A Practical Guide to Identifying TTPs With Threat Intelligence
To effectively combat threats to the enterprise, security teams must understand their organization’s adversaries and the attack tools, techniques, and processes (TTPs) they are wont to weaponize. Threat analysts can create that picture for security teams, ultimately providing a set of actionable recommendations for threat management, by piecing together data from the Web that indicates a threat to the enterprise.
During a recent webinar, Levi Gundert, Vice President of Information Security Strategy at Recorded Future, shared research on the latest attacker tools, provide architecture recommendations for organizations looking to strengthen security controls, and help analysts use threat intelligence to more quickly and effectively identify threat trends. Watch this webinar to learn how to:
* Apply methodologies for proactive and strategic source identification and information analysis.
* Understand vendor information sources.
* Prioritize threats in a business context.
* Differentiate between vulnerability management and threat intelligence.
* Use best practices for working with peer teams to test and strengthen security controls.
RecordedJan 28 201649 mins
Your place is confirmed, we'll send you email reminders
Recent FBI warnings and chilling reports of locked systems, data theft, and outages that threaten human safety have many organizations considering their own ransomware risk. Yet in their hunt for “big game” enterprises, threat actors are holding third-party vendors hostage to reach their ultimate targets. One ransomware attack on one supplier is all it takes to set off a devastating ripple effect that can bring an organization to a grinding halt.
In this webinar, Recorded Future experts Allan Liska and Trevor Lyness describe how the rise in ransomware has dramatically changed the third-party risk landscape. Learn how popular ransomware variants like Ryuk and Sodinokibi can be used to take down suppliers and even launch worst-case leapfrog scenarios.
Register now to explore current ransomware trends, deconstruct third-party ransomware attacks, and learn how precision third-party intelligence empowers you to disrupt adversaries and protect your brand.
Malicious command and control families and tools can be tough to keep an eye on. Identifying and monitoring suspicious servers is a tall order. Sometimes "suspicious" hosting providers can turn out to be false positives, and servers that seem innocuous can pose a greater threat than you'd imagine.
Fortunately, we have some fresh insight to keep you up to speed.
Join Recorded Future’s world class intelligence experts in this session for an in-depth review of the findings from our recently completed research report, Adversary Infrastructure Report 2020: A Defender’s View. This will include a first-look at the novel indicators and intelligence not otherwise available in the public domain.
Watch the on-demand session to get an inside look into:
- Key 2020 findings related to over 10,000 unique command and control servers, across more than 80 families
- Best practices for proactive detection, ongoing monitoring, and defense-in-depth approaches to adversary infrastructure
- The 2021 outlook for C2s, and what you can do to stay ahead
The number of vulnerabilities in the financial services industry has increased dramatically in recent years. Banks are especially vulnerable due to the large amounts of personal data they store on customers. Knowing quickly which vulnerabilities pose the greatest risk is imperative.
Listen to hear Pierre, a senior threat intelligence analyst at one of the world's largest banks, as he covers some real-world examples of vulnerability investigations powered by contextualized threat intelligence. Topics include how to:
• Use vulnerability risk scores for more effective patching.
• Track threat actor campaigns and malware variants.
• Get a complete view of the financial services threat landscape.
Jerry Finley, Deputy CSO and Director of Cybersecurity at Relativity
Relativity helps over 170,000 users in more than 40 countries to manage large volumes of data and quickly identify key issues during litigation and internal investigations. Relativity's cloud solution, RelativityOne, offers all the functionality of Relativity in a secure and comprehensive SaaS product. To ensure the safety of all its users, Relativity must put intelligence into all aspects of its security infrastructure.
Listen to hear from Jerry Finley, deputy CSO and director of cybersecurity at Relativity, as he goes through the company’s threat intelligence strategy, including:
• Leveraging threat intelligence in continuous proactive hunting operations.
• Correlating vulnerabilities to known exploits for more effective patching.
• Building a central team of analysts for proactive searching and collaboration.
Rodrigo Bijou, Senior Manager – Cyber Defense Center (CDC), Gap Inc.
With almost 3,200 stores and more than 150,000 employees worldwide, Gap’s security is incredibly complex. To secure its employees, partners, and customers, the company is drawing together insights from numerous sources of threat data, helping the largest specialty retailer in the United States stay ahead of emerging cyberattacks.
Listen to Rodrigo Bijou, senior manager at Gap’s Cyber Defense Center (CDC), explain how the company uses Recorded Future Fusion to:
• Speed up the investigation of indicators through smarter automation.
• Augment workflows in security operations with contextualized threat intelligence.
• See gains in productivity as well as greater confidence in security decisions.
Vince Peeler, Optum and Lauren Zabierek, Recorded Future
The intelligence cycle is a process that follows five steps: direction, collection, processing, analysis and production, and dissemination. This cycle was consequential during the Cold War and into much of the early 21st century. But, does it fit into current cybersecurity processes?
