Five practical use cases to enhance threat detection and response
Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.
In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.
• Integrating endpoint detection for improved threat hunting capabilities
• Combining logical and physical authentication to spot anomalous access
• Automating detection and response to Phishing attacks
• Detecting possible indicators of bit-coin mining
• Improving incident response times through audio and visual alerting
View this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.
RecordedMay 7 202044 mins
Your place is confirmed, we'll send you email reminders
It is increasingly becoming clear that cybersecurity decisions have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, significantly. Society and humanity increasingly depend on tech to work, learn, and socialise. But that dependence is also making our technology, and us, targets.
To be successful in this new era, CISOs, executives, and security professionals will need to double the efforts to navigate the maze of organisational politics and detractors, engage with the business and place people and culture at the heart of your security program to influence change.
In this on-demand webinar Jinan Budge, Forrester Principal Analyst, shares insights to help you focus your vision and approach team, organisational and external security culture change as strategically as you would any other part of your security program.
James Carder | Jeff Schmidt | Rob Sweeney | Stephen Dyson | Robert M. Lee | Sam Masiello
Attacks on operational technology (OT) have been on the rise for decades. The rise began with the Stuxnet worm that attacked Programmable Logic Controllers (PLCs) in SCADA systems and has increased sharply in the last few years. Not only do these attacks threaten national interests, but as OT continues to be vital in day to day operations, overall business continuity is also endangered. As such, detecting OT threats has become a top priority as governments and organisations around the world implement programs and deliver mandates to protect critical infrastructure and business operations, across all sectors and verticals.
While limiting security and operational risk is a crucial issue, sometimes it’s easier said than done. Watch this panel to hear security experts from across industries discuss business challenges, ways to evaluate risk, and strategies to reduce business risk with operational technology.
- Overview of operational risk and technologies associated with different critical industry
- How security plays a role in operations and achieving business continuity
- Ways your peers have effectively met business challenges
- Recommendations to manage security and operational risk
James Carder, CSO, LogRhythm | Jeff Schmidt, CEO, Avertium | Rob Sweeney, Senior Information Security Engineer, Penn Medicine | Stephen Dyson, Sr. Security Operations Analyst, Penn Medicine | Robert M. Lee, CEO, Dragos | Sam Masiello, CSO, Gates Corporation
Andrew Hollister, LogRhythm Labs & Security Advisor to the CSO | Adam Saunders, Information Security Manager, Bourne Leisure
In a perfect world, your organisation would staff a 24×7 SOC with highly talented cybersecurity professionals to secure its IT environment. But the truth is, a seemingly endless stream of new and complex cyberattacks has driven the demand for qualified professionals through the roof and the number of unfilled positions has soared.
While there is no one-size-fits-all approach to solving the cybersecurity skills gap, our panel of experts provide practical advice for finding and building a team with the right set of skills. Panellists also discuss critical skill sets and outline resources to help you grow in your cybersecurity career.
Moderated by Andrew Hollister, Senior Director of LogRhythm Labs.
- The global state of cybersecurity and recruiting
- Approaches to overcome the cybersecurity skills gap
- Tips to build experience and diversity in your security team
- Ways to grow your career
James Carder, LogRhythm, Karen Holmes, True Blue Inc., Kip James, TTec, Chris Mitchell, City of Houston, Dilip Singh, Sedara
During our RhythmWorld 2020 Security Conference, a panel of five security executives met to discuss some of the major challenges, changes, and opportunities facing chief information security officers (CISOs) today.
The Modern and Evolving Security Leader: Security Executive Panel, explores insider secrets on:
• Building deeper organisation consensus
• Finding security advocates
• Boosting board buy-in
• And much more!
Randy Franklin Smith (Ultimate Windows Security), Dan Kaiser (LogRhythm) and Sally Vincent (LogRhythm)
Threat research can be an invaluable asset to security teams' proactive and reactive response plans. However, general recommendations found in threat research don't always easily translate into practical steps to defend against particular attacks.
During this on-demand webinar with Ultimate Windows Security, LogRhythm Labs' Dan Kaiser and Sally Vincent demonstrate how to translate a recent report on Maze ransomware into actionable steps for your SOC.
