Hi [[ session.user.profile.firstName ]]

Understanding and Leveraging the MITRE ATT&CK Framework

In this webcast, sponsor representatives and report author John Hubbard will discuss the new SANS report, "Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework." The discussion will explore themes from the paper, including:

- What the MITRE ATT&CK Framework is
- Where ATT&CK is going
- Best practices for using ATT&CK information

Register today and learn how to leverage the information and ecosystem of tools surrounding ATT&CK to develop, bolster and assess your own defenses.
Recorded Aug 12 2020 61 mins
Your place is confirmed,
we'll send you email reminders
Presented by
John Hubbard, Certified Instructor at SANS; Matt Cauthorn, VP of Cyber Security Engineering at ExtraHop
Presentation preview: Understanding and Leveraging the MITRE ATT&CK Framework

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The New Realities of Healthcare IT Recorded: Sep 24 2020 92 mins
    MEDHOST, Pacific Dental Services and AdventHealth
    According to the Department of Health and Human Services, healthcare data breaches increased by 196% from 2018 to 2019 and are expected to see a double digit increase in 2020. Given its valuable data, connected devices and the need for constant data access to ensure continuity of care, Healthcare organizations have been and will likely always be a prime target for cyberattacks. While awareness around these issues has drastically improved, the threat is still as real as it has ever been

    Please join us for a conversation on September 15 as we bring healthcare leaders from MEDHOST , Pacific Dental Services and AdventHealth together to discuss the new realities and challenges facing healthcare IT teams today.

    During our dialogue, our panel of industry leaders will dissect cybersecurity topics relevant to today's ever changing environment including securing IOT devices, cloud adoption, Zero Trust, regional site visibility and the effects of COVID-19, work from home and skill shortage within security teams.
  • The Ripple Effect: Latent Vulnerabilities to Be Felt for Years to Come Recorded: Sep 17 2020 60 mins
    Matt Cauthorn, VP Sales Eng, ExtraHop; Kevin McNamee, Dir Threat Intel, Nokia; Graham Speake Sr. Sec Mgr, Brandon, Moderator
    Have you heard about Ripple20? It’s a series of 19 vulnerabilities detected in a widely used TCP/IP stack (Treck) could expose hundreds of millions of devices in healthcare and industrial settings to remote code execution and more. The Treck stack has been used in embedded devices for more than twenty years. These devices are hard to identify and more difficult to patch. Should you remove and/or replace these devices? That can get pricey. Join ExtraHop and (ISC)2 on September 17, 2020 at 1:00 p.m. Eastern as we explore the ramifications of this, how to detect vulnerable devices and determine if you should patch or replace.
  • Extending the Enterprise Network for Remote Workers Recorded: Sep 14 2020 65 mins
    Paco Cañive, Senior Systems Engineer at ExtraHop
    As a result of lockdowns from the COVID-19 pandemic, we are seeing a rise in teleworking and remote workers. This trend may not change after the pandemic either, creating challenges for enterprise security teams. How do you extend your enterprise network security controls into these remote locations?

    In this webcast, Paul Asadoorian and Matt Alderman will discuss the challenges of teleworking and remote workers. They will cover topics, such as

    • How do you protect your home network?
    • How do enterprise security teams extend their capabilities to remote workers?
    • What new threat vectors do enterprise security teams need to address?

    Then, Paco Cañive, Senior Systems Engineer at ExtraHop, will discuss their new Remote Work bundle to help organizations get visibility into these remote locations. Paco will demonstrate how ExtraHop can detect the following remote worker use cases:

    • IP Address to User correlation to identify malicious or abnormal behavior
    • Detecting RDP traffic and the possible misuse of RDP
    • Monitoring Active Directory account activity
  • Black Hat Webcast Series - GCP Lateral Movement and Privileged Escalation Spill Recorded: Sep 3 2020 52 mins
    Dylan Ayrey, Security Engineer // Michael Sanders, Senior Cloud Security Engineer, ExtraHop
    Since Dylan Ayrey gave his Blackhat talk on lateral movement and privilege escalation in GCP Google has announced a few changes. They've released a new blog post that talks about some suggested customer mitigations, as well as roll out a new org policy to prevent privilege escalation in certain roles.



