Black Hat Webcast Series - Automated Threat Detection and Response
A survey of 120 Black Hat students across our Black Hat USA and Europe training courses revealed a scary statistic ... Not a single security professional in the training had the in-depth knowledge or skills to effectively carry out an incident response investigation from end-to-end to contain a breach of their organization.
Unfortunately, this is a true representation of the state of the IT security industry today and is the fundamental reason why the bad guys are winning. Whilst we continue to use traditional security strategies, the bad guys will continue to win.
With limited security skills, resources and budgets, the only way that your organization will survive moving forward is to modernize your security capabilities through automated threat detection and response.
We will discuss the problem space in more detail and how you can significantly reduce the cost of a security breach by enhancing your security operations, and streamlining your threat detection, evidence collection, evidence analysis, and automated response for real-time breach containment.
RecordedJan 29 202062 mins
Your place is confirmed, we'll send you email reminders
Jon-Michael Brook, Top Threats Co-chair, CSA & Dan Frey, Sr. Cloud Product Marketer, ExtraHop
The cloud is proven to spur innovation and efficiency, but the speed at which new devices can be added—and new instances spun up—increases risk to data and applications. If you’re concerned about security vulnerabilities in the cloud, you won’t want to miss this conversational deep dive into the Cloud Security Alliance’s annual “Egregious Eleven” report on the top threats to cloud computing.
Register today to learn more about the top threats from security experts at ExtraHop and the Cloud Security Alliance. You’ll get real-world examples of how those threats can affect your business, as well as steps you can take now to strengthen your security posture. You’ll also see how visibility into network traffic and the ability to analyze full packets speeds incident response and helps make you less vulnerable to new and evolving threats.
Karen Crowley, Sr. PMM, ExtraHop, Kurt Skowronek, SE, ExtraHop & Greg Copeland, VP Business Development at Keysight
A lack of visibility into IoT and an inability to monitor unmanaged devices expands your attack surface, posing a threat to the security of your hybrid networks. Because IoT devices can't be instrumented with agents and generate a high volume of data, traditional approaches to security cannot be implemented. With Keysight and ExtraHop, you can discover and monitor all devices in context of the rest of your network , to detect and respond to attacks before they become a breach. Viewers of this webinar will learn:
• How attackers exploit IoT and unmanaged devices to gain unauthorized access.
• How network detection and response and machine learning play a significant role in investigating incidents
• How together ExtraHop and Keysight provide comprehensive visibility into all devices to stop attacks before they cause damage.
The information security industry has experienced a number of innovations around SIEM and Endpoint Detection and Response (EDR) solutions over the past few years. These solutions have included leveraging Machine Learning and Cyber Threat Intelligence into their platforms for higher fidelity as well as better response to emerging and acute threats our industries and agencies face. Even with these advancements we have seen several devastating breaches that do more than damage a company’s brand. Unlike real-asset destruction or theft, when intellectual property is stolen or compromised, the owner is never made whole and its value cannot be recouped. The challenge with EDR and SIEM is that they must be configured or installed and any solution that must be configured or installed can be un-configured and un-installed. Many breaches have involved the evasion of properly installed and configured SIEM and EDR solutions. The covert nature of today’s malware and spyware requires a covert response, one where our adversaries are not aware of its presence. In this session, we will discuss and demo the merits of leading with Network Detection and Response (NDR) and how the use of NDR provides coverage against evasion techniques used by attackers against our existing SIEM/EDR investments. Adding the third pillar of NDR to your security triad will provide the needed stability that has been lacking from the traditional two pronged approach to security and visibility.
In this session, we will discuss the ways in which NDR compliments and in many cases improves the efficacy of your existing investments in SIEM and EDR. We will also discuss the differences in signal intelligence between what is on the wire vs what is in a log. And finally, we will discuss reasons to take a “NDR-first” approach to visibility at scale, high fidelity detections and digital surveillance.
The modern enterprise is a complex web of workloads consisting of hardware, applications, and data spread across edge, core, and cloud deployments. Add in a growing remote workforce, the security challenges only increase. Tools that rely on logs or agents can’t provide Security Operations Centres (SOCs) with the visibility they need to mitigate risk that can derail cloud migration and business transformation initiatives.
