Name: Maze ransomware: Use threat research & MITRE ATT&CK to turn analysis into action
Start: 2020-12-01T10:00:00Z
End: 2020-12-01T10:00:59.000Z
Location: BrightTALK
Rating: 4.5

We know your job isn’t easy. That’s why we combine log management, machine learning, SOAR, UEBA, and NDR to give you broad visibility across your environment so you can quickly uncover threats and minimise risk.

But a mature SOC doesn’t just stop threats. With LogRhythm, you’ll easily baseline your security operations program and track your gains — so you can easily report your successes to your board.

Hear best practices, see technology demos, listen to speaker panels on our European BrightTALK channel. 

Visit our website for more information: 
http://www.logrhythm.com/

It is increasingly becoming clear that cybersecurity decisions have broader societal implications than ever before. In 2020 and beyond, technology promises to change our own experience and enhance our way of life, significantly. Society and humanity increasingly depend on tech to work, learn, and socialise. But that dependence is also making our technology, and us, targets. 

To be successful in this new era, CISOs, executives, and security professionals will need to double the efforts to navigate the maze of organisational politics and detractors, engage with the business and place people and culture at the heart of your security program to influence change. 

In this on-demand webinar Jinan Budge, Forrester Principal Analyst, shares insights to help you focus your vision and approach team, organisational and external security culture change as strategically as you would any other part of your security program.

Cybersecurity Implications on Society – feat. Forrester

Attacks on operational technology (OT) have been on the rise for decades. The rise began with the Stuxnet worm that attacked Programmable Logic Controllers (PLCs) in SCADA systems and has increased sharply in the last few years. Not only do these attacks threaten national interests, but as OT continues to be vital in day to day operations, overall business continuity is also endangered. As such, detecting OT threats has become a top priority as governments and organisations around the world implement programs and deliver mandates to protect critical infrastructure and business operations, across all sectors and verticals. 

While limiting security and operational risk is a crucial issue, sometimes it’s easier said than done. Watch this panel to hear security experts from across industries discuss business challenges, ways to evaluate risk, and strategies to reduce business risk with operational technology.  

You’ll learn: 
- Overview of operational risk and technologies associated with different critical industry 
- How security plays a role in operations and achieving business continuity 
- Ways your peers have effectively met business challenges 
- Recommendations to manage security and operational risk

Speakers: 
James Carder, CSO, LogRhythm | Jeff Schmidt, CEO, Avertium | Rob Sweeney, Senior Information Security Engineer, Penn Medicine | Stephen Dyson, Sr. Security Operations Analyst, Penn Medicine | Robert M. Lee, CEO, Dragos | Sam Masiello, CSO, Gates Corporation

Managing Security and Operational Risk Panel

In a perfect world, your organisation would staff a 24×7 SOC with highly talented cybersecurity professionals to secure its IT environment. But the truth is, a seemingly endless stream of new and complex cyberattacks has driven the demand for qualified professionals through the roof and the number of unfilled positions has soared.  

While there is no one-size-fits-all approach to solving the cybersecurity skills gap, our panel of experts provide practical advice for finding and building a team with the right set of skills. Panellists also discuss critical skill sets and outline resources to help you grow in your cybersecurity career. 

Moderated by Andrew Hollister, Senior Director of LogRhythm Labs.  

You’ll learn:  
- The global state of cybersecurity and recruiting 
- Approaches to overcome the cybersecurity skills gap
- Tips to build experience and diversity in your security team 
- Ways to grow your career

Overcoming the Skills Shortage for Modern and Effective Security Operations

We’ve all seen the headlines – women make up 26% of all computing related jobs and for the cybersecurity industry, it’s even less at 20%. For women of colour, it’s down to the single digits.

During this on-demand webinar a distinguished panel of executives discuss the unique challenges women face in the industry, share their career journeys and leadership philosophies.

The panel features executives at the helm of leading cybersecurity companies including:
- Sam King, CEO of Veracode
- Avani Desai, President of Schellman & Company
- Cindy Zhou, CMO, LogRhythm

This panel aims to inspire young women to build a career in cybersecurity, and discuss how men can help by mentoring and partnering with women.

Women in Security: Executive Panel

During our RhythmWorld 2020 Security Conference, a panel of five security executives met to discuss some of the major challenges, changes, and opportunities facing chief information security officers (CISOs) today.

The Modern and Evolving Security Leader: Security Executive Panel, explores insider secrets on:
• Building deeper organisation consensus
• Finding security advocates
• Boosting board buy-in
• And much more!

