Name: Seattle Children's Gains Complete Citrix VDI Visibility with ExtraHop
Start: 2016-09-12T16:10:00Z
End: 2016-09-12T16:12:40.000Z
Location: BrightTALK

The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster.

Learn more at www.extrahop.com

On February 25, 2022, two days after Russia began its military invasion of Ukraine, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued a rare Shields Up warning for U.S.-based organizations, stating: “Every organization—large and small—must be prepared to respond to disruptive cyber activity.” CISA was not alone. Cybersecurity agencies around the world issued similar guidance, urging public and private organizations to take immediate steps to harden their cybersecurity posture and to take steps to support and enable security teams from the top down.

In this exclusive special edition of Man X Machine, John Zangardi former DHS, DoD, and Navy CIO, will join Samir Kapuria of Crosspoint Capital Partners and others to talk about the convergence of geopolitical and technological forces that led to this moment—and how they will shape the future of cyberwarfare.

Man x Machine: Shields Up

Whether you were born in the cloud, or a well-established company with an innovative approach, every enterprise holds some degree of risk. What sets enterprises apart is their management of and resilience against that risk. Join this interactive workshop for an informative conversation on how to uncover how much and what types of risk you hold, where risk is likely to grow in the future, and the risk-reduction strategies that will have the highest return on investment for your team and enterprise.

Risk Understanding Workshop: Reduce Risk and Build Resilience in the Enterprise

CISA says, get ready for more ransomware. But investments in anti-intrusion technologies alone, such as IAM, EDR, and more phishing training haven't slowed ransomware's frequency or its growing intensity. 

Cyber insurance and frequent backups, although critically important, only offer partial relief after the damage is done as modern ransomware follows a land-and-pivot destruction playbook to ensure you will pay.

Join industry experts to learn why these long-held practices are failing against modern ransomware, and how to successfully defeat ransomware threats.

Shields Up: Ransomware Myths Debunked Before It's Too Late

Data Staging and Data Exfiltration are common activities used in today's ransomware playbooks. Data Staging is a combination of locating the data the attackers want to exfiltrate and then bringing all the parts together into a single repository. Data Exfiltration involves disguising the activities to steal confidential data out of the organization's environment. This webcast will demonstrate what such an attack looks like as it unfolds and what security teams can do to thwart these tactics.

SHUTTING DOWN DATA STAGING AND DATA EXFILTRATION ATTACKS

The state of cloud security is evolving. Many organizations are implementing new and more advanced cloud security services that offer cloud-focused controls and capabilities, including services and tools that provide network connectivity and security for end users and office locations, security monitoring and policy controls, and identity services, among others.

The SANS 2022 Cloud Security Survey explores the types of services organizations are using, what types of controls and tools provide the most value, and how effective cloud security brokering is for a range of use cases. The survey focuses on:

Cloud security skills gaps and requirements
Cloud security automation
Cloud security operations guardrails, tools, and processes
Cloud security threats and incidents

SANS 2022 Cloud Security Survey

The years 2020 and 2021 were undoubtedly the years of ransomware. Threat actors wasted no time taking advantage of the chaos caused by the COVID-19 pandemic, launching attacks that netted millions (if not billions) of dollars in extortion fees and leaked a record amount of data from victim organizations.

On this webcast, we will look at how ransomware defenses have changed from 2020 through 2022. The webcast will also explore ransomware threat actor changes, current trends, and how to implement defenses against those trends.

Ransomware Defense in 2022

The complexity of the cloud technology landscape creates a perfect place for attackers to hide and can serve as an ideal launchpad for attacks. This year’s hot off the press CSA Top Threats report highlights the 11 most critical threats, risks and vulnerabilities in cloud environments based on insight from 200+ industry experts. Attend this webinar to learn about the leading cloud security issues, why a prevent and protect approach can’t keep up with advanced threats, and how you can implement a post-compromise defense strategy.

Top 11 Threats to Cloud Computing: How to Defend Your Cloud Without Friction

IN THE WAKE
FIVE YEARS AFTER THE NEAR EXTINCTION OF MAERSK

On June 27, 2017, Danish shipping company Maersk, a company responsible for over 15% of the world’s shipping supply, became the highest-profile victim of what remains one of the costliest cyber attacks in history.  The NotPetya malware hit thousands of organizations around the world with stunning speed. Thanks to a single server in Ghana that was offline as the attack spread, the team at Maersk was able to restart a 50 billion dollar company, pulling off one of the most stunning feats of IT recovery in history. Over the course of 10 days, the team at Maersk re-imaged 4,000 servers, 45,000 PCs, and reinstalled 2,500 applications to restore their operations and keep the global supply chain intact.

