Name: HTTP Request Smuggling in 2020
Start: 2020-11-02T21:15:00Z
End: 2020-11-02T21:16:00.000Z
Location: BrightTALK

ExtraHop is reinventing network detection and response (NDR) to help enterprises stay ahead of emerging threats with unparalleled network visibility, context, and control.

As new attack vectors rapidly emerge, SOCs face an escalating challenge: Expand visibility to effectively detect and respond to threats, enhance productivity to manage the increased volume, and do it all while reducing operational complexity. 

By combining the power of NDR with network performance management (NPM), intrusion detection (IDS), and packet forensics in a single, integrated platform, enterprises benefit from complete visibility and contextual insights across their entire hybrid infrastructure - from data center campuses to cloud and SASE infrastructures and beyond. ExtraHop can decrypt and unlock packet-level data at wire speeds, analyzing and correlating it with its cloud-scale machine learning models to detect, investigate, and remediate cyber risks in real-time, without the added complexity of multiple tools. 

Unlock the full power of network detection and response with ExtraHop today. 

Learn more at www.extrahop.com

Scattered Spider has rapidly emerged as one of the most formidable adversaries in the modern cyber threat landscape. Known for its advanced social engineering tactics and targeted intrusions, this highly organized threat group has successfully infiltrated major enterprises, bypassing traditional defenses and causing widespread operational and financial damage.
In this webinar, we will take a deep dive into the anatomy of Scattered Spider’s campaigns—examining their attack vectors, techniques, and the tools that enable their persistence. Attendees will gain insights into the group’s evolving methods, from initial access through phishing and SIM swapping to lateral movement and data exfiltration strategies. We will also explore real-world case studies that illustrate the impact of their operations and discuss proactive measures organizations can take to detect, mitigate, and prevent such attacks.
Join us as we unmask this elusive threat actor and provide actionable intelligence to strengthen your cybersecurity posture against sophisticated adversaries like Scattered Spider.

Scattered Spider:Unmasking the Sophisticated Cyber Threat

Critical Infrastructure is under attack and, with the introduction of NERC CIP 015-1, organizations’ network security practices are now under a microscope. This new critical infrastructure protection will require Internal Network Security Monitoring (INSM) for all high and medium impact BES Cyber Systems with external routable connectivity. With the knowledge of a forthcoming requirement, finding the right path forward is becoming a top priority for all energy providers. 

In this fireside chat-style session, CISO, Eric Miller, of Midcontinent Independent System Operator (MISO), Manager of Cybersecurity, Jason LeDuc, of ISO New England, and Deputy CISO, Chad LeMaire, of ExtraHop will discuss the impact of this new regulation and how they are responding.

You’ll learn: 
-What are the reasons for this new requirement and why now?
-What does NERC’s new 015-1 regulation mean for organizations?
-How are organizations like MISO and ISO New England staying compliant?

CISO Chat: The Implications of NERC's New Internal Network Security Monitoring Requirement

Identifying whether you have been breached and understanding the impact are questions every security leader, practitioner, and operator have to struggle with every day. Alert fatigue and tool sprawl make the ability to answer these questions extremely difficult, if not impossible.

Imagine if you could know the instant a breach occurs, what the blast radius is, and implement an immediate containment strategy before any damage is done - without shutting down the network. That’s what is possible when you combine the power of ExtraHop and endpoint security.

Guest speaker, Joseph Blankenship of Forrester, will discuss the latest research on the shared challenges security teams are facing, the solutions being offered to manage them, and the looming issues that CISOs are really losing sleep over. In addition, network security experts from ExtraHop will explore how to reduce your risk exposure and quickly get definitive answers.

Together, we will:

-Explore the big and small challenges teams face in determining cyber risk exposure, managing potential breaches, and materiality disclosures.
-Discover how network telemetry accelerates ‘time to innocence’ and helps rapidly determine the extent of impact when a breach occurs.

Determining Exposure and Risk In The Event of a Breach

In today’s rapidly evolving threat landscape, your network is the first line of defense—and the key to faster, smarter threat detection and response.

Watch this on-demand session to dive into ExtraHop’s findings from the 2024 SANS Detection & Response Survey, and see how enhancing visibility across your network can accelerate threat detection, improve investigations, and empower your organization to stay ahead of the curve.

The Network is as Important as Ever for Detection & Response

Operational resilience when (not if) your critical services get disrupted:
Learn how you can operationalize your data to build resilience within your network and ensure your critical systems are minimally disrupted, and see the steps the threat actors took, and determine what exactly happened with your data. By listening to the network - financial services companies can speed their recovery and decrease their costs when hit by catastrophic cyber events.

You’ll learn how to:

-Gain insight on how to quickly assess risk and impact in the event of an incident (the answer lies within the network visibility/observability)
-Recognize what’s normal and what’s suspicious behavior within your network environment
-Identify the steps to respond to an incident, including ransomware and data exfiltration, to quickly identify what assets/files have been compromised/accessed and exfiltrated

Recovering from Cyber Catastrophe in Financial Services

Knowing you have been breached, and identifying the impact are questions every security leader, practitioner and operator struggle with daily. Alert fatigue and tool sprawl make the ability to answer these questions extremely difficult, if not impossible.

