Hi [[ session.user.profile.firstName ]]

eSummit 3 Cyber-Forensics - an Overview of Intrusion Investigations

Dr Gareth Owenson is the course leader for the Forensic Computing programme at the University of Portsmouth. He teaches extensively in forensics, cryptography and malware analysis. His research expertise is in darknets, where he is presenting working on alternative approaches that may lead to novel applications of the blockchain. Gareth also has a strong interest in Memory Forensics, and undertakes work into application-agnostic extraction of evidence by using program analysis.

Gareth has a PhD in Computer Science (2007) and has taught at several Universities throughout the UK.
Recorded Oct 26 2016 41 mins
Your place is confirmed,
we'll send you email reminders
Watch for free
Presented by
Dr. Gareth Owenson, Senior Lecturer, University of Portsmouth, Christopher Laing,(ISC)2 EMEA Advisory Board Member
Presentation preview: eSummit 3 Cyber-Forensics - an Overview of Intrusion Investigations
Related topics:

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile

(ISC)² Secure Webinars - EMEA

  • Industry Insights: How to Launch a Privileged Access Security Program Oct 8 2019 12:00 pm UTC 60 mins
    Maria Oliva, Director of Consulting Services EMEA, CyberArk, Brandon Dunlap,(ISC)²
    Industry analysts and security leaders agree – organisations should prioritise privileged access security programs to maximize risk reduction with respect to the resources required for deployment. “Privileged Access” is what attackers seek, and this access is increasingly available in places organizations overlook including applications.
    Join us for a session that will cover the basics of privilege access security. We’ll address how to define a program with respect to people, process and technology. We’ll also review some lessons learned from the field that will facilitate a successful launch.
    Save your seat
  • Third Party Risk Management: Giving Context to Consumption Sep 26 2019 12:00 pm UTC 60 mins
    Nick Trigg, Solution Consultant, BitSight, Eric LeMartret, Risk & Privacy Lead, ServiceNow, Brandon Dunlap, Moderator, (ISC)²
    Third-parties can pose a very real risk to an organisation. If the risk results in a breach, it can be costly – costlier even than if it did not include a third-party. In addition, new regulations are recognizing the importance of mitigating third party risk to provide greater protection for an individual’s personal data. In other words, managing your vendor’s risk is not only prudent, it’s required.

    This session will showcase how the combined forces of BitSight Security ratings and ServiceNow tackles the unique challenges of:

    - Positioning cyber security in context of the business.

    - Blending the Bitsight security ratings information with more traditional data sources, such as audits and questionnaires, to provide a fully rounded, up-to-date view of your third parties.
    Save your seat
  • Should You Care About TLS Decryption? Sep 24 2019 12:00 pm UTC 60 mins
    Ollie Sheridan, Principal Engineer Security, Gigamon, Brandon Dunlap, Moderator, (ISC)²
    With the second anniversary of the Equifax breach not so long ago and the fact that we now know much more about what happened due to the August 2018 release of the GAO Report. There was a lot of new information that came out of that report that was not well-understood at the time of the breach…. Did you know that while Equifax used a tool for network layer decryption, they had certificates nine months out of date? This lapse gave the threat actors all the time they needed to break in and exfiltrate reams of personal data. As soon as Equifax updated the certs on their decryption tools, they began to realise what had happened.

    On the heels of the Equifax breach, we are reminded of the importance of efficient decryption for effective threat detection. That’s more important than ever as today the Ponemon Institute reports that 50% of all malware attacks utilise encryption.

    During this webinar, Ollie Sheridan will talk about:
    - How TLS encryption has become a threat vector
    - Why decryption is essential to security and how to effectively perform detection
    - How to make sure your detection tools are working at their greatest capacity without the latency introduced by decryption
    Save your seat
  • Curing Alert Fatigue with Risk Based Alerting, MITRE ATT&CK and Automation Recorded: Sep 17 2019 59 mins
    James Hanlon, Director, Splunk, George Panousopoulos, Security Strategist, Splunk, Brandon Dunlap, Moderator, (ISC)²
    The problem of alert fatigue is symptomatic of a plague within most SOC environments, regardless of the tools and platforms being used. The general process within the industry for driving and managing security incidents is broken. It’s time to change perspective and build into alert creation processes a better prioritization procedure. This can be done by aligning it to a more intelligent risk scoring approach and frameworks like MITRE ATT&CK and automation. Security teams will be better positioned to make use of their existing toolchain, scale people and processes, and deliver a much more effective security capability. Join this webinar to learn:

    •The scale of alert overload and why organisations struggle with this problem. You are not alone
    •How to combine risk based alerting, MITRE ATT&CK and automation to optimise security investigation and reduce alert fatigue
    •Insights, learnings and benefits from SecOps teams that have already made this shift
    •Tricks and tips to help you transform the security investigation process using your existing tools and industry frameworks
    Watch now
  • Flipping the Cyberdefense Equation to Tip the Scales Back in Our Favor Recorded: Sep 12 2019 59 mins
    Rick McElroy, Head of Security Strategy, David Balcar, Security Strategist, Carbon Black, Brandon Dunlap, Moderator, (ISC)²
    Far too often, the cybersecurity industry focuses too heavily on all the advantages attackers have. We’ve all heard the saying: “Defenders have to be right 100% of the time while attackers only have to be right once.” Well, what if we could flip that equation?

