Hi [[ session.user.profile.firstName ]]

Using MITRE ATT&CK In Cloud and Hybrid Environments

The MITRE ATT&CK Framework provides an excellent structure for security professionals to identify the strengths and gaps in their ability to detect attacker tactics, techniques, and procedures (TTPs) in the environment. The framework is applicable for cloud, on-premises, and hybrid environments. Join ExtraHop and (ISC)² on March 5, 2020 at 1:00PM Eastern for a discussion on the MITRE ATT&CK Framework as we look at:

• How to get the most value from the MITRE ATT&CK Framework in a hybrid environment

• How upcoming changes in MITRE ATT&CK may affect utilization of the framework by SecOps teams

• How MITRE ATT&CK fits into an overall framework-driven strategy for improving detection coverage and security maturity in hybrid enterprises of all sizes.
Recorded Mar 5 2020 59 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Vince Stross, Princ. Security SE, ExtraHop; Blake Strom, ATT&CK Leader, MITRE; Chip Wagner, Cybersecurity Leader, IBM
Presentation preview: Using MITRE ATT&CK In Cloud and Hybrid Environments

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Confiez La Sécurité de Vos Appareils Non Gérés et de Vos IoT Feb 4 2021 10:00 am UTC 60 mins
    Speakers Gustavo Amador-Nieto, EMEA Enterprise SE Lead at KeySight; Youssef Agharmine, Security Sales Engineer at ExtraHop
    Le manque de visibilité sur votre écosystème IoT et l'impossibilité de surveiller les appareils non gérés élargissent votre surface d’attaque, mettant ainsi en danger la sécurité de vos réseaux hybrides. Le problème des objets connectés, c'est qu'ils génèrent des masses de données et qu'il est impossible d'y installer des agents. D'où l'impuissance des approches de sécurité traditionnelles. Avec Keysight et ExtraHop, vous découvrez et surveillez tous les appareils connectés à votre réseau pour détecter et répondre aux attaques avant qu’elles ne compromettent votre environnement. Au programme de ce webinaire :

    • Méthodes des attaquants pour obtenir des accès non autorisés via des appareils non gérés ou des IoT

    • Rôle crucial du machine learning et des fonctionnalités de détection et de réponse sur le réseau (NDR) pour investiguer les incidents

    • Capacité d’ExtraHop et Keysight à fournir une visibilité complète sur tous les appareils et stopper les attaques avant qu’elles ne frappent
  • Doing XDR Right: What It Is and What it Can Do for Your Organization Jan 28 2021 6:00 pm UTC 60 mins
    Chase Snyder Sr. Prod Mktg Mgr, ExtraHop; Raj Goel, Brainlink; Lloyd Diernisse; B. Dunlap, Moderator
    XDR (Extended Detection and Response) promises to unite and integrate such security tools as focused on threat protection, detection and response, creating a single megasolution. Such an approach could yield significant benefits for an organization, Join ExtraHop and (ISC)2 on January 28, 2021 at 1:00PM Eastern for an examination on the costs and benefits of this strategy, a discussion of use cases, as well as:

    • How to avoid vendor lock-in while still getting the best security tools available

    • What XDR is, and what it isn't, including which data sources and security tools are typically included in XDR offerings, and how they work together.

    • The advantages and disadvantages of Best of Breed vs. Single Vendor detection and response strategies.
  • Customer Cloud Security: A SANS Survey Recorded: Dec 21 2020 61 mins
    TJ Banasik, Analyst at SANS and Dan Frey, Cloud Marketing Manager at ExtraHop
    The public cloud is changing how you do business, and it’s also forcing you to evolve your security models. To help you create effective defensive strategies for cloud service provider (CSP) environments used by employees, remote workforces, contractors, and customers, SANS surveyed a wide range of professionals across industry verticals to learn their approaches to security.