In this exclusive event, Andy Jones, former Global CISO at Maersk, will join former Symantec CTO and current RSA Program Committee Chair, Hugh Thompson, to provide an intimate look at one of the most damaging cyber attacks in history––and the lessons that today’s security leaders can draw on to combat a new class of advanced threats.

Man x Machine

Within the MITRE ATT&CK framework, which attacks would you miss by not fully decrypting traffic?  Can fully decrypted traffic help detect attacks sooner? This webcast explores how to use decryption to more accurately detect malicious activity and defend against it.

Why Decryption Matters

Security operations are the epicenter of the cybersecurity industry. SecOps is where the metaphorical rubber meets the road for organizations defending their enterprises. Security Governance Risk & Compliance (SGRC), Security Application Development, Security Engineering, and all respective cybersecurity functions overlap to enable Security Operations Centers to respond to the threat. 

These teams hold the line, 24/7 through nights, weekends, and holidays to defend today's enterprises. Yesterday's SecOps was grounded in perimeter-based approaches to secure data inside an organization. The pandemic has created a technological revolution driving businesses to the cloud as well as evolving IT policies to support globally distributed and remote workforces. The threat has capitalized on this growth and change in business, which drives our need to mature SecOps programs. 

A mature SecOps team operates along with measurable service level agreements, constantly learning from adversaries and proactively mitigating the threat. Maturing SecOps isn't just getting better at defending; it's modernizing with evolving people, processes, and technologies.

This webcast will summarize customer data in three generalized areas: demographics, SecOps architecture, and SecOps priorities.

● Key dynamics of people, processes, and technologies for maturing SecOps

● Investments in maturing SecOps

● Tradeoffs in augmenting the workforce with Security Orchestration Automation & Response

● Most effective measures to defend against ransomware and supply chain attacks

● Tools leveraged to validate the organization's security posture

● Integration of Threat Detection & Response into SecOps workflows

Modernizing Security Operations Survey

For many years, organizations have relied on the MITRE ATT&CK™ framework as a valuable resource to catalog adversary tactics and techniques. The information security community has leveraged ATT&CK to help guide investigations, write robust detections, and enrich threat intelligence. In June 2021, a cooperation between the National Security Agency (NSA) and MITRE released D3FEND, a complementary framework that provides insight into defensive measures for enterprise defense.

This webcast will explore:

How to leverage D3FEND to enhance enterprise security defenses
How to utilize ATT&CK and D3FEND together to detect and counter attacker tactics and techniques
How to incorporate D3FEND countermeasures into your daily *DR workflows
How the security community can give back and make D3FEND even better

ATT&CK™ and D3FEND™: Incorporating Frameworks into Your Analysis & Intelligence

Microsoft Active Directory (AD) is a target-rich environment for malicious actors. Attackers hone in on it because it's widely used and remains backward compatible with many versions of Microsoft Windows and Server environments. This webcast explores the specific techniques they use (DoublePulsar, for example) and how to defend against it via a layered detection approach that evaluates traffic using rules, statistical analysis, and AI to detect malicious activity.

TARGETING MICROSOFT: RANSOMWARE TECHNIQUES AND HOW TO SPOT THEM

With the multiplication of advanced persistent threats, supply chain attacks, and ransomware putting our national security at risk, comprehensive network visibility is a cyber security requirement for U.S. federal agencies.
Recognizing this reality, the Office of Management and Budget (OMB) issued a directive in August 2021 (OMB M-21-31) instructing executive branch departments and agencies to modernize their event logging. These requirements expand on President Biden’s May 2021 Executive Order to ensure the “centralized access and visibility” needed by security operations to accelerate response and remediation of cyber threats.
In this webinar, you’ll hear ExtraHop’s Public Sector team discuss how contextual network data is instrumental in meeting the OMB mandate. You’ll also learn how to accelerate compliance with data collection and retention requirements in a scalable way—including encrypted network traffic.