    As defenders, we have the home field advantage, so why does it seem like we are consistently losing? In order to shift this model and tip the scales back in our favor, we need to be thinking about “Disruption in Depth” rather than just “Defense in Depth.” We need to be making attackers’ lives significantly harder. Attackers make mistakes all the time. Let’s make them have to be 100% right all the time instead of us.

    Join Carbon Black’s Head of Security Strategy, Rick McElroy, as he reveals the reality behind the modern threat landscape and uncovers what security teams can do today to tip these scales and make attacking your organization exponentially more difficult for attackers.
    Watch now
  • Environmental Separation Recorded: Sep 3 2019 56 mins
    Adam Brady, Systems Engineer, Illumio, Brandon Dunlap, Moderator, (ISC)²
    The separation of development, staging, test, and production environments using traditional network solutions is a challenge, or even an impossibility, for organizations with significant assets spread dynamically across heterogeneous data centres as well as public and hybrid cloud environments.

    Segmentation was first developed to improve network performance, but experts have realised that a ‘perimeter only’ approach to security is not working. As organisations seek to secure the interior of their networks have recognised that they need to be more dynamic and granular than previously - facing the challenges of time and resource head on to secure their critical business applications.

    This webinar will highlight:
    •The problem of Environmental Separation
    •A Network Segmentation 101
    •Segmentation Strategies
    •Industry Examples
    •A quick demonstration
    •Illumio
    Watch now
  • Shift Left, Shift Right, or Run Security Right Through The Middle? Recorded: Aug 20 2019 57 mins
    Meera Rao, Senior Principal Consultant, Synopsys, Brandon Dunlap, Moderator, (ISC)²
    Demands for more secure software and more rapid application development have led to the emergence of DevSecOps. DevSecOps maturity requires a risk-based approach to adding security activities, increasing depth, and improving testing governance. The best strategy is to shift from a reactive to a proactive security approach that injects security at the right time and place with automated continuous testing. This presentation covers these aspects of automated continuous testing:

    1. Practices to avoid
    2. Drawbacks
    3. Prerequisites
    4. When and where to use automated testing
    5. Best practices for implementing and improving continuous testing throughout the development life cycle
    Watch now
  • CISO Says with Bruce Beam, CIO, (ISC)² Recorded: Aug 13 2019 60 mins
    Bruce Beam, CIO, (ISC)², Brandon Dunlap, Moderator, (ISC)²
    In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format.

    In this session Bruce Beam, Chief Information Officer at (ISC)² will provide insight into the path he took to become a Cybersecurity Leader and how he is reinventing the role in the face of accelerating industry change
    Watch now
  • Lessons from the field: How to Optimise Third Party Risk Management Recorded: Aug 6 2019 59 mins
    Kimberly Johnson, Senior Manager, Chris Poulin, Principal Consulting Engineer, BitSight, Brandon Dunlap, Moderator, (ISC)²
    As organisations increase their reliance on third-party vendors for outsourced solutions, they expand their attack surface.
    Today’s digital environment offers tremendous opportunities for modern organisations. At the same time, there is more risk. Vulnerabilities and infections plague organisations around the globe — and their numbers continue to rise.

    The tips discussed in this webinar will help you start managing third-party risk to centralise your program and get a preliminary perspective of the risks you face. Once this foundation is established, you can build on it and shift to a more proactive approach to managing third-party risk — and limiting your exposure.

    In this webinar, Chris Poulin (Principal Consulting Engineer, BitSight) and Kimberly Johnson Product Marketing Manager, BitSight) discuss:
    •The state risk and the rise of global vulnerabilities and infections.
    •The supply chain as an expanded attack surface.
    •5 tips for launching a third-party risk management program.
    Watch now
  • Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities Recorded: Jul 30 2019 62 mins
    (ISC)² Customer Service Team, EMEA
    Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
    - CPE opportunities, member benefits and getting involved
    - Updates on (ISC)² news, developments and changes in your region
    - Your membership requirements summarized
    - Who are the (ISC)² EMEA team and how we can help you
    - Focus discussions
    - Q&A session
    Watch now
  • How to Prevent Breaches with Phishing Threat Intelligence Recorded: Jul 23 2019 56 mins
    Darrel Rendell, Principal Intelligence Analyst, Cofense, Brandon Dunlap, Moderator, (ISC)²
    Mottos like "If you see something, say something" speak to the power of human observation in preventing security disasters. Similarly, valuable human-generated intelligence can be effective in preventing data breaches emanating from phishing attacks. In today’s changing cyber threat landscape, humans need to be conditioned to recognise phishing attacks and security teams need to be armed with actionable threat intelligence to rapidly manage an attack once it hits.