    Dylan will do a recap of our BlackHat talk, cover some spill over material he didn't have time to cover, like privilege escalating remote build execution, and generally talk through the updates from Google and how they impact the original attacks he covered.
  • Looking Beyond IDS: What’s Next for Network Detection? Recorded: Sep 1 2020 51 mins
    Dave Shackleford, Instructor at SANS and Sonal Shetkar, Principal Engineer at ExtraHop
    The only thing we know for sure about the next big cyberattack is that it will involve two hosts and a network. Every attacker must use the network, which makes it an ideal instrumentation point for detecting attack activity. Organizations deploy IDS solutions for traffic entering and leaving the environment (north-south) but do not have robust network detection capabilities for their internal (east-west) traffic. This webinar will discuss how organizations can use the network to detect stealthy post-compromise activity that evades other monitoring techniques.
  • Top Cloud Threats: Understanding and Responding to the Egregious Eleven Recorded: Aug 19 2020 58 mins
    Jon-Michael Brook, Top Threats Co-chair, CSA & Dan Frey, Sr. Cloud Product Marketer, ExtraHop
    The cloud is proven to spur innovation and efficiency, but the speed at which new devices can be added—and new instances spun up—increases risk to data and applications. If you’re concerned about security vulnerabilities in the cloud, you won’t want to miss this conversational deep dive into the Cloud Security Alliance’s annual “Egregious Eleven” report on the top threats to cloud computing.

    Register today to learn more about the top threats from security experts at ExtraHop and the Cloud Security Alliance. You’ll get real-world examples of how those threats can affect your business, as well as steps you can take now to strengthen your security posture. You’ll also see how visibility into network traffic and the ability to analyze full packets speeds incident response and helps make you less vulnerable to new and evolving threats.
  • Discovering and Securing IoT and Unmanaged Devices with ExtraHop and Keysight Recorded: Aug 13 2020 45 mins
    Karen Crowley, Sr. PMM, ExtraHop, Kurt Skowronek, SE, ExtraHop & Greg Copeland, Director Business Development at Keysight
    A lack of visibility into IoT and an inability to monitor unmanaged devices expands your attack surface, posing a threat to the security of your hybrid networks. Because IoT devices can't be instrumented with agents and generate a high volume of data, traditional approaches to security cannot be implemented. With Keysight and ExtraHop, you can discover and monitor all devices in context of the rest of your network , to detect and respond to attacks before they become a breach. Viewers of this webinar will learn:

    • How attackers exploit IoT and unmanaged devices to gain unauthorized access.

    • How network detection and response and machine learning play a significant role in investigating incidents

    • How together ExtraHop and Keysight provide comprehensive visibility into all devices to stop attacks before they cause damage.
  • Understanding and Leveraging the MITRE ATT&CK Framework Recorded: Aug 12 2020 61 mins
    John Hubbard, Certified Instructor at SANS; Matt Cauthorn, VP of Cyber Security Engineering at ExtraHop
    In this webcast, sponsor representatives and report author John Hubbard will discuss the new SANS report, "Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework." The discussion will explore themes from the paper, including:

    - What the MITRE ATT&CK Framework is
    - Where ATT&CK is going
    - Best practices for using ATT&CK information

    Register today and learn how to leverage the information and ecosystem of tools surrounding ATT&CK to develop, bolster and assess your own defenses.
  • Securing Active Directory the Way it Deserves Recorded: Aug 11 2020 62 mins
    John Pironti, President IP - Architects // Jesse Munos, Technical Marketing Manager - ExtraHop
    Credential theft and lateral movement are now regular, everyday tricks of the cyber attacker trade. So it’s imperative that every business secure the foundations of its enterprise access control system: Active Directory. And yet, for many organizations, Active Directory management and security is a major challenge, and they don’t know where to begin. In this webinar, experts will explain the latest AD-related threats and help you get your new or legacy AD in order so you’re prepared for them.

    When you attend this webinar, you will:
    -Learn about the recent high-profile attacks that show AD exploits may be going mainstream
    - Learn how the threats get more complex as organizations increase their use of cloud services and remote access
    - Learn what tools and techniques can help you better monitor and defend administrator accounts
  • Closing the Critical Skills Gap for Modern Security Operations Center Recorded: Aug 3 2020 57 mins
    Jeff Costlow (ExtraHop) // John Pescatore (SANS)
    In this webcast, sponsor representatives and survey author and SANS Director of Emerging Security Trends John Pescatore will discuss results from our 2020 SOC Skills Survey.
  • Completing the Triad, The Case For Leading With NDR Recorded: Jul 31 2020 39 mins
    John Smith // Principal Sales Engineer
    The information security industry has experienced a number of innovations around SIEM and Endpoint Detection and Response (EDR) solutions over the past few years. These solutions have included leveraging Machine Learning and Cyber Threat Intelligence into their platforms for higher fidelity as well as better response to emerging and acute threats our industries and agencies face. Even with these advancements we have seen several devastating breaches that do more than damage a company’s brand. Unlike real-asset destruction or theft, when intellectual property is stolen or compromised, the owner is never made whole and its value cannot be recouped. The challenge with EDR and SIEM is that they must be configured or installed and any solution that must be configured or installed can be un-configured and un-installed. Many breaches have involved the evasion of properly installed and configured SIEM and EDR solutions. The covert nature of today’s malware and spyware requires a covert response, one where our adversaries are not aware of its presence. In this session, we will discuss and demo the merits of leading with Network Detection and Response (NDR) and how the use of NDR provides coverage against evasion techniques used by attackers against our existing SIEM/EDR investments. Adding the third pillar of NDR to your security triad will provide the needed stability that has been lacking from the traditional two pronged approach to security and visibility.
    In this session, we will discuss the ways in which NDR compliments and in many cases improves the efficacy of your existing investments in SIEM and EDR. We will also discuss the differences in signal intelligence between what is on the wire vs what is in a log. And finally, we will discuss reasons to take a “NDR-first” approach to visibility at scale, high fidelity detections and digital surveillance.
  • AISA Webinar: Extending network security for the cloud Recorded: Jul 30 2020 63 mins
    Stefan Avgoustakis and Daniel Chu
    The modern enterprise is a complex web of workloads consisting of hardware, applications, and data spread across edge, core, and cloud deployments. Add in a growing remote workforce, the security challenges only increase. Tools that rely on logs or agents can’t provide Security Operations Centres (SOCs) with the visibility they need to mitigate risk that can derail cloud migration and business transformation initiatives.

