential Access
    Discovery
    Lateral Movement
    Collection
    Command and Control
    Exfiltration

    Mike McGinnis, Senior Sales Engineer at LogRhythm will show you how they make Network Threat Hunting Made Easy with the MistNet NDR MITRE ATT&CK™ Engine.
  • [APAC] Aligning Security Controls with Leading Cybersecurity Frameworks Recorded: Jul 28 2021 90 mins
    Nick Cavalancia and Rem Jaques
    The success of every cyberattack today rests solely on what kind of user accounts the bad guys can get their hands on. The goal is to achieve elevated levels of access, whether accomplished by obtaining and abusing existing account credentials or by leveraging vulnerabilities to bypass User Account Control.

    In the past few years, we’ve seen a massive development in cybersecurity frameworks designed to provide organizations with strategic guidance on how to best secure environments against the ever-changing face of cyberthreats. But how do you turn cybersecurity frameworks like NIST 800-171, CMMC, ISO 27001, and CIS Critical Security Controls into practical and actionable steps to improve your organization’s cybersecurity stance and protect against specific tactics, techniques, and procedures (TTP) outlined in MITRE?

    In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:

    - Which cybersecurity frameworks should you be paying attention to?
    - Compliance vs. Security: Why frameworks and MITRE aren’t (and never will be) aligned
    - Attempting to map framework controls and objectives with MITRE TTPs

    Rem Jaques, Senior Engineer – Compliance Research, from LogRhythm will also join Nick. Rem provides an outline of MITRE TTP T1078: Valid Accounts, covering related procedures, mitigations, and detection methods via LogRhythm SIEM with practical implementation through detections for privilege escalation and brute force authentication. Rem then displays related account management and access control objectives found in major compliance frameworks and provide insight on how these objectives overlap and intersect with MITRE.

    Watch on-demand now!
  • The Modern CISO Panel: Making Security Priorities Business Priorities Recorded: Jul 22 2021 58 mins
    Seth Shestack of Temple University and Joseph P. Reynolds of BioReference Laboratories
    Did you know that 93% of security leaders are not reporting to the CEO and, on average, they are three levels away from the CEO? This makes it difficult for security leaders to build awareness around their security programs and the many security risks facing the organization.

    Recently, LogRhythm worked with Ponemon Institute to survey 1,426 cybersecurity professionals in the US, EMEA, and Asia-Pacific to learn valuable information about the role and responsibilities of today’s cybersecurity leaders. Additionally, the survey explored the challenges that security leaders face in creating a strong security posture.

    In this on-demand webcast, a panel of security leaders talk about the findings from the Ponemon survey and their experiences and challenges obtaining executive support. Learn how you can make security priorities business priorities. Register today!
  • Moving Laterally to the O365 Cloud Using a Domain Trust Modification Attack Recorded: Jul 22 2021 90 mins
    Nick Cavalancia, Dan Kaiser, Brian Coulson, and Sally Vincent
    The months following last December’s SolarWinds SUNBURST supply chain attack have brought forth plenty of intelligence around the tactics, techniques, and processes used to compromise thousands of organization’s networks. The threat actors, dubbed the APT group UNC2452, were able to not just move laterally within the victim’s on-premises environment, but also jumped from on-prem to their Microsoft 365 tenant.

    This hybrid movement can occur via a “Golden SAML” attack, that includes the manipulation of the domain federation trust settings in Azure and potentially within the on-premises AD Federated Services deployment (MITRE ATT&CK technique T1484.002 - Domain Trust Modification) by configuring the domain to accept authorization tokens signed by UNC2452’s SAML signing certificate (technique T1606.002 – Forge Web Credentials: SAML tokens).

    In this on-demand webinar, Microsoft MVP and cybersecurity expert Nick Cavalancia will first discuss:
    - The role of ADFS, domain trusts, and certificates
    - The value of moving laterally from on-prem to the cloud
    - The potential impact both for the initial and subsequent attacks

    Nick is then joined by Brian Coulson - Threat Research Principal Engineer, Sally Vincent – Threat Research Senior Engineer, and Dan Kaiser – Threat Research Senior Engineer all at LogRhythm, who provide multiple perspectives while simulating the attack and exploring the log artifacts of the attack from within the LogRhythm SIEM.

    Brian, Sally, and Dan will explore how a malicious actor could add a federated domain to a Microsoft 365 tenant and discuss how the addition of the federated domain will enable the attacker’s progression towards their objectives. They will simulate the attack and then consider the attack from the standpoint of threat hunter or detection engineer, examining the log artifacts from Azure and on-premises sources. Finally, they will demonstrate threat hunting and real time detection of this technique in the LogRhythm SIEM.
  • Data Science and Machine Learning in cybersecurity Recorded: Jul 22 2021 47 mins
    LogRhythm's Melissa Ruzzi, S Product Owner, Phil Villella, Chief Scientist & Co-founder, Geoff Mattson, VP Product Management
    With the dramatic increase in the number of cyberattacks – and their advanced complexity and sophistication – over the past year, Data Science (DS) and Machine Learning (ML) are currently hot topics in cybersecurity.

