Hi [[ session.user.profile.firstName ]]

Beyond Malware: How to Detect and Respond to Malware-Free Intrusions

What do you do when adversaries don’t use any malware or exploits? We will show how to deal with malware-free intrusions; how to detect, prevent, attribute and respond. This session will feature techniques we’ve observed in the field, from the stealthiest adversaries who leave no malware footprints behind. We will demonstrate a live attack and show how CrowdStrike’s next-generation endpoint protection solution, Falcon Host, can detect the activity in real-time and provide relevant countermeasures for protection and response.
In this session, you will learn how to:
•Determine whether advanced adversaries have gained a foothold in your organization without using malware
•Identify and observe adversary’s lateral movement to understand what they want and who they are targeting in your organization
•Gain the ability to record and reconstruct an incident completely to understand what systems and data the adversary has touched
Recorded Oct 28 2015 53 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Dmitri Alperovitch, CTO and Cofounder; CrowdStrike and Elia Zaitsev, Principal Solutions Architect; CrowdStrike
Presentation preview: Beyond Malware: How to Detect and Respond to Malware-Free Intrusions

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Security at the speed of DevOps Recorded: Jun 19 2019 59 mins
    Scott Ward: Solutions Architect - Amazon Web Services (AWS), Alexi Papaleonardos: Principal Consultant - CrowdStrike
    Organizations are rapidly adopting DevOps as they retool their IT infrastructure. The speed and agility it delivers enables them to better serve their customers and compete more effectively in the marketplace. Far too often security is seen as an inhibitor — getting in the way of rapid delivery of new applications and the ability to scale infrastructure to meet business opportunity.

    In this session, experts from Amazon Web Services (AWS) and CrowdStrike will outline how to quickly deploy and scale while retaining control and preserving compliance when using the cloud. You’ll learn how you can adopt a DevOps model without sacrificing security by using automated compliance policies, fine-grained controls, and configuration management techniques.

    This webcast will cover these key topics and takeaways:

    - A review and discussion of the shared responsibility model to help you understand the tenets of security that’s “of” the cloud versus security “in” the cloud
    - Best practices in securing your cloud presence
    - Practical steps for how you should assess your infrastructure, management and compliance
  • Going Far Beyond Antivirus Recorded: Jun 13 2019 62 mins
    Dr. Sven Krasser: VP, Chief Scientist - CrowdStrike, Dan Larson: VP, Product Marketing - CrowdStrike
    An examination of three "must-have" capabilities for effective endpoint protection.

    Analysts have been redefining endpoint protection platforms (EPP) in light of the increasingly sophisticated threat actors targeting today's organizations. A recent report from the Enterprise Strategy Group (ESG), which found that 76 percent of organizations have either changed their AV vendor recently or are planning to do so soon, proves that organizations are aligned with this thinking. However, analysts also warn that organizations shouldn't just switch from vendor A to vendor B — they recommend moving beyond signature-based AV solutions to next-gen EPP that is truly capable of offering you better protection and performance.

    This webcast focuses on the three critical features you should look for in next-gen EPP and gives you an understanding of the cutting-edge technology that can take you "far beyond AV." Join a panel of CrowdStrike experts including VP and Chief Scientist Sven Krasser, VP of Product Marketing Dan Larson, Senior Engineering Manager Kirby Koster and Senior Director of OverWatch and Security Response Jennifer Ayers, as they take a deep dive into the must-haves that characterize true next-gen EPP.

    Join this webcast to learn:

    - The new definition of endpoint protection and the characteristics that separate the old from the new
    - The role of AI and ML in EPP and the factors that make these technologies most effective
    - How event stream processing powers behavioral analytics and why it’s crucial for EPP
    - Proactive threat hunting and its role in EPP
  • Stopping Breaches Faster: The 1/10/60 Minute Challenge Recorded: Jun 11 2019 53 mins
    Scott Taschler: Director of Products - CrowdStrike, Rachel Scobey: Technical Product Manager - CrowdStrike
    Breakout time, the time that it takes an intruder to jump from the machine that’s initially compromised and move laterally through your network, on average is 1h and 58m*. This is your critical window to take action and stop the breach. When an attack is in progress, we’re seeing world leading security teams take one minute to detect it, 10 minutes to understand it and one hour to contain it. Is your organisation ready to meet the 1/10/60 minute challenge?