They review how to:
- Turn threat details into new monitoring and threat hunting techniques
- Configure your security solution to incorporate those actionable takeaways
- Use samples of Maze that have been reverse engineered to test your newly configured solution
Dan Crossley, Sales Engineering Manager, LogRhythm and Imran Hafeez, LogRhythm Analytic Co-Pilot Consultant
Ransomware has evolved from a commodity malware strain primarily targeting home users, to a devastating and effective tool in the arsenal of advanced threat groups. As these human operated cyberattacks continue to be a lucrative source of income for threat actors, ransomware will continue to pose a major threat to many organisations.
If threat actor activity can be detected in the environment early enough in the kill-chain, analysts stand a much better chance of unravelling the entire attack and reducing the risk to their organisation.
In this on-demand webinar Dan Crossley, Sales Engineering Manager, LogRhythm and Imran Hafeez, LogRhythm Analytic Co-Pilot Consultant, will outline:
• The anatomy of a human operated ransomware attack
• What additional log data can be enabled within a Windows environment to allow better tracing of threat actor activity, including:
o Process creation with command-line execution
o PowerShell logging
o Microsoft Sysmon
• How you can trace and alert on possible threat actor activity within your environment, with these log sources
Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO
The need to protect, defend and respond to threats — regardless of where the employee, data, systems and applications sit — is more apparent than ever as we continue to work from home.
The Zero Trust model helps verify at every step that only trusted identities have access to systems, networks and data they are entitled to.
In this short on-demand session, Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO, outlines the full benefits of implementing a Zero Trust model and how this approach can enhance cyber resilience.
Watch now to hear:
- The considerations to be made before incorporating Zero Trust
- The barriers and best practices to support a successful implementation
- The business benefits of switching to a Zero Trust model
Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO
Whilst some organisations have a 24x7 security operations centre (SOC) with teams of dedicated analysts carefully monitoring for threats around the clock, every day of the year. Unfortunately, most organisations cannot afford a 24x7 SOC. The cost of having well-trained analysts onsite at all times outweighs the benefit.
In this on-demand webinar, Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO, outlines how to create an effective SOC, by combining three components — people, processes, and technology — to build an efficient security operation.
• What makes a SOC effective, including best practises for success
• Cost comparisons of various SOC staffing models
• Steps for building a SOC with limited resources
• How a NextGen SIEM solution is the ideal technology for building a SOC
In this webinar, Abdulrahman Aldalbahi, LogRhythm Enterprise Sales Manager & Muntaser Bdair, Chief Operation Officer, SecurityMatterz, will outline how you can align with Saudi ECC compliance and MITRE ATT&CK for rapid threat detection and response.
Join us to:
• discover the LogRhythm KSA-ECC module including compliance use cases and predefined reports
• learn more about using MITRE ATT&CK techniques to enhance your threat detection
• gain insight into how LogRhythm's NextGen SIEM can effectively detect and respond to cyberthreats
Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO and Dan Crossley, SE CISSP, LogRhythm
As ransomware attacks continue to hit the headlines around the globe they pose a major threat to businesses of all sizes. How do you protect your organisation against ransomware effectively to reduce the associated risk?
In this on-demand webinar, Dan Crossley CISSP, Sales Engineering Manager at LogRhythm, and Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO, discuss:
• Recent ransomware incidents
• Why ransomware attacks are more prevalent and destructive than ever before
• Practical tips to help you detect and respond to ransomware attacks
• How a SIEM can be used to reduce the risk
Randy Franklin Smith (Ultimate Windows Security) and Brian Coulson (LogRhythm)
Today, ransomware attackers won’t simply back down if their demands are not met. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding a ransom. If victims refuse to make the payment and initiate restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online.
That threat is completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat and of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.
During this webcast, Randy Franklin Smith from Ultimate Windows Security provides an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He will also discuss detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks.
Then, Brian Coulson from LogRhythm’s Threat Research team will demonstrate how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.
Join this webinar to learn about the latest trends in ransomware and how you can protect your organisation from them.
Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO
Working in security can sometimes feel as though you are sitting on top of a powder keg. It’s a fact that cybersecurity professionals are reporting higher levels of stress than they did just two years ago. We wanted to learn the causes of tension and anxiety — as well as understand potential ways teams might alleviate and remediate the potential of job burnout.
Our global survey of more than 300 security professionals and executives investigated the reasons behind increased stress on security teams, solution capabilities, deployment strategies, technology gaps, and more. In this on-demand webinar, we explore some of the key findings from this research, including:
- Why security professionals say they have more work stress than they did just two years ago.
- Just how many teams feel that they have adequate executive support.
- How capable teams say they are to detect known security threats.