Listen to Vince Peeler, manager of intelligence services – cyber defense at Optum and Lauren Zabierek, senior analyst and manager for the U.S. public sector intelligence services team at Recorded Future to learn:
• Which pieces of the intelligence cycle fit and where.
• The three levels of analysis — strategic, operational, and tactical.
• How to manage the ever-increasing amounts of data.
Allan Liska, Andrei Barysevich, and Juan Andrés Guerrero-Saade (JAGS)
Hear members of the Insikt Group, Recorded Future’s expert team of researchers, provide their insights on recent dark web trends, current events including threat actor activity, and more.
This casual panel offers a unique look into the underground economy and allows you to ask your most pressing questions.
Allan Liska is a senior security architect at Recorded Future. With more than 15 years of experience in information security, Allan has helped countless organizations improve their security posture using more effective intelligence. He is the author of “Building an Intelligence-Led Security Program,” among other topics in cybersecurity.
Andrei Barysevich is the director of advanced collection at Recorded Future. A native Russian speaker, he specializes in threat intelligence on highly restrictive criminal communities. Andrei was previously a private consultant for the FBI's New York Cybercrime field office and has been involved in multiple high-profile international cases resulting in successful convictions of members of crime syndicates.
Juan Andrés Guerrero-Saade (JAGS) is principal security researcher at Recorded Future’s Insikt Group. Previously, he worked at Kaspersky’s GReAT and served as senior cybersecurity and national security advisor to the President of Ecuador. He is the author of “The Ethics and Perils of APT Research: An Unexpected Transition Into Intelligence Brokerage,” among other topics in cybersecurity.
Tim McCreight, Risk Rebels and Chris Pace, Recorded Future
New research shows that the job of cybersecurity staffers is getting far more difficult than it was five years ago. Gone are the days when updating A/V software and applying patches were considered "security." Today's security pros need to be concerned with threat intelligence, threat hunting, far more malicious zero-days and state-sponsored attacks. Today's webcast looks at the challenges today's security team faces, the training necessary today to meet those challenges, and the pressures on the infosec team that might not have existed just a few years ago.
Recent research from analyst group ESG says that 58 percent of organizations have some kind of threat intelligence program, but a reliance on manual processes and disparate tools means many firms struggle to get real value from the intelligence they have. But, this doesn’t have to be the case.
In this webinar, Jon Oltsik, author of the ESG report titled “Operationalizing Threat Intelligence With a Complete Solution” will look at how organizations can better align their threat intelligence capabilities to their pain points and security goals.
Watch the recording now to learn:
• Why security operations is harder now than two years ago.
• What is needed for a valuable threat intelligence solution.
• How to get the most out of your threat intelligence program.
Threat intelligence done right gives you a window into the world of your adversary. But with so many types of threat intelligence services and products available, finding the right one to meet your objectives can be challenging. How do you decide which features are must-haves for your organization?
This webinar will help you answer six key questions at the center of deciding how to invest in a threat intelligence solution. Watch the recording now to find out:
• Why it’s not all about sources — context is key.
• The advantages of integrating threat intelligence with your other security solutions.
• How you can scale your threat intelligence investment over time.
Allan Liska, Threat Intelligence Analyst, Recorded Future
It’s that time when we strive to rid ourselves of old habits and embrace fresh ideas. In security, threat intelligence is certainly seen as one of those fresh ideas. According to Gartner’s recent “Market Guide for Security Threat Intelligence Products and Services,” “One benefit of threat intelligence is that it improves decision making in core security processes, such as incident response and policy enforcement. Better visibility of the threat landscape helps CISOs justify the need for additional resources and understand the problems they encounter.”
In this webinar, Allan Liska, author of “Threat Intelligence in Practice,” will address five practical steps from Gartner’s report to help you make better use of threat intelligence in your organization, including:
• Understanding the threat intelligence lifecycle.
• Knowing the difference between data feeds and threat intelligence.
• Centralizing, customizing, and collaborating with intelligence.
• Integrating with your existing security infrastructure.
• Using vulnerability intelligence to power smarter patching.
Chris Poulin, Principal/Director, Booz Allen Hamilton and Staffan Truvé, CTO and Co-Founder of Recorded Future
Machine learning is no longer just the tool of tech companies. While it is now being baked into most security protection technologies, threat actors are a step ahead — adopting machine learning to conduct increasingly sophisticated attacks, and to circumvent AI-based defenses. In this webinar, Chris Poulin, Principal/Director with Booz Allen Hamilton and Staffan Truvé, CTO and Co-Founder of Recorded Future will show the good and bad of AI and machine-learning technologies, including:
• How the collection and analysis of open source and technical data at unprecedented scale allows proactive decision making.
• What humans can do — but beyond human scalability.