    During this webinar, AWS and ExtraHop will discuss ways to:
    - Apply AWS controls and services to create a security visibility strategy for the cloud
    - Deliver an agentless, scalable approach that provides SecOps with unified visibility in a single management page
    - Enable AWS customers to take full advantage of network traffic for better cloud visibility, detection and response
  • A Real Conversation About Post-Compromise, with Cyberwire’s Dave Bittner Recorded: Jul 28 2020 47 mins
    Dave Bittner, Host at CyberWire; John Smith, Principal Engineer at ExtraHop & Karen Crowley, Security PMM at ExtraHop
    We need to have a real conversation about post-compromise. The accepted reality today is that experiencing a cyber-attack is inevitable. The question is how to stop the attack from escalating into a full-on data breach. Join us for a conversation with CyberWire’s Dave Bittner as we discuss the trends that are complicating the job of security professionals today, including the overnight move to remote work and the acceleration of cloud adoption. We’ll also cover some of the biggest threats to hybrid networks and ways organizations can lower risk now.
  • Network Detection & Response: Defending Critical Assets Beyond the Perimeter Recorded: Jul 22 2020 64 mins
    Daniel Chu, Director of Systems Engineering, APJ, ExtraHop
    In today’s threat landscape, it is evident that data breaches are becoming a question of when, and not if. Most organisations have multiple investments and tools for securing the perimeter, but have limited visibility into the post-breach activities that occur within the trusted perimeter. Attackers take advantage of these blindspots to perform reconnaissance, move laterally, establish persistence, and ultimately exfiltrate data.

    Join ExtraHop and (ISC)² on Jul 22, 2020 (Wed) at 10am (GMT +8), you’ll learn how network detection and response (NDR) provides ground truth with context, that can't be turned off or evaded by savvy attackers. We’ll demonstrate why NDR is the most effective approach for detecting, investigating, and responding to threats in hybrid, multicloud, remote workforce, and IoT environments.

    Agenda will include:
    · Gartner's SOC Visibility Triad: NDR, EDR & SIEM
    · Introduction to machine learning-based NDR for the hybrid enterprise
    · Demo: Investigate a live attack
    · Q&A

    Presenter: Daniel Chu, Director of Systems Engineering, APJ, ExtraHop
    Moderator: Tony Vizza, CISSP, CCSP, Director of Cybersecurity Advocacy, APAC, (ISC)²
  • How Attackers Confuse Investigators with Cyber False Flag Attacks Recorded: Jul 7 2020 61 mins
    Jake Williams, Co-founder of Rendition Infosec // Vince Stross, Principal Security SE
    During cybersecurity compromise investigations, incident responders are always asked the question “who did this to us and why?” To the extent that attribution matters in cybersecurity, false flag cyberattacks offer opportunities to misdirect investigators in both dimensions – the who and the why.

    In this webcast, we'll demonstrate techniques showing how attackers can plant forensic evidence, misdirecting investigators about their intentions and identities. Armed with this information, forensic investigators and incident responders will (hopefully) be more critical of the information discovered in their cases and dig a little deeper in investigations.
  • How To Secure Remote Workers For The Long Haul Recorded: Jun 29 2020 62 mins
    Heather Mahalik, Senior Instructor at SANS; Josh Snow; Security Engineer at ExtraHop; Kyle Walsh, Solution Architect at Datec
    Recent, rapid transformations in remote work have been challenging for enterprises, and for some of them, the new work-from-home reality is going to become a permanent adaption for their business. Those that adapted quickly now need to look at keeping their new remote workforces happy and secure for the long haul. Join this webinar to learn about some of the biggest changes businesses have experienced, and how they're working to secure the new shifting and expanding attack surface, including:

    - 88% of respondents rely on VPN tunneling for their work, but how are those VPN tunnels secured at scale?
    - 30% rely on RDP, a protocol notorious for being abused by attackers. How are businesses assuring that RDP sessions are legitimate, and being used securely?
    - Only ~13% of respondents indicated that their organization fully manages webcams in their environment. How are businesses ensuring that sensitive, connected devices and IoT in workers' homes aren't providing a vector for stealthy attackers?

