Name: A Day in the Life of a Threat Analyst – A Technical Case Study on Attribution
Start: 2017-09-12T13:00:00Z
End: 2017-09-12T13:00:59.000Z
Location: BrightTALK
Rating: 4.4

Cyber Management Alliance presents an exciting series of interviews with International Cyber Security Leaders. Want to know what they look for when hiring for their teams? Want to know the secrets to their success and what keeps them awake at night? Theses exclusive interviews are presented by industry thought leader and Chair of ISACA's UK Security Advisory Group and Global CISO Amar Singh. Series but humours and light hearted interviews. See the leading figures in Cyber Security like you've never seen them before. From Eugene Kaspersky to CTO HP Enterprise and CTO of Intel Security we have an amazing line up. Subscribe for updates.

New and stringent guidelines on Incident Reporting and the ever-rising threat of cyber crime has made Incident Response a top priority for almost everyone. But while others seem to articulate the importance of an IR Plan with impressive lucidity and talk of how useful their template is, are you struggling to even get started? 

Do you feel your organisation and you are still lagging behind in bringing an effective IR plan to life? If your answer is yes, then you’ve come to the right place! 

Join us as we show you how to actually start and complete your Incident Response Plan template in 45 minutes! More importantly, we’ll discuss how to really create a plan that will help your business identify, contain and mitigate a real-life incident. 

Why Us? As creators of the UK’s NCSC Assured Training in Cyber Incident Planning and Response, we are experts on the subject. We’ve helped numerous organisations get their IR plans off the ground and achieve better Incident Response capabilities, timelines and processes. Let us help YOU now.        

What will you learn in this  workshop?

- The importance of a Cyber Incident Response Plan.
- The components of a good Cyber Incident Response Plan.
- How to actually create and complete a Cyber Incident Response Plan template.
- How to test and update a Cyber IR Plan.

Intended Workshop Outcomes: By the end of the workshop, you will be able to:

- Understand and explain the importance of an Incident Response Plan.
- Identify and incorporate the components of an IR plan based on NIST guidance.
- Create an effective and fit-for-purpose Cyber Incident Response plan.
- Test and update your existing Incident Response Plan if you already have one.

Live workshop: Creating a Cyber Incident Response Plan

Cyber Management Alliance is the creator of the globally-renowned NCSC-Certified Cyber Incident Planning & Response course. This training, created by experts, can help you improve your organisational cyber resilience & your ability to respond to a cyber-attack. 

Understand your organisational threat landscape & enhance your ability to respond to those threats and risks with our NCSC-certified Cyber Incident Planning & Response training course. Reduce your time to detect & respond to cyber-attacks and implement NIST’s Incident Response Framework. Find out more about how our globally-recognised training can help bolster your organisational cyber resilience in this video. 

19 course modules, interactive exercises, educational learning material like worksheets, mind maps, checklists and immediately usable templates. Our NCSC-Certified Cyber Incident Planning & Response course is globally-recognised and acknowledged as extremely effective by senior leaders and management teams. Interested in learning more? Check out this video & understand how it can help you improve your resilience to cyber attacks.

NCSC-Certified Cyber Incident Planning and Response Training Course

Join us to as we untangle the reality behind one of most intriguing outages in recent history. 

Even if you were in a cave and under a rock in the cave in the middle of nowhere, there is no doubt you would have heard about the Facebook outage. Almost SIX hours of NO Facebook, Instagram and WhatsApp meant that a significant portion of humanity suddenly had a massive amount of time for their families. 

Jokes aside, the outage cost FB a lot. Conservative estimates put the loss at several billion US dollars, if not more. 

This is NOT a FB bashing webinar. The fact is this type of an outage does happen and can happen to any organisation. In addition a complete and catastrophic outage could mean the end of your business OR in the best case, a significant impact to your bottomline. 

Join Amar Singh and Dawid Kowalski, Senior Technical Technical Director, EMEA, FireMon, as they
- Unpack what happened at FB, 
- Argue why the Facebook outage should be perceived as a “good outage”
- Discuss tangible and tactical actions you can take to avoid the same fate.

What You Don’t Know About FACEBOOK’s Outage

What makes this attack so unique and pervasive? What does the attack methodology look like when we piece it all together?  These are the questions we’ve all been seeking answers to as a community. 