• Examples of successful threat actor campaigns utilizing AI techniques.
Dave Shackleford, SANS and Chris Pace, Recorded Future
There's a common misconception that threat intelligence simply means feeds of indicators just for SOCs or high-level reports only useful to security leaders. The fact is threat intelligence can be a valuable weapon in every part of your information security strategy. In this webinar, we'll take a close look at five different roles generally found within information security organizations: vulnerability management, incident response, security operations, threat analysis, and CISOs. Discover what specific processes and responsibilities are found in each team and how threat intelligence can be integrated into each to improve accuracy and reduce time to action.
Daniel Hoffman, President, SPG and Chris Pace, Technology Advocate, EMEA, Recorded Future
We’ve talked in previous webcasts about what threat intelligence is and how to use it. We complete this series by taking a look forward – what we can expect from the threat intelligence technology and how it will play a part in a company’s overall information security strategy.
Dan Schofield, IBM Security and Glenn Wong, Recorded Future
There are a variety of threat intelligence feeds and services on the market to keep IT organizations up to date on the latest security threats. But many organizations fall short in operationalizing threat intelligence and using it to enhance the effectiveness of their existing security tools.
Recorded Future integrates with IBM's QRadar, Resilient, i2, and X-Force Exchange, so regardless of which part of the IBM Security technology stack you use, getting threat intelligence enrichment collected from open, closed, and technical sources is easily automated. Unlike common open source IP or domain reputation lists, Recorded Future's risk lists include rich context so you can make decisions quickly about suspicious activity and can take action quickly.
Join this webinar for an in-depth look at Recorded Future’s integrations with the IBM Security technology stack and learn how to:
• Rapidly understand true incidents in context.
• Develop processes to quickly analyze and digest threat data.
• Use threat intelligence when it counts most: BEFORE attacks hit.
Henry Canivel, Security Operations Engineer, Splunk and Scott Donnelly, Director of Technical Solutions, Recorded Future
Security operations center (SOC) teams are continually faced with new alerts and events. Security information and event management (SIEM) solutions such as Splunk help by making it easier to collect and analyze data generated by your technology infrastructure, security systems, and business applications. However, working with this volume of data risks SOCs being overloaded and rapidly available and readable information is vital to prioritize how you respond.
See how a pre-integrated solution between Recorded Future and Splunk gives you full context of emerging threats from the widest breadth of open, technical, and dark web sources. Join this webinar to:
• Alleviate alert fatigue and speed decision making with machine and human-analyzed threat context.
• Identify threats already in your system by correlating network traffic with known bad from outside your network.
• Get a live walkthrough of how to utilize real-time threat intelligence in Splunk Enterprise.
John Wetzel, Threat Intelligence Analyst, Recorded Future
Recent Recorded Future research has uncovered financial services insiders selling their services to threat actors in criminal and dark web forums.
You may already be managing and monitoring access to critical systems and data in an effort to secure against insider threats, but external threat intelligence has a role to play in identifying potential rogue employees and their targets.
Join this webinar to learn how you can:
• Expose threat actors in underground forums and criminal marketplaces.
• Monitor for breaches by insiders on paste sites, forums, or code repositories.
• Detect early indications of insider threats, as well as breaches resulting from their actions.
Neal Dennis, Senior ISAC Analyst and Chris Pace, Technology Advocate, EMEA, Recorded Future
A wide range of threat intelligence feeds and services have cropped up to keep IT organizations up to date on the latest security threats. But without mechanisms in place to actually use the information, these alerts provide little benefit.
Attend this webinar and learn how to:
• Identify the threat intelligence sources most valuable — and least valuable — to your security efforts.
• Develop processes to quickly analyze and digest threat data.
• Use threat intelligence when it counts most: BEFORE the attack hits.
Graeme Park Senior Consultant at Mason Advisory and Brian Shorten Chairman, Charities Security Forum
In an age where threats are increasingly orchestrated to target specific organizations, industries, and technologies, a much greater emphasis needs to be on understanding the mind and methods of an attacker.
Gathering and applying relevant intelligence has never been more important, but with so much threat data and so little context available, how is it possible to be confident that you will know and understand the risks that you face, and can proactively defend against them? In this webinar we’ll explain what you can learn by gathering data from varied sources to uncover threat intelligence that’s truly relevant to you.
• Combinations of factors that result in relevant intelligence.
• Examples of how threats target particular industries or technologies.
• How intelligence can be applied for proactive defense.
• How to get the best actionable data from your logs.
Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk. Our technology automatically collects and analyzes information from an unrivaled breadth of sources and provides invaluable context that’s delivered in real time and packaged for human analysis or instant integration with existing security technology.
A Practical Guide to Identifying TTPs With Threat IntelligenceLevi Gundert, Vice President of Information Security Strategy, Recorded Future[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]48 mins