Hi [[ session.user.profile.firstName ]]

From the Front Lines: Practical Application of DNS Threat Intel Data

Security teams today are compelled to make fast, and accurate decisions about which threats present the highest risk to their organization, and how to defend against them. As attacks and attackers continue to evolve, security professionals have the opportunity to leverage breadcrumbs from DNS and Domain data to craft an active defense.

In this webinar, Robert M. Lee of Dragos Security LLC provided a thorough analysis of BlackEnergy 2/3 while Tim Helming of DomainTools walked through why adversary analysis matters, and how to triage indicators and asses threats.

In this webcast, we covered:

How DNS intelligence exposed the attack infrastructure behind one of the most sophisticated ICS (Industrial Control Systems) malware families;
Other examples of breaches and attack scenarios where domain profile information could have helped detect or prevent the attacks;
Specific indicators of attack and potential compromise that can be found in DNS, both internally and externally;
Ways to better defend against attacks and data exfiltration using DNS and large-scale threat intelligence.

Guest Speaker
Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos Security LLC where he has a passion for control system traffic analysis, incident response, and threat intelligence research. He is a SANS Certified Instructor and the course author of a multitude of SANS courses. Robert is also a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode's Influencers, awarded EnergySec's 2015 Cyber Security Professional of the Year, and named to the 2016 Forbes' 30 Under 30 list.
Recorded Jul 14 2016 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tim Helming and Robert M. Lee
Presentation preview: From the Front Lines: Practical Application of DNS Threat Intel Data

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Get to Know DomainTools PhishEye Recorded: Nov 10 2016 58 mins
    Tim Helming
    Phishing and other cybercrime campaigns often use deceptive domain names to accomplish their nefarious goals. These look alike domains can allow criminals to pose as employees or partners by spoofing email addresses, or to create deceptive links for the victim to click on. Phishing is the most often-used vector in successful data breaches; it targets an organization’s employees, its customers, or the world at large, with alarming effectiveness. Fake website and phishing scams cost the average-sized organization nearly $4 million annually. Prevention is key and starts with monitoring the Internet for “phishy” domain name registrations.

    Prior to the release of PhishEye, phishing domain searching was typically available only via custom tools built by security teams themselves. PhishEye automates this painful manual process by showing you existing and new domains that spoof legitimate brand, product, organization, or other names, so that you can carry out defensive or investigative actions against them.

    You will learn:

    -How to move from reactive to proactive, by identifying dangerous domains before they cause harm
    -Ways to disrupt spearphishing, such as business email compromise attacks, by blocking look-alike domains before the attacker uses them
    -Strategies to mitigate or prevent brand damage caused by illegitimate domains
  • Seeing Over the Horizon: Predictive and Preventive Security Based on the Kill-Ch Recorded: Nov 7 2016 62 mins
    Tim Helming and Mike Cloppert
    The Kill Chain model is a useful way to understand how adversaries are able to compromise their victims. During the earliest stages of preparation for an attack, the reconnaissance phase, attackers have not yet breached the victim environment, but they are, in fact, leaving subtle clues behind. These clues can be detected and enriched to help an organization prepare defenses ahead of the first directly invasive move by the adversary.

    In this recorded webinar, you will learn:

    -The 7 steps of the cyber kill chain
    -Prepare defenses ahead of the first directly invasive move by the adversary
    -How DomainTools data and tools enable you to apply this strategy to your own organization

    Guest Speaker - Mike Cloppert

    Michael has worked as a security analyst in various sectors including the Financial, Federal Government, and Defense industries. He has an undergraduate degree in Computer Engineering from the University of Dayton, an MS in Computer Science from The George Washington University, has received a variety of industry certifications including SANS GCIA, GREM, and GCFA, and is a SANS Forensics and IR blog contributor. Michael's past speaking engagements include the DC3 Cybercrime Conference, IEEE, and SANS amongst various others.
  • Finding Quick Wins in Cybercrime Investigations Recorded: Sep 21 2016 63 mins
    Tim Helming, Director, Product Management at DomainTools and Jeff Pollard, Principal Analyst at Forrester Research
    Most analysts or threat hunters who have multiple investigations under their belts are familiar with frustrating dead ends, or lengthy time investments. However, new tools and techniques are making it easier to establish “quick wins” that pay off in helping defend your organization.