    Attend this webcast to learn:

    -What breakout time is and what it means for defenders that are responding to attacks in real time
    -How the incident response process unfolds and the barriers that keep organisations from mounting a rapid and efficient response
    -The key steps you can take to improve your organisation’s ability to rapidly detect, investigate and remediate threats

    * The 2018 CrowdStrike® Global Threat Report
  • BECs - Are You Prepared? Recorded: May 8 2019 57 mins
    Bryan York: Director, Professional Services - CrowdStrike, David Hampton: Manager, Professional Services - CrowdStrike
    Business Email Compromises (BECs) are a growing problem across a multitude of industries. Threat actors are the spearhead of this new genre of cyber fraud, triggering losses that run into the billions of dollars.

    In this webcast, CrowdStrike experts will detail how to identify and defend against the threat posed by BECs. Experts will also discuss how to identify a BEC in the context of a broader compromise assessment focused on addressing current and past attackers.

    Join this session to learn:

    - How BEC works and the nature of the threat that it poses to your organization
    - Examples from real-life BEC attacks and responses
    - Insight into Office 365 BEC investigative methodologies and data sources
    - The role compromise assessments can play in your security hygiene and how it can help protect against BEC
  • Observations from the Front Lines of Threat Hunting Recorded: May 1 2019 47 mins
    Harlan Carvey: Senior Researcher - CrowdStrike, John Wunder: Principal Cybersecurity Engineer - MITRE
    The CrowdStrike® Falcon OverWatch™ threat hunting team has a unique vantage point on today’s threat landscape. The team’s new report, “Observations from the Front Lines of Threat Hunting,” provides this perspective with an in-depth discussion of today’s most sophisticated cyberattacks, compiled by expert hunters working at the forefront of cyber defense.

    Join MITRE’s John Wunder and CrowdStrike expert threat hunter Harlan Carvey as they discuss exploring the attacker trends observed in the wild and provide practical advice to improve your security posture today.

    Join this webcast to learn:

    - The prevalent tactics and techniques used by adversaries in 2018 and the trends you can expect to continue
    - How to improve your organization's defenses by analyzing the steps successful enterprises take to ensure their security
    - What the MITRE ATT&CK framework is and how it helps defenders understand and respond to new threats
  • A Day in the Life of a SOC Analyst Recorded: Apr 24 2019 49 mins
    Adam Meyers: VP Intelligence - CrowdStrike, Kurt Baker: Senior Director of Product Marketing for Intelligence - CrowdStrike
    Today’s Security Operation Center (SOC) teams are challenged by the volume and the growing sophistication of cyber threats. The typical SOC receives tens of thousands of alerts each week, yet, due to a lack of time and resources, only a small percentage will ever be investigated.

    This webcast looks at typical SOC activities, including the pitfalls and failures, and offers a new approach to alert investigation and response. Join CrowdStrike VP of Intelligence Adam Meyers to gain an understanding of how integrating and automating threat intelligence with endpoint protection can accelerate incident research, streamline the investigative process and drive better security responses.

    Join this webcast to hear CrowdStrike experts discuss:

    - How you can cut your incident investigation time from 8 hours to 10 minutes
    - How SOC teams can focus on the most relevant threats
    - How you can automatically investigate all incidents, learn from attacks, and accelerate your decision-making and response
    - How to get ahead of adversaries by understanding their motivations and tradecraft, enabling you to predict and anticipate their next move
  • How to make 60-minute Remediation a Reality Recorded: Apr 17 2019 54 mins
    Austin Murphy: Vice President of Managed Services - CrowdStrike, Con Mallon: Senior Product Director - CrowdStrike
    Speed is an imperative in cybersecurity and it is one of the themes in the CrowdStrike® 2019 Global Threat Report, which highlights the critical importance of speed in staying ahead of today’s rapidly evolving threats. One of the focuses of this year’s report is “breakout time” — the window of time from when an adversary first compromises an endpoint machine to when they begin moving laterally throughout your network to reach their objective. For some adversaries, it only takes an average of 18 minutes. This begs an important question — are you and your organization able to respond at the same pace as the attacker?

    To help organizations be better prepared for today’s sophisticated adversaries, CrowdStrike has established the "1-10-60 rule” as a benchmark for the average speed needed to defeat the adversary and stop the breach: 1 minute to detect, 10 to investigate and 60 minutes to remediate.

    In this webcast, CrowdStrike VP of Managed Services Austin Murphy will discuss the 1-10-60 rule and explain why these key outcome-driven metrics are critical to your organization’s security readiness. He will also show you how CrowdStrike Falcon® Complete™ can instantly transform your security and ensure you can meet the 1-10-60 rule.

