Name: Intelligence Driven Incident Response
Start: 2023-03-30T05:00:00Z
End: 2023-03-30T05:00:52.000Z
Location: BrightTALK
Rating: 4.7

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.

Tired of manually managing brittle detection rules? Struggling to scale your threat detection capabilities reliably? It's time to move beyond the GUI and embrace Detection as Code (DaC). This practical webinar will guide you through the application of software engineering principles – version control, automated testing, and CI/CD – to your security detection lifecycle.

Forget dry theory; we're going to dive deep into establishing a foundational DaC workflow. You'll learn how to write detection logic, manage it using Git, implement automated validation checks, and configure a basic CI/CD pipeline to deploy your detections. You'll learn  DaC concepts, equipping you with repeatable patterns you can adapt and implement within your own organisation.

The future is coded: Hands-on advancing detection engineering

Attackers are increasingly leveraging sophisticated deep fake techniques to generate convincing synthetic media for malicious purposes, including email content, cloned audio for voice phishing, and manipulated conversation AI interactions.
 
This presentation will abstract the underlying methods employed in these attacks, highlighting how they can be used to forge believable communications, bypass security measures, and deceive targets at scale.

Deep fake it Until you make it: Social engineering in the new age

Adversary emulation and simulation are crucial for defenders to enhance threat hunting and investigation, extending into detection engineering to craft detection logic from indicators of compromise to adversary tactics. However, maintaining detection validity is challenging in dynamic environments, especially when test environments don't mirror production. This presentation addresses these challenges, offering solutions for proactive detection testing and validation.

It leverages the open-source Atomic Red Team library to build a testing infrastructure, generating events for detection development. The discussion bridges the gap from initial rule-building with frameworks like Atomic Red Team to continuous testing and validation, including custom scripts and methodologies for production environments without disruption. The talk also explores moving beyond atomic tests to sequences of actions.

Attendees will:
- Gain a better understanding of why ongoing detection testing is vital for a detection engineering program
- Learn about potential pitfalls in setting up such a process
- Discover solutions to simplify it for their organizations.

Your detections need validation too!

Hacktivism, a long-standing but often disregarded element of the threat landscape, has undergone a significant transformation since 2022, becoming predominantly driven by geopolitical motivations. This presentation aims to expose the contemporary hacktivist landscape, introduce novel tracking and monitoring approaches and highlight the continued evolution of the landscape into trending tooling such as AI and ransomware.

This talk will cover:
- Geopolitical events that catalyzed the hacktivist landscape shift and how geopolitical triggers continue to facilitate hacktivist attacks. Real-world examples will illustrate how geopolitical events now serve as direct triggers for hacktivist actions.
- The evolution of hacktivism, prevalent attack types and involved groups, and the overarching intentions and motivations of these groups.
- This talk will challenge conventional cyber security perspectives about hacktivism by emphasizing intent, rather than technical indicators and capabilities, as the primary driver for analysis.
- Furthermore, the presentation will explore the increasingly blurred boundaries between hacktivism, state-sponsored activities, and cyber crime, including the trend of hacktivist groups adopting ransomware, targeting operational technology, and investigating the potential of AI to enhance their capabilities.

Many organizations struggle to effectively contextualize hacktivism within the broader threat landscape. This talk seeks to dispel misconceptions and provide a clearer understanding of the evolving hacktivist threat landscape.

Hacktivism, Geopolitics and AI - The evolution of the forgotten threat

Effective threat hunting hinges on your ability to find adversaries before they achieve their objectives. This requires moving beyond generic indicators and arming your team with timely, relevant intelligence on the specific TTPs threat actors are using today. In this webinar, we will explore the latest how AI is making threat hunting more effective in less time than ever before.

Join us as we:
*Unveil  our groundbreaking Agentic Platform (now in public preview) — a major leap in applying AI to investigations and complex security tasks.
*Demo the Ransomware Data Leaks dashboard, offering fresh insights into evolving extortion trends.
*Showcase Code Insight, our AI-powered code analysis tool that converts plain text code files into clear, natural-language explanations—enabling analysts to understand complex threats without reading a single line of code.

The session concludes with a live Q&A, giving you the chance to engage with our experts and explore how these innovations can transform your threat hunting practices.