    Watch the webcast to learn more about:

    - Common cloud architectures
    - Popular security products
    - Spending trends on tooling and architecture
    - CSP-native tools vs. industry leading security products
  • What Got Us Here (May) Get Us There: 2021 Potential Trends From DBIR Reporting Recorded: Dec 17 2020 61 mins
    Alex Pinto, DBIR Team Manager and Co-Author, Verizon // Sri Sundaralingam, VP of Security and Cloud Solution, ExtraHop
    The Verizon Data Breach Investigations Report (DBIR) has been a staple in security reporting for over a decade, always aiming to both document and inform on the current shape of the security threat landscape. It has also been a cathartic outlet of bad jokes and puns for the authoring team.

    While the main purpose of the report is to examine what has recently (and not so recently) occurred, it has become clear to the team that over time attackers will attempt to maximize their Attack Return on Investment (AROI). While we can't tell you what the Next Big Attack (tm) will be in 2021, we'll delve into what the data suggests will define it and help to prepare for it.

    Join us on a critical analysis of over a decade of alternating very stale and surprising trends, and learn how to better strategize in a landscape that changes very slowly at first and then suddenly all at once.
  • Architecting Security for the Internet of Things Recorded: Dec 16 2020 62 mins
    Sonal Shetkar, ExtraHop // Paul Brager Jr., Baker Hughes, a GE company
    As the Internet of Things (IoT) becomes a broader reality in business, IT and security professionals are being challenged to find ways to secure Internet-enabled technology in all types of non-computer devices. How can an enterprise IT department develop and manage an effective security strategy for IoT technology? In this webcast, experts discuss the most effective approaches to securing the embedded systems used in their enterprise and offer advice on monitoring and protecting next-generation IoT technology.

    When you attend this webinar, you will:
    - Get an overview of best practices for security IoT technology in your enterprise
    - Learn about potential threats to IoT systems and devices
    - Gain insight on how to integrate IoT security into your broader enterprise cybersecurity strategy
    - Learn more about currently-available IoT security tools and technology
    - Find out how to assess and monitor the security of IoT devices attached to your enterprise network
  • Cloud Shared Responsibility: A SANS Whitepaper Recorded: Dec 15 2020 62 mins
    Dave Shackleford, Instructor at SANS and Jeff Deininger, Principal Sales Engineer, Cloud at ExtraHop
    As the use of cloud computing has grown, so has the concept of the shared responsibility model for data protection and cybersecurity in general. While not a new concept, the nature of shared security responsibilities has changed with the advent of the cloud. While all cloud providers are wholly responsible for physical security of their data center environments, data center disaster recovery planning, business continuity, and legal and personnel requirements that pertain to security of their operating environments, cloud customers still need to plan for their own disaster recovery and continuity processes, particularly in IaaS clouds where theyre building infrastructure.

    If any of this sounds confusing, thats because it is! There are many challenges facing us as the pace of cloud implementation accelerates. Theres an enormous amount of complexity with new services and software-defined infrastructure.

    Today, theres no doubt at all that the attackers have discovered new attack paths and techniques that target cloud environments. The nature of todays security operations has to change as we move to the cloud. With this webcast, we will discuss the definitive lack of skills in cloud technologies (and security specifically, leading to deficiencies in cloud detection and response workflows), the much faster deployments and changes to keep pace with, and a need for new and better controls to help combat these systemic challenges. To begin figuring out what to do about them, we need a better grounding in exactly who is responsible for what in the cloud, and what kinds of security controls and services are best suited to helping cloud security operations mature and grow.
  • Analyzing Malicious Behavior Effectively Recorded: Dec 15 2020 56 mins
    Dave Shackleford, Instructor at SANS and Jesse Munos, Technical Manager at ExtraHop
    In the past decade, the information security industry has learned a lot about what attackers do during campaigns against targets. While we dont always understand motivation behind the attacks, most attacker goals are focused on data access and exfiltration of sensitive data. Sophisticated attackers often use advanced malware-based espionage that can aggressively pursue and compromise specific targets. Once a compromise has occurred, attackers attempt to maintain a persistent presence within the victims network, escalate privileges, and move laterally within the victims network to extract sensitive information to locations under the attackers control.