    Join this webcast to learn:

    - Why speed of detection, investigation and remediation are key factors for successful day-to-day security management

    - The important steps needed to improve your organization’s ability to rapidly detect, investigate and remediate threats

    - How Falcon Complete can fast-track your organization to a 1-10-60 rule posture and elevate your cybersecurity maturity to the highest possible level, regardless of your internal resources
  • Fileless Attacks: Learn how to defend your organisation against them Recorded: Oct 12 2017 34 mins
    Zeki Turedi, Senior Systems Engineer, CrowdStrike
    Standard security solutions have continued to improve in their ability to detect and block malware and cyberattacks. This has forced cybercriminals to employ stealthier methods of evading legacy security to achieve success, including launching fileless attacks.

    Join CrowdStrike security experts as they discuss why so many of today's adversaries are abandoning yesterday's malware and relying on an evolving array of fileless exploits. You'll learn how fileless attacks are conceived and executed and why they are successfully evading the standard security measures employed by most organizations. You'll also receive guidance on the best practices for defending your organization against these stealthy, damaging attacks.

    Join this webcast to learn:
    - Best practices for defending your organization against fileless attacks
    - How a fileless attack is executed — see how an end-to-end attack unfolds
    - Why fileless attacks are having so much success evading legacy security solutions
  • Hand to Hand Combat with an Advanced Attacker Recorded: Jun 14 2017 59 mins
    Zeki Tured, Senior Systems Engineer, CrowdStrike
    Learn new attack techniques that have been uncovered by CrowdStrike’s threat hunting and incident response teams including: initial attack vectors, persistence, lateral movement and data exfiltration techniques. See new techniques for dealing with malware, ransomware, spearphishing, exploits and malware-free intrusions. Leave knowing how to identify and stop advanced threat activity in your environment.

    Learning Outcomes:

    - How nation-state threats are crafted and how their Tactics, Techniques, and Procedures (TTPs) help identify them from more routine advanced attacks
    - Who are the most notable adversaries in 2017 and the key European security themes based on the latest intelligence compiled across CrowdStrike’s global intelligence gathering operation
    - What are the indicators of attack and how you can apply them to defeat the adversary?
  • Is Ransomware Morphing Beyond the Ability of Standard Approaches to Stop It? Recorded: May 2 2017 60 mins
    Dan Brown, Detection Architect at Crowdstrike
    Ransomware continues to evolve as perpetrators develop new exploits with consequences that can be dramatic and immediate. New super strains go beyond holding files hostage. In Austria, ransomware was used to take over a hotel’s keycard system so guests were locked out of their rooms. Researchers have developed strains that can alter programmable logic controller (PLC) parameters with the potential to throw major mechanical systems into chaos. New defense approaches are needed because organizations can no longer rely on backups and conventional security solutions to protect them. Join CrowdStrike Senior Security Architect Dan Brown as he explains why conventional security isn’t working, and reveals recent innovations – including new Indicator of Attack (IOA) behavioral analysis methodologies – to successfully detect and prevent even the most complex “file-less” ransomware exploits.
    Attend this CrowdCast where Dan will discuss:

    ● The challenges of defending against dangerous new variants, such as Russian roulette-style ransomware that encrypts data in stages, or the use of “known good” programs such as the WinRar data compression tool to implement ransomware

    ● Real-world examples of ransomware in action and how different approaches fare against each type of exploit

    ● How the CrowdStrike Falcon cloud-delivered platform can defend your organization against new super strains of ransomware that use sophisticated malware-free tactics

    Dan Brown
    Crowdstrike, Detection Architect
    Dan is a 15-year veteran of the cybersecurity industry with a career that spans contributions to DARPA, NASA, and other government agencies, as well as several successful private-sector startups. At CrowdStrike, Dan engages in research to support ever evolving detection and prevention technology.
  • Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting Recorded: May 2 2017 47 mins
    Christopher Witter, Senior Manager, Falcon OverWatch at CrowdStrike
    Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.

    A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.

    Register for this webcast to learn:

    • How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security

    • Why an approach that includes  proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats  
    • How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches

    About the Speaker
    Christopher Witter
    Senior Manager Falcon OverWatch, CrowdStrike

    Christopher Witter leads CrowdStrike’s Managed Hunting Service, OverWatch. He has over 15 years in incident response and information security and he’s previously held senior roles on Computer Security and Incident Response Teams (CSIRT) at both a top five global bank and a top ten defense contractor.
  • How to Replace Your Legacy Antivirus Solution Recorded: Apr 6 2017 62 mins
    Dan Larson, Sr. Director of Technical Marketing, CrowdStrike
    Legacy AV products are failing to stop modern threats. That’s why AV replacement is a hot topic in the industry and why enterprises in every sector are looking for answers. As breaches continue to dominate the headlines, you need to know that there is a new approach that can close the wide security gap left by yesterday’s AV solutions. Defending against today’s sophisticated polymorphic threats requires new weapons and that’s just what the CrowdStrike Falcon Platform delivers.