The Modern and Evolving Security Leader Panel

Ransomware has evolved from a commodity malware strain primarily targeting home users, to a devastating and effective tool in the arsenal of advanced threat groups. As these human operated cyberattacks continue to be a lucrative source of income for threat actors, ransomware will continue to pose a major threat to many organisations. 

If threat actor activity can be detected in the environment early enough in the kill-chain, analysts stand a much better chance of unravelling the entire attack and reducing the risk to their organisation. 

In this on-demand webinar Dan Crossley, Sales Engineering Manager, LogRhythm and Imran Hafeez, LogRhythm Analytic Co-Pilot Consultant, will outline: 
• The anatomy of a human operated ransomware attack
• What additional log data can be enabled within a Windows environment to allow better tracing of threat actor activity, including:
       o	Process creation with command-line execution
       o	PowerShell logging
       o	Microsoft Sysmon
• How you can trace and alert on possible threat actor activity within your environment, with these log sources

Combatting ransomware and APT activity with process-level monitoring

The need to protect, defend and respond to threats — regardless of where the employee, data, systems and applications sit — is more apparent than ever as we continue to work from home.

The Zero Trust model helps verify at every step that only trusted identities have access to systems, networks and data they are entitled to. 

In this short on-demand session, Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO, outlines the full benefits of implementing a Zero Trust model and how this approach can enhance cyber resilience. 

Watch now to hear:
 - The considerations to be made before incorporating Zero Trust
 - The barriers and best practices to support a successful implementation
 - The business benefits of switching to a Zero Trust model

The benefits and barriers of implementing Zero Trust

Whilst some organisations have a 24x7 security operations centre (SOC) with teams of dedicated analysts carefully monitoring for threats around the clock, every day of the year. Unfortunately, most organisations cannot afford a 24x7 SOC. The cost of having well-trained analysts onsite at all times outweighs the benefit. 

In this on-demand webinar, Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO, outlines how to create an effective SOC, by combining three components — people, processes, and technology — to build an efficient security operation. 

You’ll learn:
• What makes a SOC effective, including best practises for success
• Cost comparisons of various SOC staffing models
• Steps for building a SOC with limited resources 
• How a NextGen SIEM solution is the ideal technology for building a SOC

How to Build a SOC with Limited Resources

In this webinar, Abdulrahman Aldalbahi, LogRhythm Enterprise Sales Manager & Muntaser Bdair, Chief Operation Officer, SecurityMatterz, will outline how you can align with Saudi ECC compliance and MITRE ATT&CK for rapid threat detection and response. 

Join us to:
• discover the LogRhythm KSA-ECC module including compliance use cases and predefined reports 
• learn more about using MITRE ATT&CK techniques to enhance your threat detection 
• gain insight into how LogRhythm's NextGen SIEM can effectively detect and respond to cyberthreats

NextGen SIEM & Saudi ECC regulations

As ransomware attacks continue to hit the headlines around the globe they pose a major threat to businesses of all sizes. How do you protect your organisation against ransomware effectively to reduce the associated risk?

In this on-demand webinar, Dan Crossley CISSP, Sales Engineering Manager at LogRhythm, and Andrew Hollister, Senior Director LogRhythm Labs & Security Advisor to the CSO, discuss:

•	Recent ransomware incidents 
•	Why ransomware attacks are more prevalent and destructive than ever before 
•	Practical tips to help you detect and respond to ransomware attacks
•	How a SIEM can be used to reduce the risk

Best Practices For Reducing Ransomware Risk

Today, ransomware attackers won’t simply back down if their demands are not met. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding a ransom. If victims refuse to make the payment and initiate restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online.

That threat is completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat and of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.

During this webcast, Randy Franklin Smith from Ultimate Windows Security provides an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He will also discuss detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks.

Then, Brian Coulson from LogRhythm’s Threat Research team will demonstrate how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.

Join this webinar to learn about the latest trends in ransomware and how you can protect your organisation from them.

Keeping pace with ransomware: Lessons learnt in the past year

Working in security can sometimes feel as though you are sitting on top of a powder keg. It’s a fact that cybersecurity professionals are reporting higher levels of stress than they did just two years ago. We wanted to learn the causes of tension and anxiety — as well as understand potential ways teams might alleviate and remediate the potential of job burnout.