    Join Tim Helming of DomainTools and guest speaker Jeff Pollard of Forrester to:

    - Discover keys to completing a successful investigation
    - Improve your defensive posture and demonstrate value up the org chart
    - Help answer the difficult question of how to know when you have reached the end of the investigation
    - Learn to apply these concepts to real world threat hunting scenarios
  • Applying the Scientific Method to Threat Intelligence Recorded: Jul 28 2016 64 mins
    Tim Helming, Director of Product Management, DomainTools
    It has been said that there are two types of companies: those who have discovered they have been breached, and those who have not discovered it yet. Although unsettling, this rationale is conducive to constructing a healthy attitude towards your organization’s’ security practices. This hour long webinar will help guide your security process to protect your organization’s most valuable assets by applying the scientific method—specifically, forming and testing hypotheses about potential incursions, and then acting upon the results.
    In this webinar, you will learn:

    1. How to apply a hypothesis-driven approach to security activities
    2. Applying this mindset across time past, present and future—to enhance defenses
    3. How DomainTools data and tools enable you to apply this strategy to your own organization
  • Malware Analysis and Adversary Infrastructure Mapping: A One-Two Punch Recorded: Jul 14 2016 61 mins
    Tim Helming and Alissa Torres
    Webinar: Malware Analysis and Adversary Infrastructure Mapping: A One-Two Punch

    When it comes to threat hunting, incident response, and other related activities, some sources of analysis and data are critical. Two of these are malware analysis and adversary infrastructure mapping. Each discipline is valuable on its own, but when combined, they can give your team extraordinary advantages in containing or blocking aggressive threat actors. Join SANS forensic expert Alissa Torres and DomainTools Director of Product Management Tim Helming to learn more about how you can apply these techniques to your own hunting, IR, and prevention strategies.

    In this recorded webinar, you will learn:

    How to map out adversary infrastructure using domain and DNS data
    Malware analysis strategies
    How DomainTools data and tools enable you to apply this strategy to your own organization

    Guest Speaker - Alissa Torres
    Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.
  • Where Badness Lurks Recorded: Jul 14 2016 58 mins
    Tim Helming
    Webinar: Where Badness Lurks

    Learn how large-scale analysis of domain profile data can show “hotspots” of malicious domains, as illustrated in the Spring 2016 edition of The DomainTools Report. In previous editions of the DomainTools Report, we examined attributes such as top level domain (TLD), Whois privacy providers, and registration behaviors of domain registrants strongly connected to high-volume malicious activity. In the 2016 Edition, we look at a new set of attributes to highlight other areas “where badness lurks.”

    In this recorded webinar, you will learn:

    Why and how OSINT can be of value to your organization
    Whether young domains are more dangerous than older ones
    The distribution of malicious domains across 3 other attributes
    Real world application of similar techniques to protect your network
  • From the Front Lines: Practical Application of DNS Threat Intel Data Recorded: Jul 14 2016 62 mins
    Tim Helming and Robert M. Lee
    Security teams today are compelled to make fast, and accurate decisions about which threats present the highest risk to their organization, and how to defend against them. As attacks and attackers continue to evolve, security professionals have the opportunity to leverage breadcrumbs from DNS and Domain data to craft an active defense.

    In this webinar, Robert M. Lee of Dragos Security LLC provided a thorough analysis of BlackEnergy 2/3 while Tim Helming of DomainTools walked through why adversary analysis matters, and how to triage indicators and asses threats.

    In this webcast, we covered:

    How DNS intelligence exposed the attack infrastructure behind one of the most sophisticated ICS (Industrial Control Systems) malware families;
    Other examples of breaches and attack scenarios where domain profile information could have helped detect or prevent the attacks;
    Specific indicators of attack and potential compromise that can be found in DNS, both internally and externally;
    Ways to better defend against attacks and data exfiltration using DNS and large-scale threat intelligence.

    Guest Speaker
    Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos Security LLC where he has a passion for control system traffic analysis, incident response, and threat intelligence research. He is a SANS Certified Instructor and the course author of a multitude of SANS courses. Robert is also a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode's Influencers, awarded EnergySec's 2015 Cyber Security Professional of the Year, and named to the 2016 Forbes' 30 Under 30 list.
See Threats Coming
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on Twitter:@domaintools

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: From the Front Lines: Practical Application of DNS Threat Intel Data
  • Live at: Jul 14 2016 7:10 pm
  • Presented by: Tim Helming and Robert M. Lee
  • From:
Your email has been sent.
or close