    But applying these new technologies effectively to enhance your security posture is no simple task. The type of data available for the models, the variety of models available, and the nature of the tactics and techniques used by threat actors today requires a combination of both domain and technical (DS and ML) expertise.

    In this on-demand session, join LogRhythm's Melissa Ruzzi, Senior Product Owner, Phil Villella, Chief Scientist & Co-founder and Geoff Mattson, VP, Product Management, to discover:
    • The fundamental concepts of DS and ML
    • Recent cybersecurity trends
    • A holistic approach to cyber defence
    • How DS and ML can be applied to cybersecurity and the potential challenges
  • The evolution of SIEM: An introduction into XDR Recorded: Jul 22 2021 52 mins
    Fran Howarth, Practice leader, Security, Bloor Research & Jonathan Zulberg, VP Field Engineering, LogRhythm
    The security infrastructure landscape has changed a lot in the last few years and now just having a Security Information & Event Management (SIEM) platform isn’t enough to keep most organisations safe.

    In this on-demand webinar join Fran Howarth, Practice leader, Security, Bloor Research and Jonathan Zulberg, VP Field Engineering, LogRhythm, who will take you through the fundamentals of Extended Detection and Response (XDR) and what it can do to strengthen your cybersecurity defences including:

    • An overview of XDR and its use in your security infrastructure portfolio
    • How XDR can compliment all the other platforms you’re using
    • Why XDR makes such a good addition to your security stack
  • Aligning Security Controls with Leading Cybersecurity Frameworks Recorded: Jul 22 2021 90 mins
    Nick Cavalancia and Rem Jaques
    The success of every cyberattack today rests solely on what kind of user accounts the bad guys can get their hands on. The goal is to achieve elevated levels of access, whether accomplished by obtaining and abusing existing account credentials or by leveraging vulnerabilities to bypass User Account Control.

    In the past few years, we’ve seen a massive development in cybersecurity frameworks designed to provide organizations with strategic guidance on how to best secure environments against the ever-changing face of cyberthreats. But how do you turn cybersecurity frameworks like NIST 800-171, CMMC, ISO 27001, and CIS Critical Security Controls into practical and actionable steps to improve your organization’s cybersecurity stance and protect against specific tactics, techniques, and procedures (TTP) outlined in MITRE?

    In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia discusses:

    - Which cybersecurity frameworks should you be paying attention to?
    - Compliance vs. Security: Why frameworks and MITRE aren’t (and never will be) aligned
    - Attempting to map framework controls and objectives with MITRE TTPs

    Rem Jaques, Senior Engineer – Compliance Research, from LogRhythm will also join Nick. Rem provides an outline of MITRE TTP T1078: Valid Accounts, covering related procedures, mitigations, and detection methods via LogRhythm SIEM with practical implementation through detections for privilege escalation and brute force authentication. Rem then displays related account management and access control objectives found in major compliance frameworks and provide insight on how these objectives overlap and intersect with MITRE.

    Watch on-demand now!
  • CMMC: The Tools for Success Recorded: Jul 21 2021 55 mins
    Scott McDaniel of Simple Helix and Brad Tompkins of LogRhythm
    By 2026, all DoD government contractors must meet the Cybersecurity Maturity Model Certification (CMMC) standard to win contracts. This has led to contractors hastily buying tools and services without fully knowing how they will be implemented and managed to gain and maintain compliance. During this segment of the summit, Simple Helix CEO, Scott McDaniel and Brad Tompkins, Sales Engineer at LogRhythm, discussed some lessons learned from early adopters of this standard. McDaniel also explored the most daunting controls within the standard and talk through what to expect from the tools you’ll need to meet them. Watch on-demand as we examine a variety of options that will bolster your compliance success and will help foster a security-first mindset within your organization.
  • Dissecting the Golden SAML Attack Used by Attackers Exploiting SUNBURST Backdoor Recorded: Jul 21 2021 95 mins
    Randy Franklin Smith, Sally Vincent, and Dan Kaiser
    In this on-demand webinar, Randy Franklin Smith briefly introduces you to federation and SAML and how it works in Office 365. Then he will discuss how attackers exploited selected installations of the SUNBURST backdoor to laterally move to the victim organization’s ADFS server and stole its private key.

    Then, joined by the very knowledgeable security researchers Sally Vincent and Dan Kaiser from LogRhythm Labs, we will show you
    •How a Golden SAML attack works
    •Possible ways to mitigate via preventive controls
    •Methods for detection via SIEM rules and threat hunting
    •What Office 365 logs do and don’t tell us about federated logins

    You will see an actual demonstration of an attack by Sally, and we’ll cover the actual event IDs you need to monitor and attempt to correlate from:
    •Domain controllers
    •ADFS servers
    •Office 365 audit log

    This is a highly technical session we think you will really enjoy and benefit from. Especially because we expect to see a lot more Golden SAML attacks this year.

