eSummit 2 - Phishing attacks and Forensics – Where did it all go wrong?

Constantly evolving threats and shortage of qualified cybersecurity professionals have led security teams to move to security workflow automation to meet the demands. It’s not enough to have a great tool nowadays. These tools have to work better together to meet today’s security challenges. Security orchestration, automation and response (SOAR) tools improve efficiency and efficacy of security operations by automating threat intel management, event monitoring and incident response processes.

One of the key sources of contextual network and threat intel data comes from infrastructure that organizations already rely on for connectivity – DNS, DHCP and IPAM. This data along with timely, reliable and accurate threat intel can be used to improve scoring and investigation, assist in prioritizing incoming incidents, and can be relied upon to build automation.

Join this webinar to learn how a well architected DNS, DHCP and IPAM can power SOAR platforms to:

-Block/unblock domains using context
-Enrich other security tools with valuable IPAM data
-Enhance and improve incident response with better threat intelligence

Defending against modern adversaries requires the ability to detect and to understand threats quickly, and to respond decisively. CrowdStrike’s experts fight and win these battles every day, and have one of the industry’s most comprehensive pictures of today’s top cyber threats. Join CrowdStrike for a deep dive into global observations and trends, and real-world intrusion case studies, delivering deep insights on modern adversaries, and their tactics, techniques, and procedures (TTPs).

Learning Outcomes:
-Why “speed” is the new critical metric in cybersecurity.
-How organisations are using the MITRE ATT&CK framework to shorten the time to investigate and understand threats.
-Trends in adversary tradecraft, as seen across 1000s of real-world intrusion attempts.
-Action plans that you can use to ensure your organisation is ready to anticipate and defend against the most dangerous threats of tomorrow.

What is the MITRE ATT&CK framework? Where did it come from? Why and how should you use it? Get the answers to all of these questions, as security experts from Splunk take a practical look at how your SOC and SIEM can apply the MITRE ATT&CK framework. Ensure the coverage of known TTP’s of threats your business is exposed to, to improving threat hunting and detection of Adversary’s. Join this webinar to discover:

• What the MITRE ATT&CK framework is, and why it should be used
• How to align your use cases to the MITRE ATT&CK framework
• How to navigate an ATT&CK Threat group TTP's
• How to track and monitor your detection capabilities to ensure wide coverage

For many years the choice for monitoring networks has been focussed on the collection and Analysis of raw packets. With the increasing need for multiple tools and SIEM's to get access to this data, along with requirements from Forensic Response teams, a more streamlined method of understanding the behaviour of traffic and user behaviour is required. Whilst NetFlow version 5 and 9 do provide some visibility, there are challenges such as sample rates and lack of Application Layer inspection that need to be addressed.

Join us for this webinar to learn more about how you can:

-Produce rich Metadata from network traffic and dive into the Application Layer
-Use this rich Metadata for Security, Forensics and Business Intelligence purposes
-Generate Metadata based on the application rather than the IP & Port
-Ensure that the Application traffic, regardless of port spoofing, produces the correct Metadata

Office 365 has become the platform of choice for document collaboration and sharing. If you’re using Microsoft Office 365 or planning to migrate there, understanding the types of security attacks you can expect is imperative.

Discover how to:

- Simulate common Office 365 attacks
- Test and educate your end users
- Spot attacks in their early stages

Distinguishing between good bots, bad bots, and humans is a major challenge. Today, over 50% of online traffic is generated by bots and they are involved in nearly every attack. Identifying malicious bots and safeguarding against them is now a top priority for organisations developing a sustainable security strategy.

Join us for this webinar to learn:

• How bots infect, propagate, and attack applications
• What types of application attacks are commonly performed by bots
• How you can defend against bad bots without disrupting the good ones

Despite investment in next-gen technologies and employee awareness training, phishing threats continue to become more sophisticated and more effective. It’s time for organisations to accept that REAL phish are the REAL problem. Join the Cofense Phishing Threat Landscape review to discover the trends defining phishing in 2019 and priorities for defending your organisation going forward.
Attend this webinar to learn how attackers are:
•Using major malware types and their innovative tactics, techniques, and procedures
•Intensifying credential theft as organizations move infrastructure and applications to the cloud
•Evolving Emotet and the threat actors behind the botnet
•Increasing proliferation of sextortion phishing emails

We’ll examine the obvious changes in the phishing threat landscape, plus look ahead at trends shaping 2019.

