Combatting ransomware and APT activity with process-level monitoring

Logo
Presented by

Dan Crossley, Sales Engineering Manager, LogRhythm and Imran Hafeez, LogRhythm Analytic Co-Pilot Consultant

About this talk

Ransomware has evolved from a commodity malware strain primarily targeting home users, to a devastating and effective tool in the arsenal of advanced threat groups. As these human operated cyberattacks continue to be a lucrative source of income for threat actors, ransomware will continue to pose a major threat to many organisations. If threat actor activity can be detected in the environment early enough in the kill-chain, analysts stand a much better chance of unravelling the entire attack and reducing the risk to their organisation. In this on-demand webinar Dan Crossley, Sales Engineering Manager, LogRhythm and Imran Hafeez, LogRhythm Analytic Co-Pilot Consultant, will outline: • The anatomy of a human operated ransomware attack • What additional log data can be enabled within a Windows environment to allow better tracing of threat actor activity, including: o Process creation with command-line execution o PowerShell logging o Microsoft Sysmon • How you can trace and alert on possible threat actor activity within your environment, with these log sources

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (87)
Subscribers (18985)
We know your job isn’t easy. That’s why we combine log management, machine learning, SOAR, UEBA, and NDR to give you broad visibility across your environment so you can quickly uncover threats and minimise risk. But a mature SOC doesn’t just stop threats. With LogRhythm, you’ll easily baseline your security operations program and track your gains — so you can easily report your successes to your board. Hear best practices, see technology demos, listen to speaker panels on our European BrightTALK channel. Visit our website for more information: http://www.logrhythm.com/