Our global survey of more than 300 security professionals and executives investigated the reasons behind increased stress on security teams, solution capabilities, deployment strategies, technology gaps, and more. In this on-demand webinar, we explore some of the key findings from this research, including:

- Why security professionals say they have more work stress than they did just two years ago.
- Just how many teams feel that they have adequate executive support.
- How capable teams say they are to detect known security threats.
- The number one reason security professionals say they would leave their jobs.

If you work in security, hearing that stress is impacting your space is likely no surprise. 

Watch on-demand to hear Andrew Hollister, Head of LogRhythm Labs & Security Advisor to the CISO at LogRhythm, outline why your team may be experiencing more stress than ever before, the effect executive support has on your program and some indicators on how to alleviate some of the issues your team may be facing.

The State of the Security Team: Are Executives the Problem?

To avoid a data breach, your organisation must detect and respond quickly to anomalous activity. The Verizon Data Breach Investigations Report, 2017 states that user-based threats are on the rise:

• 69% of organisations report incidents of attempted data theft — by internal threats.
• 81% of breaches involve stolen or weak credentials.
• 91% of firms report inadequate insider threat detection programs.

User and entity behaviour analytics (UEBA) can help you monitor for known threats and behavioural changes in user data, providing critical visibility to uncover user-based threats that might otherwise go undetected.

In this on-demand webinar, Mohan Raj and Ashok Chokalingam from our iMETA team at LogRhythm,l outline the various types of insider threats, the risk they pose to an organisation, the various contributors that may lead to this threat and how to identify and mitigate the risks.

Mitigating the risks of insider threats with UEBA

This product demo follows the MITRE ATT&CK session available on our BrightTALK channel. Watch this on-demand technical demonstration to hear how the LogRhythm platform can help you align to the MITRE ATT&CK framework.

Live demo - MITRE ATT&CK with LogRhythm

In this on-demand webinar Andrew provides an overview of how security professionals and the businesses that employ them can benefit from integrating the MITRE ATT&CK framework into their SIEM. He also expands on how feeding data from a wide set of technologies including endpoint detection and response (EDR), antivirus/anti-malware, intrusion detection/prevention systems (IDS/IPS), and other products can help businesses get the most out of their SOCs.

MITRE ATT&CK 2020: An update in SIEM alignment

Threat hunting refers to the process of proactively searching for advanced threats that may have eluded security systems. In other words, going after the ones that slipped through the net. 

In this on-demand session, you will learn some practical threat hunting tips and tricks using the LogRhythm NextGen SIEM Platform.

Live demo - Threat hunting with LogRhythm

The momentum behind the growth of cloud services is unstoppable, as businesses seek software, applications, and infrastructure that are more flexible and cost-effective. According
to analysts, nearly half of all application spend is now invested in cloud services, and this cloud-first trend is only going in one direction.

In this on-demand technical webinar LogRhythm’s Daniel Crossley outlines logging and threat detection strategies within cloud environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure and Office 365.

The session covers:
• Logging: An overview of cloud logging mechanisms
• Log ingestion: Log collection from cloud environments 
• Analytics: Threat detection use cases for cloud environments 

The aim of this session is to give you a better understanding of logging and threat detection in cloud environments.

Logging & threat detection in the cloud: AWS, GCP, Microsoft Azure & Office 365

Threat research can be an invaluable asset to security teams' proactive and reactive response plans. However, general recommendations found in threat research don't always easily translate into practical steps to defend against particular attacks.

During this on-demand webinar with Ultimate Windows Security, LogRhythm Labs' Dan Kaiser and Sally Vincent demonstrate how to translate a recent report on Maze ransomware into actionable steps for your SOC. 

They review how to:
- Turn threat details into new monitoring and threat hunting techniques
- Configure your security solution to incorporate those actionable takeaways
- Use samples of Maze that have been reverse engineered to test your newly configured solution

Maze ransomware: Use threat research & MITRE ATT&CK to turn analysis into action

Ransomware

Threat Research

Reverse Engineering

Cyber Attacks

SIEM

Threat Hunting

Maze

cybersecurity

Threat Detection

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Welcome to the big data and data management community on BrightTALK. Join thousands of data quality engineers, data scientists, database administrators and other professionals to find more information about the hottest topics affecting your data. Subscribe now to learn about efficiently storing, optimizing a complex infrastructure, developing governing policies, ensuring data quality and analyzing data to make better informed decisions. Join the conversation by watching live and on-demand webinars and take the opportunity to interact with top experts and thought leaders in the field.

Big Data and Data Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Maze ransomware: Use threat research & MITRE ATT&CK to turn analysis into action

Presented by

About this talk

More from this channel