    This is where Phishing Threat Intelligence comes into play. By extracting key IOCs from newer phishing threats and making them available to security teams, organisations can detect attacks in progress and respond quickly to reduce the effect of a breach. Plus, by incorporating the same intelligence and tactics in your awareness program, you can train your users to more quickly detect and report an active threat.

    Join this webinar to learn about:
    -The constantly changing threat landscape
    -Turning active, real threats into learning moments for your users
    -Speeding up response with timely, actionable intelligence
    Watch now
  • DDI data – a Critical Enabler of SOAR Recorded: Jul 9 2019 58 mins
    Michael Katz, Security Specialist, Infoblox, Brandon Dunlap, Moderator, (ISC)²
    Constantly evolving threats and shortage of qualified cybersecurity professionals have led security teams to move to security workflow automation to meet the demands. It’s not enough to have a great tool nowadays. These tools have to work better together to meet today’s security challenges. Security orchestration, automation and response (SOAR) tools improve efficiency and efficacy of security operations by automating threat intel management, event monitoring and incident response processes.

    One of the key sources of contextual network and threat intel data comes from infrastructure that organizations already rely on for connectivity – DNS, DHCP and IPAM. This data along with timely, reliable and accurate threat intel can be used to improve scoring and investigation, assist in prioritizing incoming incidents, and can be relied upon to build automation.

    Join this webinar to learn how a well architected DNS, DHCP and IPAM can power SOAR platforms to:

    -Block/unblock domains using context
    -Enrich other security tools with valuable IPAM data
    -Enhance and improve incident response with better threat intelligence
    Watch now
  • Speed & Precision: The Keys to Stopping Modern Adversary Recorded: Jul 2 2019 59 mins
    Zeki Turedi, Technology Strategist EMEA, CrowdStrike, Brandon Dunlap, Moderator, (ISC)²
    Defending against modern adversaries requires the ability to detect and to understand threats quickly, and to respond decisively. CrowdStrike’s experts fight and win these battles every day, and have one of the industry’s most comprehensive pictures of today’s top cyber threats. Join CrowdStrike for a deep dive into global observations and trends, and real-world intrusion case studies, delivering deep insights on modern adversaries, and their tactics, techniques, and procedures (TTPs).

    Learning Outcomes:
    -Why “speed” is the new critical metric in cybersecurity.
    -How organisations are using the MITRE ATT&CK framework to shorten the time to investigate and understand threats.
    -Trends in adversary tradecraft, as seen across 1000s of real-world intrusion attempts.
    -Action plans that you can use to ensure your organisation is ready to anticipate and defend against the most dangerous threats of tomorrow.
    Watch now
  • Taking Security From Mediocre to Mighty With The MITRE ATT&CK Framework Recorded: Jun 25 2019 58 mins
    Matthias Maier, EMEA Director of Product Marketing, Splunk, Brandon Dunlap, Moderator, (ISC)²
    What is the MITRE ATT&CK framework? Where did it come from? Why and how should you use it? Get the answers to all of these questions, as security experts from Splunk take a practical look at how your SOC and SIEM can apply the MITRE ATT&CK framework. Ensure the coverage of known TTP’s of threats your business is exposed to, to improving threat hunting and detection of Adversary’s. Join this webinar to discover:

    • What the MITRE ATT&CK framework is, and why it should be used
    • How to align your use cases to the MITRE ATT&CK framework
    • How to navigate an ATT&CK Threat group TTP's
    • How to track and monitor your detection capabilities to ensure wide coverage
    Watch now
  • Introducing Application Metadata Intelligence Recorded: Jun 18 2019 60 mins
    Ollie Sheridan, Principal Engineer Security, Gigamon, Chris Green, Head of PR and Comms EMEA, (ISC)²
    For many years the choice for monitoring networks has been focussed on the collection and Analysis of raw packets. With the increasing need for multiple tools and SIEM's to get access to this data, along with requirements from Forensic Response teams, a more streamlined method of understanding the behaviour of traffic and user behaviour is required. Whilst NetFlow version 5 and 9 do provide some visibility, there are challenges such as sample rates and lack of Application Layer inspection that need to be addressed.