Staying true to its commitment of continuously building educational resources for the community, Cyber Management Alliance is embarking on a journey to unpack the hidden lessons in Solorigate. 

Join IronNet's Joel Bork and Cyber Management Alliance's Amar Singh as they assess where we all stand in the aftermath of one of the most massive and advanced cyber-attacks the world has ever seen and unravel how to work on our collective defense. 

In the first of a series of webinars, we’ll be:
- Reviewing what really happened (yes, the stuff you probably won't read too often)
- How Joel and his team actually detected the early signs of this attack before many others! 
- Sadly, why this is NOT the last time you will see these type of advanced attacks.

Register now for what promises to be an exciting, educational and perhaps eye-opening 45 minutes for many.

What Really Happened in the SolarWinds Cyber-attack?

For most enterprises, the Security Operations Center (SOC) has never been able to keep up with the speed of innovation. The cloud transformation has further exacerbated the gap between what attackers see and what defenders know. Customers across the board have shared the challenges –

- Too many vendors, data sources, alerts, and false positives
- A never-ending talent shortage and lack of cloud expertise
 - The rise of ransomware and highly capable attackers

While Google and other industry-leading Security Operations teams have resilient infrastructure and hyper-active defense capabilities, this has been far from reality for the majority of enterprises. In this session, Iman Ghanizada (Global Security Solutions Manager, Google), Jeremy Hehl (VP of Business Development, CYDERES), and Erik Gomez (Associate CTO, SADA) join forces to discuss a tangible path to modernize your SOC through the new, Autonomic Security Operations approach.

How to Modernize the SOC with Autonomic Security Operations

Whether you are migrating workloads to the cloud or developing new applications, securing multiple assets follows much the same path. You must consider management of access and connectivity as well as demonstrate an adherence to multiple directives – whether compliance or business mandates. Without full visibility of all possible controls, it is difficult to completely understand connectivity and access risks both at the perimeter and “inside” the cloud.  As Cloud and Security teams seek to balance agility with security, the value of security policy management has proven critical to timely and successful deployment:
 
- Understand current and future security risks
- Build repeatable (and automated) processes 
- Articulate guidance for deployment
- Ensure end-to-end visibility across the migration/development lifecycle
 
These considerations will drive alignment across the organization as you seek to programmatically control risk with comprehensive security policies -- and get to production quickly.  Join Sattwik Gavil, Jonathan Campbell and Amar Singh for a live walkthrough of the insights and technology that supports this path.


Sattwik Gavli is the Director of Cloud Products at Tufin.  Prior to working at Tufin, Sattwik helped enterprises with their digital transformation journey in the cloud while working for companies like Oracle, Ribbon Communications, and most recently for a cloud-native security startup, Privafy Inc. At Tufin, Gavli continues to work with Fortune 1000 companies to accelerate their adoption of security policy management in cloud.
 
Jonathan Campbell is a highly experienced product manager with a wealth of knowledge in the security industry from Public Cloud and DevOps to traditional firewalling and networking.

Cloud Adoption & Migration: Making Security a Priority in your Strategy

4 facts you need to know. 

- Misconfigurations are a major root cause of cyber-attacks.
- Manual changes within complex infrastructure often lead to these misconfigurations.
- Compound that with emergency changes made during critical events, a major contributor to misconfigurations and cyber-attacks.
- Your current security policies are being breached regularly and its humanly impossible to enforce those policy violations without automation. 

For increased certainty that your network and cloud infrastructure are mitigated against the calamitous ability of the human, you need to implement automated and hyper-speed change management along with security orchestration.

This is not another webinar about SOAR! Rather, we are going to discuss: 

- What true automated change management means.
- How you can implement and automate your network and cloud security activities.
- Implementing policy based controls that match your requirements, ensuring both hyper and accurate change management.
- How you detect and remediate catastrophic emergency changes that are often made with little attention to risk exposure. 

Join our special guests Hadas Lahav and Sagi Bar-Zvi on this webinar as they explain what you can do and more importantly how you can implement fully automatic policy based security orchestration for your infrastructure.

Hadas Lahav is the Director of Product Management for Automation Products, and is leading Tufin’s SecureChange and SecureApp products. Hadas joined Tufin 3.5 years ago, and prior to that served in senior product management and product development positions at top security and service companies.
 