During this webinar, AWS and ExtraHop will discuss ways to:
- Apply AWS controls and services to create a security visibility strategy for the cloud
- Deliver an agentless, scalable approach that provides SecOps with unified visibility in a single management page
- Enable AWS customers to take full advantage of network traffic for better cloud visibility, detection and response
Dave Bittner, Host at CyberWire; John Smith, Principal Engineer at ExtraHop & Karen Crowley, Security PMM at ExtraHop
We need to have a real conversation about post-compromise. The accepted reality today is that experiencing a cyber-attack is inevitable. The question is how to stop the attack from escalating into a full-on data breach. Join us for a conversation with CyberWire’s Dave Bittner as we discuss the trends that are complicating the job of security professionals today, including the overnight move to remote work and the acceleration of cloud adoption. We’ll also cover some of the biggest threats to hybrid networks and ways organizations can lower risk now.
Jake Williams, Co-founder of Rendition Infosec // Vince Stross, Principal Security SE
During cybersecurity compromise investigations, incident responders are always asked the question “who did this to us and why?” To the extent that attribution matters in cybersecurity, false flag cyberattacks offer opportunities to misdirect investigators in both dimensions – the who and the why.
In this webcast, we'll demonstrate techniques showing how attackers can plant forensic evidence, misdirecting investigators about their intentions and identities. Armed with this information, forensic investigators and incident responders will (hopefully) be more critical of the information discovered in their cases and dig a little deeper in investigations.
Heather Mahalik, Senior Instructor at SANS; Josh Snow; Security Engineer at ExtraHop; Kyle Walsh, Solution Architect at Datec
Recent, rapid transformations in remote work have been challenging for enterprises, and for some of them, the new work-from-home reality is going to become a permanent adaption for their business. Those that adapted quickly now need to look at keeping their new remote workforces happy and secure for the long haul. Join this webinar to learn about some of the biggest changes businesses have experienced, and how they're working to secure the new shifting and expanding attack surface, including:
- 88% of respondents rely on VPN tunneling for their work, but how are those VPN tunnels secured at scale?
- 30% rely on RDP, a protocol notorious for being abused by attackers. How are businesses assuring that RDP sessions are legitimate, and being used securely?
- Only ~13% of respondents indicated that their organization fully manages webcams in their environment. How are businesses ensuring that sensitive, connected devices and IoT in workers' homes aren't providing a vector for stealthy attackers?
Join Heather Mahalik, SANS Senior Instructor, Author, and Senior Director of Digital Intelligence at Cellebrite and Josh Snow, Security Sales Engineer with ExtraHop to discuss the data from a recent poll about remote working and explore the critical topics on how to adapt to semi-permanent remote work situations at enterprises of every size.
Matt Cauthorn, VP Cyb. Eng, ExtraHop; Caroline Saxon, Dir, Cyber Governance, Global Payments; Andrew Boyle, Booz Allen
We know that integrating security operations (SecOps) and network operations (NetOps) teams can lead to faster response and improved productivity. And in the current situation we find ourselves (with budgets slashed and personnel laid off or furloughed), collaboration and shared visibility between the two teams can help IT and cybersecurity organizations adapt to changing requirements. Integrating the two operations can help you eliminate redundant tools, break down data silos, streamline processes, and optimize your budget. Join Extrahop and (ISC)2 on June 25, 2020 at 1:00PM Eastern for a discussion on why now is a great time to tackle this challenge and how you can go about doing so.
The integration between ExtraHop Reveal(x) and CrowdStrike Falcon Insight merges complete network visibility, machine learning behavioral threat detection and real-time decryption with powerful endpoint security and instant remediation.
Attendees of this webinar will learn directly from ExtraHop and CrowdStrike about how our Fortune 100 customers are already using this recently launched solution, and how the integration can provide enterprise security operations teams with capabilities and immediate value like:
Instant and automated detection, validation, and containment of network threats like ransomware, privilege escalation, and data exfiltration, as well as endpoint threats, for complete attack surface coverage.
Automatic discovery and device identification of everything communicating on the network, including IoT-connected devices, remote connections, devices incompatible with agent installation, and devices impacted by threats where no CrowdStrike agent was yet installed.
Broad MITRE ATT&CK Framework coverage of both network-focused and endpoint-focused tactics, techniques, and procedures.