    Enterprise security teams have struggled to keep pace with attacker tactics and techniques, and many of the security tools weve relied on have not kept up with new methods of ingress, data access, and exfiltration, either. Security teams are facing pressure to detect attacks and respond to them more rapidly, which is difficult when trying to find evidence of lateral movement, reconnaissance, privilege escalation, and other stealthy behavior. Compounding this is a lack of critical skills in security operations, and were relying on busy, short-staffed teams to do more all the time. To enable more junior analysts to more readily and effectively contribute, the primary security detection and response platforms organizations use will need to be much more intuitive and capable.

    ExtraHops Reveal(x) security analytics product, provides security analysts with a platform that can rapidly analyze huge quantities of data without acquiring full network packets. Join us in this webcast to learn from Dave Shackleford and his review of the ExtraHop Reveal(x) product. Being the third time reviewing this product, Dave will share his insights on the many enhancements and new features help intrusion analysis and investigation teams analyze malicious behavior in their environments even more rapidly and effectively.
  • FEDTalks Ep. #1: A Killer Combination - Proactive Threat Hunting and Modern NDR Recorded: Dec 10 2020 57 mins
    See how the ExtraHop Network Detection & Response (NDR) platform can be used, not only to automatically detect the latest threats, but also for proactive Threat Hunting workflows. Hear from ExtraHop engineering on how to leverage both techniques in order to secure even the most sensitive Federal networks.
  • Technology Sprawl: The Hidden Disease of IT and What to do About it Recorded: Dec 3 2020 61 mins
    John Matthews, CIO, ExtraHop; Michael Weisberg, CISO, Garnet River; Eric Gauthier, VP, Technical Ops, Burning Glass, B Dunlap
    In most enterprises, you have the phenomenon of tool sprawl - the overlapping abundance of technology in which only 20-30% of a product’s functionality is being used. A product is acquired for a particular use case, then another use case and another, resulting in a potpourri of tools with overlapping capabilities and features. Whether its instances in the cloud, security tools, network management or even the proliferation of personal productivity and LOB SaaS applications, the consequence of technology sprawl is not only financial waste, but also user frustration, security risks, operational inefficiencies, technical debt and lack of visibility into the organization’s processes and functions. Join ExtraHop and (ISC)2 on December 3, 2020 at 1:00pm Eastern as a panel of IT and Security executives discuss the root causes of technology sprawl, a path out of this cycle and the benefits to be achieved.
  • How ExtraHop & AWS Power Frictionless Security in the Cloud Recorded: Dec 1 2020 29 mins
    Sarah Gray, Enterprise Solutions Architect at Amazon Web Services and Ryan Davis, Sr. Cloud Product Manager at ExtraHop
    The cloud is proven to spur innovation and efficiency for DevOps and IT Ops, but for many security teams, moving and securing workloads to the cloud spurs thoughts of new vulnerabilities and attack vectors. With SecOps taking the blame for stalled migration efforts and losing control over securing cloud workloads, an increasing number of organizations recognize the need to take a cloud-native approach to securing data and workloads.

    Learn how AWS and ExtraHop empower security teams to stop breaches, not business, with frictionless network detection and response (NDR). Amazon VPC Traffic Mirroring enables NDR solutions to help secure cloud environments with agentless visibility and threat detection.
  • Ransomware Prevention Panel: How to Address a Pervasive & Unrelenting Threat Recorded: Nov 30 2020 66 mins
    Kris Yach, Solutions Engineer at ExtraHop and Justin Henderson, Instructor at SANS
    Ransomware is a fast-growing threat affecting thousands of government agencies and municipalities and now its even targeting itself toward halting critical ICS/SCADA operations.

    This webcast takes a deeper dive into the whitepaper, How to Address a Pervasive and Unrelenting Threat, written by SANS instructor and blue team member Justin Henderson. Justin will moderate a panel that includes sponsor representatives as they explore major themes of the paper.
  • Enabling Detection & Response Across Data Center and Cloud Apps Recorded: Nov 30 2020 58 mins
    David-John Fernandez, IT Security Engineer at Grand Canyon Uni. and John Pescatore, Director of Security at SANS
    Detection and response capabilities to the cloud, while retaining an integrated view across cloud and on-premises systems and networks. One effective and efficient way of achieving this visibility is for network operations and security operations to use common tools that support the views and insight into both performance issues and security-relevant changes and anomalies.