    Join us for this webinar to learn more about how you can:

    -Produce rich Metadata from network traffic and dive into the Application Layer
    -Use this rich Metadata for Security, Forensics and Business Intelligence purposes
    -Generate Metadata based on the application rather than the IP & Port
    -Ensure that the Application traffic, regardless of port spoofing, produces the correct Metadata
    Watch now
  • How Attackers Exploit Office 365 Vulnerabilities Recorded: Jun 11 2019 62 mins
    Liam Cleary, Microsoft MVP, CEO, SharePlicity, Dan Goater, Solutions Engineer, Netwrix, Brandon Dunlap, Moderator, (ISC)²
    Office 365 has become the platform of choice for document collaboration and sharing. If you’re using Microsoft Office 365 or planning to migrate there, understanding the types of security attacks you can expect is imperative.

    Discover how to:

    - Simulate common Office 365 attacks
    - Test and educate your end users
    - Spot attacks in their early stages
    Watch now
  • Fight the Good Fight Against the Bad Bots Recorded: Jun 4 2019 60 mins
    David Warburton, Senior Threat Research Evangelist, F5 Networks, Brandon Dunlap, Moderator, (ISC)²
    Distinguishing between good bots, bad bots, and humans is a major challenge. Today, over 50% of online traffic is generated by bots and they are involved in nearly every attack. Identifying malicious bots and safeguarding against them is now a top priority for organisations developing a sustainable security strategy.

    Join us for this webinar to learn:

    • How bots infect, propagate, and attack applications
    • What types of application attacks are commonly performed by bots
    • How you can defend against bad bots without disrupting the good ones
    Watch now
  • Real Phish Remain the Real Problem Recorded: May 28 2019 59 mins
    Mollie MacDougall, Threat Intelligence Manager, David Mount, Product Marketing, Cofense, Brandon Dunlap, Moderator, (ISC)²
    Despite investment in next-gen technologies and employee awareness training, phishing threats continue to become more sophisticated and more effective. It’s time for organisations to accept that REAL phish are the REAL problem. Join the Cofense Phishing Threat Landscape review to discover the trends defining phishing in 2019 and priorities for defending your organisation going forward.
    Attend this webinar to learn how attackers are:
    •Using major malware types and their innovative tactics, techniques, and procedures
    •Intensifying credential theft as organizations move infrastructure and applications to the cloud
    •Evolving Emotet and the threat actors behind the botnet
    •Increasing proliferation of sextortion phishing emails

    We’ll examine the obvious changes in the phishing threat landscape, plus look ahead at trends shaping 2019.
    Watch now
  • A Day in the Life - Tips and Best Practices from 3 CISSPs Recorded: May 21 2019 60 mins
    James Packer, CISSP, London; Chuan-Wei Hoo, CISSP, Singapore; James R. McQuiggan, CISSP, United States; B. Dunlap (Moderator)
    More than 130,000 information security professionals have invested time, determination and resources to attain the CISSP certification. Join (ISC)² members from different regions on May 21, 2019 at 10:00AM Eastern as we discuss what pain points, issues and challenges they encounter in their day-to-day work life, as well as solutions, tips and best practices they have developed along the way. We’ll also examine how the CISSP certification has helped them with their job and career.
    Watch now
  • DNS as a Foundation Security Architecture for Digital Transformation Recorded: May 21 2019 57 mins
    Lee Clark, System Engineer, Infoblox, Brandon Dunlap, Moderator, (ISC)²
    Today, your users directly access cloud applications from everywhere. Transformative technologies such as SD-WAN, IoT and the cloud are borderless and complicate security. Non-standard IoT devices using non-standard protocols are rapidly proliferating. And yet, securing your digital transformation doesn’t require a new tool.

    Instead, it takes a simple, scalable and integrated security solution that makes your existing security infrastructure smarter and more efficient. DNS is foundational to the Internet and IP-based communication. It is also the perfect foundation for security: simple to deploy, ubiquitous in networks, essential for connectivity and scalable to Internet size.

    Join this webinar to learn how using DNS as a foundational security architecture can:
    • Protect your brand by securing traditional networks and digital transformations
    • Reduce time and cost of defending your enterprise against threats
    • Detect and remediate problems automatically and provide data to the entire ecosystem
    Watch now
(ISC)² Secure Webinars - EMEA
Forming part of the (ISC)² commitment to Inspiring a Safe and Secure Cyber World, we welcome you to the (ISC)² Secure Webinars - EMEA Channel. Sign up to join us for educational Security Briefings, Roundtables and eSummits aimed at all those vested in the world of information security. We welcome members and non members alike.
  • Upcoming webinars (3)
  • Recorded webinars (204)
  • Subscribers (46,403)
Channel RSS feed

Register for Free

 

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: eSummit 3 Cyber-Forensics - an Overview of Intrusion Investigations
  • Live at: Oct 26 2016 11:00 am
  • Presented by: Dr. Gareth Owenson, Senior Lecturer, University of Portsmouth, Christopher Laing,(ISC)2 EMEA Advisory Board Member
  • From:
Your email has been sent.
or close