In this webinar, you’ll learn how to:

-Know the instant a breach occurs, and the blast radius of an attack
-Implement an immediate containment strategy when a breach happens AND before any damage is done
-Hear how customer KONKAT ATE uses ExtraHop RevealX and CrowdStrike Falcon to assess risk and manage potential threats for operational resiliency.

Harness the Power of the Network and Endpoint Data to Stop Material Breaches

Living Off the Land attacks. Hiding in encrypted traffic. Circumventing EDR. Bad actors are finding smarter (and sneakier) ways to launch ransomware attacks, even in today’s most security-savvy enterprises. As ransomware attacks get more complex, how can you adjust your defenses? If you could detect every inflection point of an attack as it unfolded in real time, what would you do differently? And how can network detection and response (NDR) help?

Join network security experts from ExtraHop and guest Forrester as we dissect a real ransomware breach and compare scenarios where increased network visibility can make the difference between a successful breach or a successful defense.

Explore how ransomware attacks have evolved and why you need multiple approaches to successfully defend against them.
Examine network visibility tools — how they work, what makes them different from perimeter defenses, and the unique advantages they provide.
Break down a chain of real threat events, minute-by-minute, using NDR to reveal otherwise undetectable defensive opportunities.

The Anatomy of a Ransomware Attack, Revealed

Public sector organizations invested in Intrusion Detection Systems (IDS) to meet security requirements sufficient for the perimeter-based cyber threats of the time. In today’s increasingly complex threat landscape, many public sector security teams are finding that their standalone legacy IDS comes up short. Others may not realize the blindspots of legacy IDS until it's too late.
 
Don’t be so quick to write off IDS. Thanks to innovations in decryption, machine learning, and other cyber defenses, modern IDS is becoming integral to achieving Zero Trust security in the public sector. 

Watch this on-demand webinar to:
- Explore the next evolution of IDS
- Learn how modern IDS can bolster your organization’s security posture

IDS: An Unexpected Key to Accelerating Zero Trust

For many security professionals, the nightmare scenario keeping them awake at night is a sophisticated, targeted attack aimed directly at their own organization and its specific defenses. In this webinar, experts describe the type of tools and processes necessary to help detect exploits that are usually well-obfuscated and stealthy. You will learn how to recognize targeted attacks and mitigate them before they can do real damage to your enterprise data.
During this webinar you will:
•Learn the fundamentals of detection
•Get advice on how to identify the most valuable data in the enterprise
•Walk away with expert guidance on the tools necessary to protect against targeted attacks
•Review processes that should be in place to protect your organization’s systems

Detecting, Analyzing, and Mitigating Targeted Attacks

As economic uncertainty persists, CISOs are under mounting pressure to demonstrate the value and impact of their cybersecurity programs and security technology investments. In this webinar, special guest Roland Cloutier, the former global CSO at TikTok, ADP and EMC, will discuss business operations protection as a next-generation cyber strategy. He’ll explain how to be a successful business and technical partner, and share strategies for evaluating security program ROI. 

The webinar will conclude with a conversation between Dan MacKenzie of ExtraHop and guest Sanitra Desai from Forrester. Dan and Sanitra will discuss findings from the commissioned Total Economic Impact™ study of the ExtraHop Reveal(x) 360 network detection and response platform, conducted by Forrester Consulting.

Demonstrating the Value of Cybersecurity: Lessons from a Global CSO

In this exclusive interview from CrowdStrike Government Summit 2023, hear from ExtraHop Co-Founder and COO Raja Mukerji on how government agencies can protect their operations with technology like Artificial Intelligence (AI) and Network Detection and Response (NDR).

ExtraHop Co-Founder & COO Raja Mukeri on Safeguarding Government Operations

Adversaries are moving faster than ever, with modern attacks coming from all fronts across network, endpoint, and other domains. In 2022, the average breakout time declined from 98 minutes to 84 minutes, highlighting the imperative for IT and security teams to act quickly and confidently when defending against threat actors. To detect and respond at speed, practitioners need ways to get the most from their existing toolset in order to unify data, augment manual effort, and cut out complexity.

Join Girard Ordway, Lead Partner Solutions Architect at ExtraHop and John Smith, Integration Solution Architect at CrowdStrike as they dive into how you can implement effective extended detection and response (XDR) to protect against threats like ransomware, privilege escalation or unauthorized remote access. See how you can easily integrate and get more value from your enterprise data platform by combining network and endpoint intelligence with automated response actions.

Join this webinar to learn:
•How to accelerate attack containment while minimizing disruptions to the organization.
•Ways to reduce the gap between quarantine and investigation for threat containment.
•What's needed to continuously identify and prioritize vulnerable devices to reduce risk.

How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint

The days when CISOs would build out large Security Operations teams with giant screens mounted on large walls of a busy SOC seem to be waning.