    The key to this new approach is going beyond malware to addressing the most complex and persistent cyber threats at every stage of the kill chain. CrowdStrike does this by combining next-gen antivirus, endpoint detection and response (EDR), and a managed threat hunting service – all cloud-delivered with a single lightweight agent.

    In this CrowdCast, Dan Larson, Sr. Director of Technical Marketing, will discuss:

    • The typical challenges with legacy antivirus, from efficacy to complexity & bulky architecture

    • How CrowdStrike stands above competitive offerings by providing robust threat prevention leveraging artificial intelligence and machine learning

    • How Falcon’s lightweight sensor and cloud architecture dramatically reduces operational burden

    • How you can seamlessly migrate from legacy antivirus to CrowdStrike Falcon

    • Why CrowdStrike was positioned as a “Visionary” in the 2017 Gartner Magic Quadrant for Endpoint Protection Solutions and what it says about our standing as an effective AV replacement
  • Cloud-Enabled: The Future of Endpoint Security Recorded: Mar 3 2017 64 mins
    Jackie Castelli CrowdStrike, Sr. Product Manager
    As the cost and complexity of deploying and maintaining on-premises security continues to rise, many endpoint security providers have embraced the cloud as the ideal way to deliver their solutions. Yet, incorporating cloud services into legacy architectures limits their ability to fully engage the tremendous power the cloud offers.

    CrowdStrike Falcon recognized the value of cloud-delivery from the beginning, developing architecture built from the ground up to take full advantage of the cloud. CrowdStrike’s cloud-powered endpoint security not only ensures rapid deployment and infinite scalability, it increases your security posture by enabling real-time advanced threat protection across even the largest, distributed enterprises.

    In this CrowdCast, Jackie Castelli, Sr. Product Manager will discuss:

    • The advantages of endpoint protection purpose-built for the cloud – why it allows you to take full advantage of the cloud’s power

    • The common concerns organizations face when evaluating cloud-based endpoint security - can privacy and control be assured?

    • Real-world examples demonstrating the unique advantages offered by CrowdStrike Falcon’s innovative cloud-powered platform

    About the Speaker:

    Jackie Castelli
    CrowdStrike, Sr. Product Manager

    Jackie Castelli, CISSP, has over 20 years of experience in the cybersecurity industry. She has gained practical security experience in her roles as a security architect and data center manager. As a senior product marketing manager for CrowdStrike, she is responsible for educating the market about Falcon Host, CrowdStrike’s next-generation endpoint protection. Prior to CrowdStrike, Jackie worked in technical roles in pre-sales, IT and support. Jackie frequently speaks on cyber security topics at executive briefings and industry events.
  • Battling Unknown Malware With Machine Learning Recorded: Feb 13 2017 58 mins
    Dr. Sven Krasser, Chief Scientist, CrowdStrike
    Learn about the first signature-less engine to be integrated into VirusTotal

    CrowdStrike recently made headlines by announcing that it is the first machine learning-based engine to be integrated into VirusTotal. VirusTotal is the premier nexus where all reputable AV vendors transparently publicize their detection results and share malware data for the greater good. The addition of CrowdStrike’s advanced machine learning engine to this anti-malware industry staple is a major leap forward for users who rely on VirusTotal capabilities to help defend their endpoints.

    In this live CrowdCast, CrowdStrike’s Chief Scientist Dr. Sven Krasser offers an exclusive look “under the hood” of this unique machine learning engine, revealing how it works, how it differs from all other signature-based engines integrated into VirusTotal to date, and how it fits into the larger ecosystem of techniques used by CrowdStrike Falcon to keep endpoints and environments safe.

    Topics will include:

    •What CrowdStrike Falcon machine learning is and how it works
    •How to interpret results of machine learning-based threat detection
    •How users can benefit from the CrowdStrike Falcon machine learning engine
    •How this cutting-edge technology fits into the CrowdStrike Falcon breach prevention platform

    Featured Speaker:

    Dr. Sven Krasser
    Chief Scientist, CrowdStrike

    Dr. Sven Krasser is a recognized authority on network and host security. He currently serves as Chief Scientist for CrowdStrike, where he oversees the development of endhost and cloud-based Big Data technologies. Previously, Dr. Krasser was at McAfee where he led the data analysis and classification efforts for TrustedSource. He is the lead inventor of numerous key patented and patent-pending network and host security technologies and is the author of numerous publications on networking and security technologies.
  • Lessons from the Trenches: Cyber Intrusion Casebook Revealed Recorded: Dec 9 2015 70 mins
    Wendi Whitmore, VP CrowdStrike Services; Andy Schworer, Principal Consultant; and Brandon Finney, Principal Consultant
    Learn important lessons gleaned from real-life engagements, detailing the tools and techniques advanced attackers use to compromise victim networks, and strategies the CrowdStrike Services team has devised to combat and even prevent these attacks from occurring.