    Join Heather Mahalik, SANS Senior Instructor, Author, and Senior Director of Digital Intelligence at Cellebrite and Josh Snow, Security Sales Engineer with ExtraHop to discuss the data from a recent poll about remote working and explore the critical topics on how to adapt to semi-permanent remote work situations at enterprises of every size.
  • Time to Adapt – Integrating SecOps and NetOps Recorded: Jun 25 2020 58 mins
    Matt Cauthorn, VP Cyb. Eng, ExtraHop; Caroline Saxon, Dir, Cyber Governance, Global Payments; Andrew Boyle, Booz Allen
    We know that integrating security operations (SecOps) and network operations (NetOps) teams can lead to faster response and improved productivity. And in the current situation we find ourselves (with budgets slashed and personnel laid off or furloughed), collaboration and shared visibility between the two teams can help IT and cybersecurity organizations adapt to changing requirements. Integrating the two operations can help you eliminate redundant tools, break down data silos, streamline processes, and optimize your budget. Join Extrahop and (ISC)2 on June 25, 2020 at 1:00PM Eastern for a discussion on why now is a great time to tackle this challenge and how you can go about doing so.
  • CrowdStrike & ExtraHop Partner to Stop Breaches with Cloud-Native EDR and NDR Recorded: Jun 24 2020 49 mins
    Dixon Styres, Solution Architect, CrowdStrike, Chase Snyder, Sr Product Mktg Mgr & Jesse Munos, Technical Mktg Mgr ExtraHop
    The integration between ExtraHop Reveal(x) and CrowdStrike Falcon Insight merges complete network visibility, machine learning behavioral threat detection and real-time decryption with powerful endpoint security and instant remediation.

    Attendees of this webinar will learn directly from ExtraHop and CrowdStrike about how our Fortune 100 customers are already using this recently launched solution, and how the integration can provide enterprise security operations teams with capabilities and immediate value like:

    Instant and automated detection, validation, and containment of network threats like ransomware, privilege escalation, and data exfiltration, as well as endpoint threats, for complete attack surface coverage.

    Automatic discovery and device identification of everything communicating on the network, including IoT-connected devices, remote connections, devices incompatible with agent installation, and devices impacted by threats where no CrowdStrike agent was yet installed.

    Broad MITRE ATT&CK Framework coverage of both network-focused and endpoint-focused tactics, techniques, and procedures.
  • Black Hat: Pragmatic DevSecOps - Cloud Edition Recorded: Jun 23 2020 61 mins
    Rich Mogull, CISO at DisruptOps; Guy Raz, Sr. Systems Engineer at ExtraHop
    You’ve heard that DevSecOps is the latest fashion, but what does that actually mean? Is it just a trendy rebranding of what we’ve always done or are there really some new technologies and practices we can use to improve security?

    In this session we will blast through a quick review of DevOps and then jump into the 5 steps to integrate effective DevSecOps into your security and DevOps programs. (Hint… it’s all about the code).
  • Unifying Security Across Multicloud, Hybrid, & Remote Deployment Recorded: Jun 11 2020 52 mins
    Ryan Davis, Sr. Cloud Product Manager at ExtraHop
    In the first quarter of 2020, organizations around the world experienced massive disruption as workforces rapidly transitioned to remote work and operations shifted off-premises. While the first phase of this shift focused primarily on making critical assets available to employees, the next phase will focus on how to enable that model long term and at scale. At the center of that transformation are cloud and IoT.

    Join this webinar to learn about Reveal(x) 360 and how ExtraHop’s SaaS offering is natively delivered from the cloud and provides Network Detection and Response capabilities to create faster time to value without management burden. Organizations benefit from unified 360-degree visibility and situational intelligence spanning from the edge (IoT and remote workforce) to the core (data centers and branch offices) to the cloud (AWS, Azure, and Google Cloud) to monitor and respond to actual threats.
Helping you gain the perspective to secure the hybrid enterprise
The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster.

Learn more at www.extrahop.com

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Understanding and Leveraging the MITRE ATT&CK Framework
  • Live at: Aug 12 2020 7:45 pm
  • Presented by: John Hubbard, Certified Instructor at SANS; Matt Cauthorn, VP of Cyber Security Engineering at ExtraHop
  • From:
Your email has been sent.
or close