Sagi Bar-Zvi is Tufin’s Global Strategic Pre-Sales Manager. He oversees global strategic projects from conception to completion. Being with Tufin for many years, Sagi started in Tufin’s RnD and then moved to the states to act as a Lead Solutions Architect in the Americas.

How to Break Automatic Policy Enforcement in Network Security

The good attackers are really lazy, but in a good way! They automate every possible activity to ensure an error free successful attack, and one of the steps they automate is discovery. They need an entry point to your organisation, and they are constantly scanning the internet for that one open door to get in.

The question is: Are you continuously scanning the internet to discover the doors you have open before the attackers do? Attack Surface Management is the act of continuously scanning and monitoring the web to discover your organisation's exploitable assets and mitigating those vulnerabilities.

Join Dr. Marshall Kuypers and Amar Singh as they discuss how to effectively manage your internet attack surface and why this activity should be in the top three things to do on your priority list.

Dr. Marshall Kuypers received his doctorate from Stanford, focusing on data-driven methods for quantifying cyber risk. Marshall was a fellow at the Center for International Security and Cooperation (CISAC) from 2014-2016 where he worked on projects ranging from policy to technical matters in computer security. Marshall has also modeled cyber risk for the Jet Propulsion Lab, and assessed supply chain risk in cyber systems with Sandia National Labs. He was also the Co-President of the Stanford Complexity Group while at Stanford.

Managing the Weakest Link in the Cyber Attack Workflow

Designing an incident response plan may seem like an easy task. Most people will download a template assuming it’s the best way to create a response plan.

What do most templates do? Most templates will tell you to 'chuck it all in the plan', including the 'kitchen sink'. Most templates, when filled in, equal to 50 - 100 pages..

Guess what folks. No one ever reads the cyber incident response plan before the actual incident! No surprise there. Imagine having to land a plane on the Hudson. You have 60 seconds to read 100 pages. Not workable is it?

There is a better way.

Join us as we show you how to design and then test your Cyber Incident Response Plans. We also will share 5 key components you should focus when creating your cyber incident response plan.

You also get EXCLUSIVE access to our Cyber Incident Response Plan Template that you can use immediately.

Designing and Testing Cyber Incident Response Plans Part-1

If you want to kill someone, the easiest way is to attack the heart. When cyber-criminals want to unleash a fatal attack on your organisation, they go for the Active Directory!

During the webinar, we will demonstrate how attackers are using Active Directory misconfigurations to spread ransomware inside the organisation, and ultimately take control of your data. We will expose the most common techniques attackers use to infect the first PC, catch credentials, move laterally to other machines, and take control of Active Directory.

The session will focus on actual demonstration, not just a boring slide deck – you will learn first hand about primo-infection, lateral movement, and privilege escalation. We will reveal the main counter strikes and what accurate defence mechanisms are efficient to deploy inside your organisation.

How to Hack Any Active Directory in One Hour!

The new normal, that of working from anywhere, is starting to significantly impact organisations and their governance, compliance and information security postures. 

Fact: If you had 10,000 staff working from one office today you have 10,000 remote-offices!
Fact: You still remain 100% responsible and liable for a data-breach or other non-compliance activities!

To say that the size of the threat and resulting risks has grown thousandfold is an understatement with the normal creating the largest ever data-sprawl risk we have ever seen. In addition, the CISO, the compliance and governance officers are going to have to deal with constantly growing threats like 

- Cross contamination of corporate data & personal data.
- The decreased ability to manage corporate IT assets with rigour and diligence. 
- Data Spillages & Data theft: Accidental or by cyber-criminals.

Join Amar Singh and Fredrik Forslund as they share their experience and knowledge on how to: 

- Ensure cyber-criminals are unable to read ANY data from your corporate hard drives
- Ensure you have 100% compliant data sanitisation across the organisation.
- Conduct REMOTE data cleansing across every 'remote-office'

Fredrik Forslund, VP, Enterprise and Cloud Erasure Solutions, is a member of the Blancco global leadership team. With more than 20 years industry experience, he previously founded SafeIT Security in Sweden, a security software company now a part of the Blancco Technology Group. 