Rich Mogull, CISO at DisruptOps; Guy Raz, Sr. Systems Engineer at ExtraHop
You’ve heard that DevSecOps is the latest fashion, but what does that actually mean? Is it just a trendy rebranding of what we’ve always done or are there really some new technologies and practices we can use to improve security?
In this session we will blast through a quick review of DevOps and then jump into the 5 steps to integrate effective DevSecOps into your security and DevOps programs. (Hint… it’s all about the code).
In the first quarter of 2020, organizations around the world experienced massive disruption as workforces rapidly transitioned to remote work and operations shifted off-premises. While the first phase of this shift focused primarily on making critical assets available to employees, the next phase will focus on how to enable that model long term and at scale. At the center of that transformation are cloud and IoT.
Join this webinar to learn about Reveal(x) 360 and how ExtraHop’s SaaS offering is natively delivered from the cloud and provides Network Detection and Response capabilities to create faster time to value without management burden. Organizations benefit from unified 360-degree visibility and situational intelligence spanning from the edge (IoT and remote workforce) to the core (data centers and branch offices) to the cloud (AWS, Azure, and Google Cloud) to monitor and respond to actual threats.
Matt Cauthorn, VP Cyb. Engineering, ExtraHop; Karen Crowley, Senior Security Product Manager at ExtraHop Networks
You need complete visibility to protect your organization against threats. But what about rogue or even known enterprise IoT (eIoT) devices?
For most security teams, these devices are either not on their radar or remain an unmonitored vulnerability. This is significant because the next generation of enterprise IoT is becoming more than a group of devices — it has morphed into mission-critical, enterprise-wide services that leverage edge-computing and modern hybrid architectures. eIoT devices pose a threat because they are difficult to manage and are most often an easy point of entry to your network.
This webinar will discuss the challenges the CISOs face today and how eIoT increases overall risk. We will provide guidance for how to gain visibility into eIoT and we will discuss how machine learning can provide the needed context and correlation of all devices to detect threats and improve the overall security posture of your network.
While the cloud may be a force multiplier for DevOps and IT Ops, for security teams, it can be a vulnerability. With SecOps taking the blame for stalled migration efforts, enterprises are recognizing the need to take a cloud-native approach to securing data and workloads rather than trying to retrofit old technology to new cloud security best practices. The cloud is proven to spur innovation and efficiency, but the speed at which new devices can be added—and new instances spun up—increases risk to data and applications. Traditional security tools focused on prevention, or those that rely on agents or logs for analysis, can’t keep up with the speed and scale of the cloud. They leave too many blind spots, add friction to development cycles, and slow down incident response. Without visibility into network traffic and the ability to analyze full packets, organizations are vulnerable to new and evolving threats, and security teams are forced to slow the pace of cloud migration.
Michael Sanders, Cloud Security Engineer at ExtraHop Networks; Matt Bromiley, Digital Forencis and IR Director at SANS
IoT is growing in the enterprise and becoming of greater concern as an unprotected threat vector.
An organization needs to understand if and how enterprise IoT devices like smart TVs, badge scanners, projectors, whiteboards, and printers, as well as unknown rogue devices, have been connected to the network.
- Is your security team aware of every enterprise IoT device that sits in an office, lobby, conference room, or boardroom?
- Have you completed an assessment of the network security risks from unmanaged, nonstandard devices?
- Is there a plan for detecting and responding to malicious traffic if IoT devices are compromised?
This webinar explores the growth of enterprise IoT devices and the implications for incident detection and response. The enterprise device landscape is constantly changing; your information security team must adopt practices to easily adapt.
With the right approach, your team can quickly identify IoT devices for greater visibility to detect and respond to any new threats that come their way.