    During this SANS WhatWorks webcast, SANS Director of Emerging Security Trends John Pescatore interviews D.J. Fernandez, IT Security Engineer at Grand Canyon Education, to gain Fernandezs insight into the business justification for advanced network detection and response (NDR) capabilities and the key evaluation factors that resulted in the election and deployment of ExtraHop's Reveal(x) platform to increase visibility into network traffic to secure Grand Canyon's business and customer systems.

    Watch this webinar to hear details on Grand Canyon's selection, deployment and experience using ExtraHop. The webcast includes a discussion of lessons learned and best practices and gives you the opportunity to ask questions to get deeper insight.
  • Unlocking the Ultimate Source of Truth in Cloud Security—Network Data Recorded: Nov 19 2020 59 mins
    Dan Frey, Marketing Manager // Guy Raz, Sales Engineer, ExtraHop // Peggy Bresnick-Kendler, Contributing Editor, Dark Reading
    Learn how virtual taps from AWS, Azure, and Google Cloud enable network detection and response (NDR) solutions to help secure cloud environments with agentless and immutable monitoring and threat detection capabilities. Invisible to attackers, NDR solutions sit out of band and analyze network traffic streams to provide crucial information about devices, users, and potential attacks that other security tools simply can’t. Best-of-breed NDR also augments security personnel visibility into SSL/TLS 1.3 encrypted traffic and ML-driven threat detection that alerts only on items that matter while providing intelligence to remediation and forensic workflows.

    Attend this event and you'll learn how:
    - Cloud provider packet mirroring features enable better cloud security
    - Network detection and response puts information into proper context for accurate alerts
    - NDR, EDR and SIEM form the SoC visibility triad in the cloud
  • Extending DevSecOps Security Controls into the Cloud Recorded: Nov 13 2020 62 mins
    Jim Bird, Analyst at SANS and Dan Frey, Cloud Manager at ExtraHop
    In this webcast, survey authors Jim Bird and Eric Johnson will join security experts representing the survey sponsors to discuss results from the SANS 2020 survey, Extending DevSecOps Security Controls into the Cloud. This roundtable will also explore best practices for DevSecOps teams to follow when leveraging todays cloud-based environments.
  • Packets: A New Hope - Defending the AWS Cloud Using Network Detection & Response Recorded: Nov 5 2020 45 mins
    Jeff Deininger, Principle Cloud SE at ExtraHop
    Securing Cloud workloads presents unique challenges, including friction to make native telemetry sources actionable. Using network packets to drive detection and response workflows offers a way forward. 
    Cloud providers offer log-based event and configuration monitoring tools but real-time detection and response, requires the richness and authority of full packet data. The Cloud's event-driven-automation paradigm presents new opportunities to streamline the deployment and use of an NDR system that ingests and analyzes data at scale to contain attacks before they become headline-grabbing breaches.
  • Packets: Defending the Cloud with Network Detection & Response Recorded: Nov 5 2020 46 mins
    Jeff Deininger, Principal Sales Engineer, ExtraHop
    The playing field between attackers and defenders is not level, and it’s only becoming more unbalanced because of the complex, layered nature of attack surfaces in the cloud. Attackers can launch millions of arrows and only need one to find its target, while security teams must stop every attack. And when those attacks are successful, more than half of all data breaches take months to discover, and the average time from detection to containment is 279 days. Join ExtraHop and learn how access to packets in the cloud helps security teams move beyond a protect-and-prevent mindset and adopt a detect-and-respond posture that reduces dwell time and slashes time to contain.
  • Aufdecken und Managen von nicht verwalteten Geräten Recorded: Nov 4 2020 62 mins
    Juergen Morgenstern, Sales Engineering Director at ExtraHop and Christian Reuling, Systems Engineer, Keysight
    Mangelnde Sichtbarkeit und die Unfähigkeit, IoT und nicht verwaltete Geräte zu überwachen, erweitern Ihre Angriffsfläche und stellen eine Bedrohung für die Sicherheit Ihrer Hybridnetzwerke dar. Da IoT-Geräte nicht mit Agenten instrumentiert werden können und ein hohes Datenvolumen generieren, können herkömmliche Sicherheitsansätze nicht implementiert werden. Mit Keysight und ExtraHop können Sie alle Geräte im Kontext Ihres restlichen Netzwerks erkennen und überwachen, um Angriffe zu erkennen und darauf zu reagieren, bevor sie zu einem Verstoß werden. Die Teilnehmer unseres Webinars erfahren:

    • Wie Angreifer IoT und nicht verwaltete Geräte ausnutzen, um nicht autorisierten Zugriff zu erhalten
    • Wie Netzwerkerkennung und -reaktion sowie maschinelles Lernen eine wichtige Rolle bei der Untersuchung von Vorfällen spielen
    • Wie ExtraHop und Keysight zusammen einen umfassenden Überblick über alle Geräte bieten, um Angriffe zu stoppen, bevor sie Schaden verursachen
  • Anomaly Based Malware Detection via the Network Detection and Response Toolkit Recorded: Nov 3 2020 28 mins
    Jesse Munos, Technical Marketing Manager, ExtraHop
    New malware variants appear every day. These new variants are designed with enhanced capabilities and evasion techniques that make traditional signature based detection methods of limited utility. However, they all share one thing in common: they require the network in order to spread, exfiltrate data, receive commands, and more. This session will discuss how to leverage Network Detection and Response based tools to uncover, scope, and respond to new malware variants.
  • Discovering and Securing IoT and Unmanaged Devices with ExtraHop and Keysight Recorded: Nov 3 2020 56 mins
    Jamie Moles, Senior Security Engineer at ExtraHop and Russell Hill, Senior Systems Engineer at Keysight
    A lack of visibility into IoT and an inability to monitor unmanaged devices expands your attack surface, posing a threat to the security of your hybrid networks. Because IoT devices can't be instrumented with agents and generate a high volume of data, traditional approaches to security cannot be implemented. With Keysight and ExtraHop, you can discover and monitor all devices in context of the rest of your network , to detect and respond to attacks before they become a breach. Viewers of this webinar will learn:

    • How attackers exploit IoT and unmanaged devices to gain unauthorized access.
    • How network detection and response and machine learning play a significant role in investigating incidents
    • How together ExtraHop and Keysight provide comprehensive visibility into all devices to stop attacks before they cause damage.
  • HTTP Request Smuggling in 2020 Recorded: Nov 2 2020 61 mins
    Amit Klein, VP Security Research at SafeBreach and Jesse Munos, Technical Marketing Manager at ExtraHop
    HTTP Request Smuggling is an attack technique invented in 2005, that exploits different interpretations of a stream of non-standard HTTP requests among various HTTP devices between the client (attacker) and the server (including the server itself). It can be used to smuggle requests across WAFs and security solutions, poison HTTP caches, inject responses to users and hijack user requests.

    In the first part of my talk, Amit presents new HTTP Request Smuggling attack variants that work against present-day web servers and HTTP proxy servers. He also presents an attack which circumvents the HTTP Request Smuggling protection in a free, open source WAF.

    In the second part of his talk, I describe my C++ "Request Smuggling Firewall" class library that can be injected to any user-space process (web server or proxy server) to provide robust socket-level protection against HTTP Request Smuggling.

    He concludes with some anomalies I found in various web servers and proxy servers, showing there is a lot of potential for additional research in this area.
Helping you gain the perspective to secure the hybrid enterprise
The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster.

Learn more at www.extrahop.com

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Using MITRE ATT&CK In Cloud and Hybrid Environments
  • Live at: Mar 5 2020 6:00 pm
  • Presented by: Vince Stross, Princ. Security SE, ExtraHop; Blake Strom, ATT&CK Leader, MITRE; Chip Wagner, Cybersecurity Leader, IBM
  • From:
Your email has been sent.
or close