Threat Hunting with Google Threat Intelligence: Accelerating Investigations with AI (APAC Timezone)

For organizations using Microsoft Entra ID (the artist formerly known as Azure Active Directory) and O365, it’s fairly well understood that a set of default logs are readily available for use, no matter what log management tooling an organization is using. However, this standard logging has its limits.

With the release of post exploitation kits like GraphRunner, which is focused on interacting with the Microsoft Graph API, the backbone that services Entra ID, O365 and more; probing and information gathering is streamlined. Further, while GraphRunner is a post exploitation toolkit, there are authentication functions available in it that highlight how adversaries could use the OAuth authorization code flow to their advantage. 

Join this webinar to learn about the kinds of capabilities GraphRunner brings while identifying events that defenders can use to hunt and detect suspicious activities in an Entra ID / O365 tenant.

Now we’re getting somewhere.  A Look At Additional Log Sources

Explore the establishment of an effective and resilient post breach security program and roadmap. 

Join Mandiant Principal Strategic Security Consultant Saad Ayard, as he reviews the often overlooked 'what do we do now' element of a cyber breach.

You've solved the breach, now what?

The M-Trends 2025 Report offers a deep dive into the latest global cyber trends and attacker tactics. Based on Mandiant's frontline incident response and threat intelligence from January 1, 2024 to December 31, 2024, this report helps readers stay ahead of the curve by providing insights on the evolving cyber threat landscape in JAPAC. Join our Managing Director for Mandiant Consulting in JAPAC , as he unpacks these trending metrics and significant adversary behaviours, and learn how these findings can enhance your security strategy against future attacks. 
Topics will include: 
*Incident response metrics, including top detection sources and initial infection vectors 
*Industry targeting trends

M-Trends 2025: A JAPAC Perspective

AI-powered social engineering is here. 

Join this webinar from Mandiant and uncover the new age of AI powered deception. Learn how deepfake phishing and voice cloning are used in cyber attacks and gain a deeper understanding into how these exploits work. 

Protect yourself and your organization by understanding the techniques used by cyber criminals, and stay ahead of attackers, who are constantly evolving their tactics to breach organisational security.

Deep Fake It 'til You Make It: Social Engineering in the new age

The cloud offers incredible opportunities for businesses, but it also comes with its own set of unique security challenges. During this 45min webinar, learn how Security Command Center Enterprise (SCCE) can empower you to proactively identify, understand, and mitigate cloud risks.


Attend to hear about:
The evolving landscape of cloud threats: Understand the latest security challenges and why traditional security measures are no longer enough.
SCCE's powerful toolkit: Explore how SCCE leverages AI and automation to provide comprehensive visibility and control over your cloud environment.
Practical strategies for risk reduction: Implement best practices for configuration, access management, threat detection, and incident response.
Demo: See how SCCE can be used to strengthen the cloud's security posture and protect valuable assets.


Safeguard Your Cloud will share with you the essential knowledge and actionable insights you need to confidently navigate the complexities of cloud security.

Safeguard Your Cloud: Minimize Risks with Security Command Center Enterprise

Join Google Cloud Security Threat Intelligence Analyst Yihao Lim, for a threat intelligence briefing into the Higher Education Sector. Yihao will share observations and insights that are usually reserved for our Threat Intelligence customers. 

He will review the actors who are targeting the Higher Ed sector, the TTP (Tools, Techniques and Practises) threat actors use to compromise victims in this space, along with the motivations actors have in attacking this sector.

Threat Intelligence Briefing - Australian Higher Education Sector

The newly released M-Trends 2024 Special Report provides an inside look at the latest cyber trends and attacker operations from around the globe. From this 15th edition, you can increase your awareness of the evolving cyber threat landscape and glean new, effective ways to stay on top of your cyber defense game.

Register now for the M-Trends 2024 webinar to hear directly from the analysts and authors of this year’s report, as they dig into the key takeaways and insights from their points of view, and provide best practice learnings you can apply directly to your security program.