Modern Security Approaches to Achieving Your Government Logging Mandate

Organizations continue to manage cloud migrations, the challenges of remote working and encrypted communications, the increased data connectivity to external vendors and an expanding range of connected devices, the complexity of the network increases. These changes may enable new business opportunities, but they may also complicate operational support, split existing teams, and ultimately impact security. 

This survey aims to understand the current state of visibility and the challenges that securing an evolving estate brings in modern organizations. How can organizations make better use of network data to detect threats and troubleshoot connectivity problems? In this webcast, we explore the issues and trends facing network and security teams to offer insight into improving security operations and gain a better understanding of how organizations have changed.

Attend this webcast to learn more about the:
Concerns over encrypted traffic
Most commonly used network security tools to detect and investigate threats.
Level of visibility into north-south and east-west traffic.
Confidence in network visibility to detect threats.
Use of network and packet data for detection.
Adoption of automation for visibility, detection, and response.

2021 SANS Network Visibility and Threat Detection Survey

Protecting your resources in the cloud is critical to achieving business goals, but many organizations leave themselves vulnerable by relying almost exclusively on logs or agent-based data. While those tools belong in anyone’s cloud security suite, they also create visibility and coverage gaps, introduce complexity and friction, and reduce security effectiveness.   

To overcome those challenges, many organizations are turning to network data, an often untapped resource for cloud security. Every workload uses the network to communicate, making network data the foundational input for improving visibility, threat detection, and response without slowing down DevOps workflows.   
In this webinar, experts from ESG and ExtraHop will show you: 

• How taking a network-based approach to cloud security fills visibility and coverage gaps while removing friction and reducing complexity.
• Compare network detection and response (NDR) to cloud workload protection platforms (CWPP) 
• Capabilities of ExtraHop Reveal(x) 360, a SaaS-based NDR platform for cloud and hybrid security. 

Register today to join the webinar live or watch on-demand.

Cloud Security: Eliminate Coverage Gaps & Friction with a Network-based Approach

In addition to highlighting trends in vulnerability management, this year's survey digs a little deeper into how cloud and the expanding remote workforce affected the ways in which organizations handle reporting and remediation. On this webcast, sponsor representatives will join the survey author for an analysis of the survey, and share their thoughts on emerging vulnerability management trends.

A SANS 2021 Survey: Vulnerability Mgmt - Impacts on Cloud & the Remote Workforce

Mark Bowling, VP of Security Response Service for ExtraHop, discusses how organizations can significantly improve their incident response (IR) posture by using proven IR frameworks that include NIST CSF and SANS PICERL.

The goal of incident response is to mitigate the impact of a breach as quickly as possible. However, monitoring all of the collected and potential detection information, without intelligent discrimination (filtering), can be overwhelming. Without this insightful perception, understanding of critical events can be limited which leads to negative consequences when every second matters. Security technology, while a great facilitator, is not the whole panacea. Without the knowledge of how to effectively use these tools within an IR framework or process it is difficult to achieve the desired outcomes mandated by boards and stakeholders.

In this session, Mark will lead the listener through the functional categories of proven security frameworks including NIST, ISO and SANs to help them prepare and plan for more effective incident response. The listener will learn how to structure detection processes and policies that lead to effective perception and understanding of incidents that result in fast and comprehensive response and remediation activities. Categories covered will include preparation through recovery and lessons learned with a special emphasis on the identification/detection and analysis functions.

Preparing for incident response using NIST CSF and SANS PICERL

The noise about eXtended Detection and Response (XDR) focuses too much on the market and vendors and not enough on problems security teams must solve. This webcast panel discussion among industry experts will focus on three of the most pressing cybersecurity challenges, why they are hard to solve, and how the right approach to XDR might actually make things better.

THREE XDR USE CASES, HOW TO ACHIEVE THEM

Wes Wright, CIO of Seattle Children's, describes how ExtraHop helped to find the "ghost in the machine" that was slowing down their Citrix VDI deployment. ExtraHop provides real-time ICA analysis as well as correlated visibility for the rest of the Citrix environment. Also speaking is Tim Holt, Senior Director of Enterprise Architecture.

Seattle Children's Gains Complete Citrix VDI Visibility with ExtraHop

Citrix

troubleshooting

visibility

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Seattle Children's Gains Complete Citrix VDI Visibility with ExtraHop

Presented by

About this talk

More from this channel