Amar Singh is the CEO and co-founder of Cyber Management Alliance Ltd and a practising Chief Information Security Officer and creator multiple UK Government certified training courses.

How to Ensure your Corporate Data is Unreadable by Cyber Criminals

These are the 3 major requirements when designing a WiFi network:

• DESIGN: The WiFi network must be efficient and error-free. At all times.
• MANAGEMENT: The WiFi Access points & network must be super-easy to manage. From
anywhere.
• AUTOMATION: You must be able to automate every aspect of the management and security. No excuses.

Join Paul Melvin from IGXGlobal and Neil Goddard from Juniper Networks as they take you through this educational session on how to transform your network with a modern microservices cloud architecture and inline engine that provides unprecedented scale, agility, insight, and automation.

We’ll cover the following:

- How to design an API based, highly scalable WiFi network.
- How to automate large-scale deployment of APs - create 500 sites in 5 minutes!
- How to apply business logic using APIs - a must see.
- How you can authenticate a user’s IoT device like a Point of Sale machine with secure corporate credentials and create a group pre-shared key - facilitating either a “home from home” experience, or segregation of device types.

In addition to the above, Mist Systems will run a live demos on how to use APIs to interact with your WiFi devices and how to integrate IoT device management directly from your WiFi device.

Designing an API based, Enterprise-ready WiFi Network

One of the biggest challenges in building a cyber resilient organisation is the ability to rapidly detect and even more importantly, rapidly respond to a malicious confirmed cyber-attack.

Here is a question? Can your cybersecurity toolset detect a sophisticated attack and take a calculated, automatic and immediate (stress on immediate, say between 0-10 seconds max) mitigating response?

Karsten Desler set out to create just that. He wanted to create a solution based on proven machine learning algorithms that can continuously learn and analyse malicious traffic and automatically take corrective action, with no human interaction.

Is this really possible or hyperbole?

Join Amar Singh as posts this question to the co-founder of Link11 company. Karsten is the chief developer who designed and produced the technology behind Link11.

We will also be joined by Joss Penfold, Regional Director UK & Ireland, Link11.

Creating the Fastest Cyber-Attack Response Tool Using Machine Learning

Cyber Management Alliance and Palo Alto Networks have earlier shed extensive light on SOAR - Security, Orchestration, Automation  & Response and their platform that plugs in critical gaps in the incident response lifecycle.

Now, it’s time to pull out the stops and share the unusual, the strange, the unexpected. Because when it comes to security & network operations, there’s always room to reduce the boring, repetitive tasks that sap the life out of your day.

Need some examples? Here's what you can expect: 
- How to build a playbook to automate on-boarding and off-boarding of employees;
- Better manage your physical security; 
- Semi-automating remediation tasks (with strict workflows)
- Getting married and need to send out invitations? Believe it or not, we can do that too, and much more…


Join Patrick Bayle from Palo Alto and Amar Singh from Cyber Management Alliance Ltd as they review the possibility of Orchestration and how it can help you in increasing your cyber resilience posture. 

Patrick Bayle CISM CISSP, Senior Systems Engineer @ Cortex (a Palo Alto Networks company) spent his first ten years of employment working on the security front line for one of the largest financial institutions in the world.

Unexpected Security Orchestration (SOAR) Use Cases

How to Extend your Enterprise to All Staff with one Single Click & other operational strategies to secure your Staff Connectivity.

Large scale and regular remote working poses unique operational and security challenges that need a new and optimised approach. The question is NO longer about remote working.  The question is can you

- Safely segregate your corporate data from your staff's personal digital artefacts.
- Protect your corporate data from compromised home wifi
- Proactively troubleshoot and resolve connectivity issues fully remotely. Quick.
- Ensure that your staff can safely work from anywhere NOT just the home.

Join Jan Van de Laer and Amar Singh as they discuss the challenges, the threats and importantly

- Give you a live demo of how the ZERO Touch configuration and remote troubleshooting works.
- How REAL Machine Learning helps in keeping remote staff safe and secure whilst vastly reducing the support burden on technical staff.
- The simple and easy to implement steps to greatly reduce the current risk of remote working.

Extending your Enterprise Network to All Staff - with a Single Click

An Insider's Story on How One Company Created a Treasure Trove of Threat Intelligence. 