- The number one reason security professionals say they would leave their jobs.
If you work in security, hearing that stress is impacting your space is likely no surprise.
Watch on-demand to hear Andrew Hollister, Head of LogRhythm Labs & Security Advisor to the CISO at LogRhythm, outline why your team may be experiencing more stress than ever before, the effect executive support has on your program and some indicators on how to alleviate some of the issues your team may be facing.
To avoid a data breach, your organisation must detect and respond quickly to anomalous activity. The Verizon Data Breach Investigations Report, 2017 states that user-based threats are on the rise:
• 69% of organisations report incidents of attempted data theft — by internal threats.
• 81% of breaches involve stolen or weak credentials.
• 91% of firms report inadequate insider threat detection programs.
User and entity behaviour analytics (UEBA) can help you monitor for known threats and behavioural changes in user data, providing critical visibility to uncover user-based threats that might otherwise go undetected.
In this on-demand webinar, Mohan Raj and Ashok Chokalingam from our iMETA team at LogRhythm,l outline the various types of insider threats, the risk they pose to an organisation, the various contributors that may lead to this threat and how to identify and mitigate the risks.
Dan Crossley, Manager, Enterprise Sales Engineering, LogRhythm
This product demo follows the MITRE ATT&CK session available on our BrightTALK channel. Watch this on-demand technical demonstration to hear how the LogRhythm platform can help you align to the MITRE ATT&CK framework.
Andrew Hollister, Senior Director, LogRhythm Labs Security, LogRhythm
In this on-demand webinar Andrew provides an overview of how security professionals and the businesses that employ them can benefit from integrating the MITRE ATT&CK framework into their SIEM. He also expands on how feeding data from a wide set of technologies including endpoint detection and response (EDR), antivirus/anti-malware, intrusion detection/prevention systems (IDS/IPS), and other products can help businesses get the most out of their SOCs.
The momentum behind the growth of cloud services is unstoppable, as businesses seek software, applications, and infrastructure that are more flexible and cost-effective. According
to analysts, nearly half of all application spend is now invested in cloud services, and this cloud-first trend is only going in one direction.
In this on-demand technical webinar LogRhythm’s Daniel Crossley outlines logging and threat detection strategies within cloud environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and Office 365.
The session covers:
• Logging: An overview of cloud logging mechanisms
• Log ingestion: Log collection from cloud environments
• Analytics: Threat detection use cases for cloud environments
The aim of this session is to give you a better understanding of logging and threat detection in cloud environments.
If your team is struggling with resource constraints, you’re probably facing longer-than-ideal response times. This puts your organisation at risk. In this on-demand webinar Ed Carolan, Manager, Enterprise Sales Engineering, outlines how you can maximise the benefits of time optimisation and reduce the burden on your team with SOAR and UEBA.
Understand how you can:
• Leverage UEBA and SOAR to increase automation within the SOC
• Enable team collaboration and workflow automation
• Arm your analysts to be more effective in their work
• Increase the ROI from your SIEM
Martin Smith MBE,Founder The SASIG; James Carder, CSO, VP LogRhythm Labs; Craig Goodwin,CTRO Fujitsu; Michael Strong,CISO GCI
Watch our Q&A panel session to gain insight into how James Carder, LogRhythm CISO and our guest speakers build and maintain a cybersecurity culture at their organisations, how they manage board-level reporting, exec-level relationships, and how they achieve their goals as a security leader, while appealing to the board’s mission and the core mission of their business.
Moderated by Martin Smith MBE, Chairman & Founder, The Security Awareness Special Interest Group (SASIG)
- Key metrics you can use to show the value of you security operations/program
- Actionable tips to get board-level support for your security program
- How to use a security maturity model to map your risk reduction over time
- How to achieve and present cost predictability
Build your security operations centre on a strong foundation
We know your job isn’t easy. That’s why we combine log management, machine learning, SOAR, UEBA, and NDR to give you broad visibility across your environment so you can quickly uncover threats and minimise risk.
But a mature SOC doesn’t just stop threats. With LogRhythm, you’ll easily baseline your security operations program and track your gains — so you can easily report your successes to your board.
Hear best practices, see technology demos, listen to speaker panels on our European BrightTALK channel.
Visit our website for more information:
Five practical use cases to enhance threat detection and responseJake Anthony, Systems Engineer and Simon Hamilton, Client Manager, LogRhythm[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]44 mins