Two opposing forces are wreaking havoc on CISOs budgets - security talent is difficult to hire and retain, and security technology is becoming more specialized and extensively integrated.

In many cases the confluence of these two forces are forcing many CISOs to confront the chicken and egg problem - buy technology, or staff the team? Old monolithic outsourcing models have failed to deliver value,
so where can CISOs turn? Modern problems require modern solutions and we are here to help be your trusted advisors to uncomplicate the process.

In this webinar our speakers will discuss modern challenges, to include: 
• Balancing a security budget while adapting to, and defending from, modern threats
• Understanding essential security technologies
• Operationalizing security technologies effectively
• Positioning limited resources to avoid costly and destructive breaches

Tech and Talent - Challenges Operationalizing Effective Security Teams

Please join ExtraHop and CrowdStrike on December 8 at 11:00am ET to hear from John Zangardi, former CIO of DHS, acting CIO of DOD, and Navy CIO, about the importance of federal mandates- including CISA's Shields Up. We will discuss how ExtraHop and CrowdStrike are working together to help federal customers meet mandates in the most effective way possible. Simply, this integrated security solution will allow the federal government to stay ahead of ever-increasing cyber threats.

Accelerate Cyber Modernization to Meet Federal Mandates

Join experts from global industry research firm IDC and ExtraHop as they discuss how to supercharge your security orchestration, automation and response (SOAR) platform with high-fidelity network intelligence. Gain greater, more reliable threat context and automate with confidence.

They’ll cover the most important features when considering SOAR and network detection and response (NDR) platforms, along with the top use cases to help you quickly maximize value.

Register today to learn more about:

- Combining threat intel feeds
- Gaining complete visibility into public cloud, encrypted traffic, and all of your devices
- Detecting anomalies in user/device behavior in near real time
- Mapping to the MITRE ATT&CK framework

Extract Value From Your SOAR Faster with NDR

Over the past couple of years, ransomware has evolved from relatively simple, opportunistic crimes to a prime concern for security and business leaders alike. The evolution of ransomware is a story of innovation as attackers realize that the amount of damage they cause directly corresponds to how big their payday will be. In this session, Thomas Clavel, Director of Product Marketing at ExtraHop will discuss common misconceptions about ransomware prevention and remediation and expose where attackers do the most damage on their path to extortion. He will share real life examples of ransomware mitigation and share practical guidance for where defenders should be looking to expose and root out intruders’ malicious behavior.

Stop Ransomware Before It Stops You - SANS Cyber Fest Solutions 2022

Current events and headline-grabbing attacks have thrust supply chain concerns front and center with business and government leadership. How will you keep your company from falling victim to an attack from your software supply chain?

Software supply chain attackers abuse trusted relationships between software users and suppliers to sneak in past perimeter defenses. The only way to catch them after that is to monitor the inside of your own enterprise.  This webinar will help you understand the threats, the impact, and how to keep your organization safer in a challenging environment.

If you manage, purchase, or protect software, you owe it to yourself and your organization to make time to learn how to manage and mitigate this growing third-party risk.

Detect and stop software supply chain attacks on the inside

Join CrowdStrike and ExtraHop to learn how to make extended detection and response (XDR) a reality, so your security team can stop ransomware and other advanced threats faster. 

You’ll learn about a new and more robust integration with CrowdStrike to that will allow you to:
    - Dramatically accelerate attack containment while minimising disruption to the organisation
    - Go from detection to quarantine to investigation in a single click to contain threats faster
    - Continuously identify and prioritise vulnerable devices to reduce risk

Advanced attackers work hard to evade defences and stay stealthy. By seamlessly correlating network intelligence and endpoint visibility, security teams can reduce attacker dwell time and respond instantly to stop an intrusion from becoming a breach.

Learn about specific tactics of today's sophisticated cyber attackers and how to take back the upper hand with XDR powered by ExtraHop and CrowdStrike.

How XDR Gets Real with CrowdStrike and ExtraHop

HTTP Request Smuggling is an attack technique invented in 2005, that exploits different interpretations of a stream of non-standard HTTP requests among various HTTP devices between the client (attacker) and the server (including the server itself). It can be used to smuggle requests across WAFs and security solutions, poison HTTP caches, inject responses to users and hijack user requests.

In the first part of my talk, Amit presents new HTTP Request Smuggling attack variants that work against present-day web servers and HTTP proxy servers. He also presents an attack which circumvents the HTTP Request Smuggling protection in a free, open source WAF.

In the second part of his talk, I describe my C++ "Request Smuggling Firewall" class library that can be injected to any user-space process (web server or proxy server) to provide robust socket-level protection against HTTP Request Smuggling.

He concludes with some anomalies I found in various web servers and proxy servers, showing there is a lot of potential for additional research in this area.

HTTP Request Smuggling in 2020

HTTP

BLACK HAT

ExtraHop

Exploit

Cyber Attacks

Cyber Security

HTTP request smuggling

Information Security

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

HTTP Request Smuggling in 2020

Presented by

About this talk

ExtraHop