Join us to hear the details of Mimecast, a company that is synonymous with email security, ended up building one of the world's largest repository of security threat intelligence. Malware, ransomware, word or excel documents. You name the threat vector the chances are they have seen it. 

We all know that good and timely threat intelligence is one and very effective way to try to keep up with the cyber criminal.  However, there are three major challenges when it comes to good quality threat intel

- Sourcing: You need to have a reliable source 
- Scale: Especially when it comes to automated threat-intel, the larger the footprint of the source the better (we will explain more on this during the webinar)
- Credibility: As it implies, you need to know that the provider has credibility and integrity 

Join the webinar to listen to Anoop Das who shares how Mimecast built and maintains this treasure trove of threat intelligence.

How to Build & Maintain One of the World's Largest Threat Intel Repositories

Despite significant investments in security,  many organisations are still grappling with building a strong cyber-resilient business. Amongst their top challenges; How can they can be more effective in building the awareness and employee behaviours required to be more resilient to growing cyber-attacks.

Join us to hear about the awareness training journey a large organisation with 80,000 staff has been on, the challenges they’ve faced and the lessons they’ve learnt. What can we learn from their experience to enhance our own campaigns? 

In addition during this webinar we will :
Join us as we

---> Share practical real-world examples and a blueprint for showing how your cyber awareness training could work based on a set of evidence-based principles.

---> Corporate learning in the digital age needs to enable and support behaviour change and we will assess the ways in which immersive training and active employee engagement can form the backbone of your cyber awareness blueprint. 

--> Assess ways in which we can start to re-wire our ‘human operating systems’ – helping to ensure we help our employees become our most effective defence rather than just hoping they don’t make simple mistakes. Mistakes that our adversaries are counting on us to make. 

The Panellists:

- Stuart Coulson, Director, HiddenText 
- Nick Wilding, General Manager, Cyber Resilience, AXELOS and Head of RESILIA
- Amar Singh, Founder and CEO, Cyber Management Alliance

Rebooting security awareness: from hygiene to resilience

Businesses are facing specific threats that include 

- Vastly dispersed offices, across multiple continents
- Increasingly erratic (even called flexible) work patterns
- Ever increasing threats from the wild-west cyberspace 

SD-WAN is proposed as a technology that can solve the above and more but there are several obstacles that you need to be aware of before you embrace this technology. 

Join us on this educational webinar on SD-WAN as we discuss the challenges and opportunities offered by this technology and what you can do to decrease your risk exposure. 

The panelists on this webinar: 

Amar Singh, CEO, Cyber Management Alliance
Lee Dolson, Director of Engineering, ZSCALER

Four Security Hurdles with SD-WAN

Threat actors are devious and persistent to say the least. Consequently, the practice of threat analysis requires a similar mindset of unrelenting determination and doggedness. Join Steve Miller and Amar Singh as they share a glimpse of this exciting world and examine the various toolsets, methodologies and processes employed by threat analysts to ask and answer complicated questions about cyber threats. We will preview a day in the life of a threat intelligence analyst in the context of incident and malware attribution.
 
This technical webinar will cover:

* . Role of an intelligence analyst
* . Typical challenges and questions
* . Tools and processes used to find answers
* . Case study on attributing an intrusion set

Amar Singh is a globally recognised CISO and trusted advisor to FTSE 100 and other organisations.  He also is the founder of Cyber Management Alliance Ltd, Give01Day and Wisdom of Crowds.

Steve Miller is an incident response professional and a threat intelligence analyst at Anomali.  Steve came to Anomali from Mandiant, where he built security operations centers around the world, conducted hundreds of intrusion investigations and, of course, chased down a lot of evil – work that directly led to the discovery of tons of new zero-days, APT malware families, and targeted attack campaigns.

Prior to joining Mandiant, Steve conducted research and special projects for federal government agencies the U.S. Department of Homeland Security and the U.S. Department of State.

A Day in the Life of a Threat Analyst – A Technical Case Study on Attribution

threat

intelligence

incident

response

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful finance management insights for your business. Connect with experts and colleagues to get the most up-to-date knowledge that will help you to determine which financial factors build or erode value in your organization.

CFO Strategy

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

A Day in the Life of a Threat Analyst – A Technical Case Study on Attribution

Presented by

About this talk

More from this channel