    Watch on-demand now!
  • Lessons from our Zero Trust journey: Successes, failures & dodging pitfalls Recorded: Jul 21 2021 48 mins
    Andrew Hollister, Deputy CISO and VP of LogRhythm Labs
    A lot of vendors are jumping on the Zero Trust bandwagon, toting potential benefits and implementation paths; but how many have actually implemented it themselves? Stop talking hypotheticals and start talking about real experiences. Join Andrew Hollister, Deputy CISO and VP of LogRhythm Labs for this on demand webinar to hear his learnings, successes and failures from LogRhythm’s Zero Trust journey.
  • Detection and Response Strategies for Cloud Security Incidents Recorded: Jul 21 2021 21 mins
    Daniel Crossley, LogRhythm, Sales Engineering Manager, UK
    Join Daniel Crossley, LogRhythm, Sales Engineering Manager, UK, to discover common security incidents that happen in AWS environments and gain helpful tips for detecting and responding to them.

    In this session you will learn:
    • Common security incident types in AWS
    • The various log types in AWS
    • Helpful response strategies
  • Reducing corporate security risk with next-gen security operations Recorded: Jul 12 2021 59 mins
    Amjad Khader, Enterprise Sales Manager, LogRhythm & Elie Sfeir, Senior Business Development Manager, Dimension Data
    Today’s security operations center (SOC) teams face more challenges than ever before. The remote working environment caused by Covid-19 has presented new challenges and enhanced business and technical requirements, meaning SOCs have had to pivot their focus from traditional network perimeter defences.

    In this on-demand webinar Amjad Khader, Enterprise Sales Manager, LogRhythm is joined by Elie Sfeir, Senior Business Development Manager, Dimension Data, to discuss how digital transformation in business is introducing many new and evolving technologies, such as cloud computing, big data, social media, and IoT. They outline how traditional security information and event management (SIEM) and other analytical tools are no longer sufficient to monitor more complex environments. Highlighting the need for SOC teams to evolve to extend monitoring beyond on-premise into cloud services, mobile devices, and more.

    In this session you’ll hear:
    - Cybersecurity trends and the impacts of Covid-19 on the industry
    - How digital transformation is introducing new and enhanced security risks and growing the network perimeter
    - Why traditional SIEM lacks performance compared to next-gen security solutions
  • Don't Gamble with Golden SAML Recorded: Jun 30 2021 62 mins
    Dan Kaiser, Sally Vincent, and Jake Williams
    On December 8, 2020, FireEye announced that they had been the subject of a cybersecurity incident. Through their investigation, they discovered the SUNBURST backdoor and notified SolarWinds of the issue just four days later. This backdoor gave attackers access to Orion systems on victim networks, and once you gain control of a system like Orion, you have a ticket to ride. And ride they did.

    The attack compromised victims Office365 email accounts. But how did attackers get from the on-prem Orion systems to the Microsoft cloud?

    The Golden SAML attack.

    Golden SAML is a federated attack that steals the private keys of your ADFS server and uses them to forge a SAML token trusted by your Office 365 environment. This allows the attacker to access any O365 resource available to the impersonated user, including their mailbox.

    In this webinar, Dan Kaiser and Sally Vincent, threat research engineers from the LogRhythm Labs team, will walk through what the Golden SAML attack is and is not, how it works, and how to identify and prevent the attack in your environment. SANS senior instructor, Jake Williams, will join in on the conversation and help answer your questions about supply chain attacks.

    It's time to stop gambling with threats like Golden SAML. Watch on-demand today to learn how to detect and prevent supply chain attacks from threat research experts.
  • CISO to CISO: How to Be Security First Recorded: Jun 22 2021 65 mins
    James Carder and Paul Caiazzo
    Today’s CISO faces many challenges, including building security operations center teams and retaining that talent, getting financial support from the board, and balancing where they invest that money to enhance their security posture. Another challenge that CISOs face today is how to successfully set a security-first mindset across the organization.

    LogRhythm CSO, James Carder, and Avertium CISO, Paul Caiazzo, discussed how to overcome the many challenges they face in the current cybersecurity landscape. This roundtable discussion includes hot topics like ransomware, XDR, Zero Trust, and so much more.

    James and Paul explored important topics such as:
    • Threat trends and countermeasures in the healthcare and technology sectors
    • How we are seeing customers leverage XDR, NDR, and ZTN to prevent and detect threats
    • An open conversation around ransomware and data theft

    This interactive webinar is a can’t miss for security leaders who want to be security first. Watch on-demand now!
Be Security First.
LogRhythm’s award-winning NextGen SIEM Platform makes the world safer by protecting organizations, employees, and customers from the latest cyberthreats. It does this by providing a comprehensive platform with the latest security functionality, including security analytics; network detection and response (NDR); user and entity behavior analytics (UEBA); and security orchestration, automation, and response (SOAR). Learn how LogRhythm empowers companies to be security first at logrhythm.com.

To learn more, please visit logrhythm.com.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: [APAC] Aligning Security Controls with Leading Cybersecurity Frameworks
  • Live at: Jul 28 2021 2:00 am
  • Presented by: Nick Cavalancia and Rem Jaques
  • From:
Your email has been sent.
or close