    You will learn:

    - New tactics attackers are using to gain and maintain access to victim networks
    - How quickly adversaries attempt to re-infect an organization
    - Remediation tactics and tools you can use to remove attackers from your network
    - Proactive steps you can take to improve your success in detecting, preventing and responding to targeted attacks
  • Should I Really Trust the Cloud with my Endpoint Security Protection? Recorded: Nov 11 2015 49 mins
    Dave Cole, Chief Product Officer, CrowdStrike
    In architecting true next generation endpoint protection, CrowdStrike made a deliberate decision to embrace the Cloud. Why? The Falcon platform was built by people fed up with the limitations of building on-premise products, who realized that ‘Cloud-supported’ wasn’t enough. Only an endpoint security product designed from the ground-up to be based on the Cloud would work.
    In this session you will learn:
    • Why the Cloud provides the scale, resources and power to protect you
    • The privacy, security, control and legal issues to be considered in using the Cloud for endpoint security
    • Why the Cloud-based Falcon endpoint protection platform is the right decision for your organization.
  • What’s Next in Endpoint Defense? Recorded: Oct 30 2015 61 mins
    Dmitri Alperovitch, CTO and Cofounder, CrowdStrike; Renee Guttmann, VP for Info Risk, Optiv; Rafal Los, Dir, Sol Researc,Opti
    Join executives from CrowdStrike and Optiv in a lively panel discussion on why signature-focused, alert-centric reactive model for endpoint security tools must evolve to meet the growing productivity needs of the enterprise in an increasingly hostile threat environment. Find out how the next generation in endpoint protection is helping some of the world’s top organizations fill the gaps left by their existing security solutions.
    Join us and you will learn:
    •Why existing leading security strategies barely address 40% of today’s enterprise data breaches.
    •Learn the must-have capabilities and features of a successful endpoint security solution strategy.
    •How one Fortune 100 financial firm deployed an entirely cloud-based NGE solution to radically improve its security posture.
  • Beyond Malware: How to Detect and Respond to Malware-Free Intrusions Recorded: Oct 28 2015 53 mins
    Dmitri Alperovitch, CTO and Cofounder; CrowdStrike and Elia Zaitsev, Principal Solutions Architect; CrowdStrike
    What do you do when adversaries don’t use any malware or exploits? We will show how to deal with malware-free intrusions; how to detect, prevent, attribute and respond. This session will feature techniques we’ve observed in the field, from the stealthiest adversaries who leave no malware footprints behind. We will demonstrate a live attack and show how CrowdStrike’s next-generation endpoint protection solution, Falcon Host, can detect the activity in real-time and provide relevant countermeasures for protection and response.
    In this session, you will learn how to:
    •Determine whether advanced adversaries have gained a foothold in your organization without using malware
    •Identify and observe adversary’s lateral movement to understand what they want and who they are targeting in your organization
    •Gain the ability to record and reconstruct an incident completely to understand what systems and data the adversary has touched
  • The Importance of Achieving True Endpoint Visibility Recorded: Oct 19 2015 7 mins
    Elia Zaitsev, CrowdStrike Security Architect
    Learn why true endpoint visibility is so important and what blind spots you may have. We will also show you how Falcon Host provides you with true end-to-end visibility into endpoint activity on your network, allowing you to keep adversaries out of your environment. In this video, CrowdStrike Principal Security Architect Elia Zaitsev demonstrates how Falcon Host eliminates blind spots in your endpoint monitoring, providing you with the speed, scale, detail and context you need to secure your networks against even the most advanced attacks.
Insightful, education and actionable content for security teams
CrowdStrike™ is a leading provider of next-generation endpoint protection, threat intelligence, and pre- and post incident response services. CrowdStrike Falcon is the first true Software as a Service (SaaS) based platform for next-generation endpoint protection that detects, prevents, and responds to attacks, at any stage - even malware-free intrusions.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Beyond Malware: How to Detect and Respond to Malware-Free Intrusions
  • Live at: Oct 28 2015 3:00 pm
  • Presented by: Dmitri Alperovitch, CTO and Cofounder; CrowdStrike and Elia Zaitsev, Principal Solutions Architect; CrowdStrike
  • From:
Your email has been sent.
or close