M-Trends 2024 - A JAPAC Perspective

Secure your cloud from cryptomining attacks with Google Cloud's Cryptomining Protection Program. Join this webinar to learn how Google Cloud's Cryptomining Protection Program can help you safeguard your cloud environment from cryptomining attacks

Google Cloud Protection from Cryptomining Attacks - up to US$1million

Learn how a threat actor identified by Mandiant Threat Intelligence as UNC5537, targeted Snowflake customer instances for data theft and extortion. In this webinar we will provide insights into the methods used by UNC5537 to gain access to Snowflake instances, stage and exfiltrate data, and cover their tracks.

We will also review recommendations for securing Snowflake instances and protecting sensitive data from a cyber attack.

Threat Intel Briefing: Understanding how UNC5537 targets Snowflake Customers

The cyber threat landscape is constantly evolving, and defenders have the challenging task of keeping up. By exploring the trends we see today, we can improve our cyber readiness and be better prepared for the year ahead. 

To help organizations navigate the cyber landscape in 2024, security expert Andrew Kopcienski is presenting a deep-dive session to cover many of the topics discussed in the latest Google Cloud Cybersecurity Forecast 2024 report, including:

- Tactics and tools to steal credentials
- SMS phishing, notably to access environments
- Increasing use of zero-days
- More targeting of edge and other devices  

Register for the webinar, and read the Google Cloud Cybersecurity Forecast 2024 report: https://cloud.google.com/resources/security/cybersecurity-forecast

Google Cloud Cybersecurity Forecast 2024

In this session, explore how you can modernise Security Operations with Google Cloud's cloud-native Security Operations platform. Learn how you can deliver modern threat detection, investigation, and hunting at unprecedented speed and scale along with ushering in a new era of productivity for security teams with AI. 

We will show you  how you can elevate your team’s talent and productivity with generative AI and fill in skill gaps with expert help when you need it - before, during, and after an incident.

Modernising SecOps

攻撃の進化、技術革新の加速、業務環境のDX化・・・。変化のスピードが加速する中で、セキュリティ運用の現実は数多くの課題に溢れています。十分な人的リソースを確保できなかったり、警戒すべき脅威への洞察が欠如している一方で、柔軟性に乏しいシステムやプロセスから脱却できず、「脅威を早期に検知して対処する」という本質的な目的の達成が困難な状況が生まれています。

本Webセミナーでは、こうしたセキュリティ運用が抱える課題を整理した上で、セキュリティ運用のあるべき姿を提示。Google と Mandiant 統合の全体像をご紹介するとともに、 統合したからこそ実現可能なセキュリティ運用ソリューションについて、注目の高まる生成AIの活用や具体的なユースケースとともにご説明します。

※キーワード｜SIEM、SOAR、脅威インテリジェンス、生成AI、自動化

Google と Mandiant が可能にするセキュリティ運用モダナイゼーション

The best method for breach preparation is ASSUMED as opposed to the initial IF which then moved onto WHEN. Security teams should approach validation using a trusted actor methodology by simulating breaches as authorized users. 

This will identity business risks generated from security weaknesses, vulnerabilities and mis-configurations. The ultimate target is having the ability to assess the impact on organization's critical data and assets.

Join this session to learn more about how to be best prepared for a breach, by managing your initial assumptions.

Assume Breached!

Over the last few years, Mandiant has observed a rise of cyber attacks from ransomware attacks to more sophisticated and persistent cyber threats known as Advanced Persistent Threats (APTs). These can dramatically impact people, organizations, and governments; as well as the society if critical infrastructures are targeted.

The implementation of a robust cybersecurity program (human, technical, and strategic) enables organizations and governments to prepare their environment to detect malicious activities, identify, and respond to them to limit the impact (e.g., reputational, business continuity, financial, legal, etc.).

This presentation provides an explanation on how organizations can use threat intelligence to proactively identify threats targeting them, as well as to drive incident response process to effectively determine the scope of the cyber attack to remediate it. Moreover, the incident response process will be discussed to demonstrate how to investigate and respond to a large-scale cyber incidents while limiting the impact.

The presentation will conclude on how the traditional digital forensics science could support and improve the incident response process.

Intelligence Driven Incident Response

Cyber Incident Response

Threat Assessment

Threat Intelligence

Cyber Defence

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Intelligence Driven Incident Response

Presented by

About this talk

Mandiant APAC