Sri Sundaralingam - ExtraHop / Shamus McGillicuddy, VP of Research & Network Management at EMA / Lee Chieffalo - Viasat
Strategies for Optimizing Teams, Toolsets, and Budgets
ExtraHop partnered with Dark Reading for a webinar to discuss how as companies tighten their belts, the need for coordination between operations and security has never been more urgent. This webinar explores the state of the relationship between IT Ops and SecOps through an in-depth Dark Reading survey
Sri Sundaralingam, VP of Product and Solutions Marketing, ExtraHop
Lee Chieffalo, Network and Security Engineer, Viasat
Shamus McGillicuddy, VP of Research & Network Management, EMA
Dan Frey and Vince Stross of ExtraHop & Shishir Agrawal and Yang Liang of Google Cloud
The modern enterprise encompasses a complex web of workloads consisting of hardware, applications, and data spread across edge, core, and cloud deployments. Add a growing remote workforce using a wide variety of devices, and the security challenges multiply quickly. With the release of Google Cloud’s Packet Mirroring feature, accessing network packets in VPCs just became much easier. Cloud-native NDR was the missing piece that prevented SecOps from completing Gartner’s SOC Cloud Visibility Triad. Now, enterprises can combine NDR, SIEM, and EDR, enabling SecOps and DevOps to achieve a holistic approach to cloud security and eliminate the risks of misconfiguration, undetected attacks, lateral movement, and data exfiltration.
Join this webinar to experience a presentation and live demo that will show how you can gain complete visibility into traffic traversing your Google Cloud workloads by leveraging Google Cloud’s Packet Mirroring service. During this session, join Dan Frey (Cloud PMM, ExtraHop), Vince Stross (Principal Sales Engineer, ExtraHop), Shishir Agrawal (PM Cloud Networking, Google Cloud), and Yang Liang (PMM, Google Cloud) will present the benefits of adopting a cloud-native approach to Network Detection and Response (NDR) and will share insights about how SecOps and DevOps teams can hold up their side of the shared responsibility model and deliver unified security across the hybrid attack surface.
John Pescatore, Emerging Trends Director at SANS; Juan Canales, Sr. Manager of Enterprise Security and Architecture at HPMG
WhatWorks in Migrating to the Cloud while Maintaining Security and Network Performance (with a remote workforce)
The need for businesses to rapidly move to near 100% work at home has increased the importance of detailed and accurate visibility into user activity in remote connections to both on-premises data centers and public cloud-based services. One effective and efficient way of achieving this visibility is for network operations and security operations to use common tools that support the views and insight into both performance issues and security-relevant changes and anomalies.
During this SANS WhatWorks webcast, SANS Director of Emerging Security Trends John Pescatore interviews Juan Canales, Sr. Manager of Enterprise Security and Architecture at Hill Physicians Medical Group (HPMG), to gain Mr. Canales' insight on what he went through in the business justification and deployment of ExtraHops Reveal(x) to increase visibility into network traffic during HPMG's transition to cloud-based computing. This visibility has already proved invaluable in maintaining reliability and security of remote communications as HPMG runs completely remote operations during the current health crisis.
Join SANS Pescatore and Juan Canales to hear details on his selection, deployment and experience using ExtraHop. The webcast includes a discussion of lessons learned and best practices and gives you the opportunity to ask questions to get deeper insight.
John Smith, ExtraHop; Glenn Leifheit, Microsoft; Tim Campo, (ISC)2; Diane Brown, Ulta; Brandon Dunlap (Moderator)
The COVID-19 virus outbreak has put immense pressure on IT organizations who now need to scale remote access quickly to thousands of users working from home. Many organizations did not have a plan in place for this and are doing the best they can. Many remote workers haven’t been issued laptops or are using unmanaged devices that may not have adequate protections. Some companies are running into licensing issues for things like their VPN connections. Join ExtraHop and (ISC)2 on April 16, 2020 at 1:00PM Eastern for a timely discussion on how you can deal with performance and security implications of this shift and receive tips and best practices on how to deal with the situation we find ourselves in.
John Smith, Principal Engineer at ExtraHop; Bri Hatch, Director of IT at ExtraHop
The COVID-19 pandemic is straining remote access infrastructure and the IT organizations that support them. Many IT teams are doing the best they can to accommodate thousands of users working from home, while Security teams are preparing to defend a newly enlarged and more porous attack surface. Join our expert panel on a timely discussion and best practices on how to handle the performance and security implications of this shift.
Helping you gain the perspective to secure the hybrid enterprise
The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster.
Black Hat Webcast Series - Automated Threat Detection and ResponseTy Miller, Managing Director at Threat Intelligence; Vince Stross, Security SE at ExtraHop Networks[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]62 mins