More than 130,000 information security professionals have invested time, determination and resources to attain the CISSP certification. Join (ISC)² members from different regions on May 21, 2019 at 10:00AM Eastern as we discuss what pain points, issues and challenges they encounter in their day-to-day work life, as well as solutions, tips and best practices they have developed along the way. We’ll also examine how the CISSP certification has helped them with their job and career.

Today, your users directly access cloud applications from everywhere. Transformative technologies such as SD-WAN, IoT and the cloud are borderless and complicate security. Non-standard IoT devices using non-standard protocols are rapidly proliferating. And yet, securing your digital transformation doesn’t require a new tool.

Instead, it takes a simple, scalable and integrated security solution that makes your existing security infrastructure smarter and more efficient. DNS is foundational to the Internet and IP-based communication. It is also the perfect foundation for security: simple to deploy, ubiquitous in networks, essential for connectivity and scalable to Internet size.

Join this webinar to learn how using DNS as a foundational security architecture can:
• Protect your brand by securing traditional networks and digital transformations
• Reduce time and cost of defending your enterprise against threats
• Detect and remediate problems automatically and provide data to the entire ecosystem

Every day, security professionals around the globe face advanced cyber-threats, ranging from opportunistic malware to targeted, human-driven attacks. As we enter a new era of AI attacks that are hyper-stealthy and self-masking, how can organizations adapt their defenses? Join Darktrace’s Director of Threat Hunting, Max Heinemeyer, as he shares expert insights on the future of AI-driven cyber-attacks and the need for AI that fights back.

In this webinar, Max will:
· Present three scenarios of advanced cyber-attacks
· Illustrate how these sophisticated attacks can be supercharged with AI
· Explore the critical importance of deploying AI to prepare for this paradigm shift in the threat landscape

As more organisations deploy cloud apps like Office 365, AWS, and Slack securing corporate data becomes a challenge. Cloud Access Security Brokers (CASBs) have emerged as the go-to solution for organisations that need end-to-end data security, from cloud to device. In fact, Gartner believes that by 2022, 60% of large enterprises will use a CASB to govern some cloud services.

In this webinar, we'll explore:
•Critical gaps in cloud applications that must be filled
•The 4 pillars of CASB
•What makes CASBs different from security solutions built natively into cloud apps like Office 365.
•Case studies on how leading enterprises leverage CASB to secure their cloud footprint.

Join us to learn how a CASB can help you meet your security and compliance requirements.

In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format.

In this session Abeer Khedr, Information Security Director at the National Bank of Egypt will provide insight into the path she took to become a Cybersecurity Leader and how she is reinventing the role in the face of accelerating industry change.

Key Trends, Predictions and the Need for Speed.

This year’s CrowdStrike global threat report – Adversary Tradecraft and The Importance of Speed – is one of the industry’s most comprehensive reports on today’s leading cyber threats. It combines CrowdStrike’s comprehensive global observations with real-world case studies, delivering deep insights on modern adversaries and their tactics, techniques and procedures (TTPs).

Join us for a webcast featuring CrowdStrike’s John Titmus as he explores the global trends and observations the report reveals.

-Learn from real-world examples of how cybercriminals combine advanced, targeted attack techniques with ransomware to cause massive financial loss
-Gain insight into global ‘breakout time’ metrics and achieving the “1-10-60” rule to defeat adversaries and prevent a mega-breach
-Prepare for the now: discover the favourite TTPs seen over the last 12 months to predict what you should expect to see in 2019

BitSight’s Peer Analytics allows organisations to understand their security programme performance at a more granular level, providing visibility to develop achievable improvement plans, allocate resources appropriately & consistently measure outcomes.

In this session you will learn how to:
• Determine the level of security performance that your company should attain to be ‘best-in-class’
• Profile organisations for communication and benchmarking purposes.
• Understand how specific risk vectors drive security performance.
• Determine the initial conditions for BitSight Forecasting

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:

- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

If you ask Gartner about the problems with today’s EDR technologies, they will say most solutions don’t deliver EDR capabilities in an operationally feasible or complete manner.

The purpose of an EDR solution is to provide advanced detection & response capabilities to complement an EPP solution. At SentinelOne, we deliver the very best of EDR & EPP in a highly differentiated manner and in one single lightweight agent.

Join us and learn about a new EDR- Active EDR - a new world of EDR capabilities and user experience. Explore how to:

- Eradicate benign alert noise, focus on what’s important.
- Optimise threat hunting time with curated and focused story lines.
- Maximise staff efficiency and let staff become expert threat hunters.