Protecting Your Business from the Ransomware Threat

Looking to turn third-party threat research into actionable takeaways for your team?

Dan Kaiser and Sally Vincent from LogRhythm Labs walk through their process for reviewing third party reports using the real-world example of Maze ransomware. They demonstrate how threat research can be truly useful in protecting your organization from the latest developments in cyberattacks.

Discover how to:

- Turn threat details into new monitoring and threat hunting techniques
- Configure your security solution to incorporate those actionable takeaways
- Use samples of Maze that have been reverse engineered to test your newly configured solution

They also demonstrate how to map third-party threat reports to ATT&CK techniques that can be used to develop mitigation, detection and response actions including:

- Initial Access
- Execution
- Persistence
- Privilege Escalation
- Discovery
- Lateral Movement
- Impact

Save your seat to learn how to make the most of threat research.

During our RhythmWorld 2020 Security Conference, a panelist of five security executives met to discuss some of the major challenges, changes, and opportunities facing chief information security officers (CISOs) today.

The Modern and Evolving Security Leader: Security Executive Panel, explores insider secrets on:

•Building deeper organizational consensus
•Finding security advocates
•Boosting board buy-in
•And much more!

Register now to get the inside scoop from industry veterans James Carder, Karen Holmes, Kip James, Christopher Mitchell, and Dilip Singh.

Cyber attacks are exploding. This year, as of Q3 2020, 16 billion records have been exposed. This represents a 273% increase compared to the first half of 2019*.

LogRhythm, joined by Forrester Principal Analyst serving Security & Risk Professionals Jinan Budge, Unisys, and Blackberry Cylance, discuss how you can effectively achieve true cyber resilience.

Key Takeaways:
1. What is Zero Trust and its alignment to the NIST-CSF
2. How to detect, respond and mitigate common attacks (e.g. phishing) using a Zero Trust model
3. How an organization can embark on a successful Zero Trust journey and avoid common pitfalls.



* Source: Security Boulevard - https://securityboulevard.com/2020/08/5-biggest-data-breaches-of-2020-so-far

Attacks on operational technology (OT) have been on the rise for decades. Most recently, attackers have wreaked havoc on healthcare systems and medical devices, SCADA, IoT devices, industrial control systems, with exploits such as EternalBlue, SweynTooth, or ransomware variants.
These attacks threaten national interests, and as OT continues to be vital in day to day operations, overall business continuity is also endangered. Governments and organizations worldwide have begun implementing programs and delivering mandates to protect critical infrastructure and business operations.

James Carder, CSO & VP, LogRhythm Labs, discusses ways to evaluate risk, and tips to protect OT.
He’ll discuss:
- Key operational risks tied to various critical industries, and where OT threat landscape is headed
- 3 practical steps to improve your OT cybersecurity strategy
- 6 example cybersecurity OT use cases (e.g. real-time monitoring of SCADA, water systems, telehealth, OT/IT convergence)

Today, ransomware attackers won’t simply back down if an organization refuses to pay the demanded sum in order to get their files back. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding ransom. If the victim refuses payment and initiates restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online if the ransom goes unpaid.

That threat is a completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat. And of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.

During this webcast, Randy Franklin Smith from Ultimate Windows Security provides an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He also discusses detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks, such as:

- Phishing (T1566)
- System Services (T1569)
- Command and Scripting Interpreter (T1059)

Then, Brian Coulson from LogRhythm’s Threat Research team demonstrates how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.

Register for the webcast to learn about the latest ransomware threats and how you can protect your organization from them.

Want to learn how you can benefit from integrating the MITRE ATT&CK framework into your SIEM?

During this Live Webinar, our experts will demonstrate how feeding data from a wide set of technologies including endpoint detection and response (EDR), antivirus/anti-malware and intrusion detection/prevention systems (IDS/IPS), can help you get the most out of your SOC.

You'll Learn:
• How to apply the latest common ATT&CK techniques in your SIEM
• Prioritise those techniques based on your business context, and
• 3 ATT&CK Use Cases you can easily apply

Save your spot!

The healthcare industry already faces a number of unique challenges and threats. The data that these organizations collect includes extremely sensitive — and therefore valuable — information, making those organizations a target among cyberattackers. As telemedicine continues to grow, healthcare providers will have to address the proliferation of these threats, as well as the new cybersecurity concerns that come with a rise in adoption.

Join this webinar to learn about the current telemedicine landscape and the future risks and requirements healthcare organizations will need to address if they want to secure ongoing and evolving telemedicine initiatives. You’ll hear from James Carder, LogRhythm’s CSO and former healthcare security director, and Kevin McDonald, a healthcare cybersecurity advisor with decades of experience in the industry.

You’ll learn:

• The current state of telemedicine
• The cybersecurity threats specific to telemedicine
• Future risks and requirements of securing telemedicine
• Examples of how your team can best use its tools to monitor for these risks

Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

These include:

• Integrating endpoint detection for improved threat hunting capabilities
• Combining logical and physical authentication to spot anomalous access
• Automating detection and response to Phishing attacks
• Detecting possible indicators of bit-coin mining
• Improving incident response times through audio and visual alerting

Join this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.

Looking to take the next step in your career? Find out how others paved the way for success in the security field.

In this roundtable, you'll hear from tenured security professionals on how they established their careers, overcame obstacles, and ascertained new roles and promotions. Most careers in cybersecurity are anything but linear. Learn how to navigate your own path — with or without a "traditional" background.

Panelists included Kevin McDonald, Principal Healthcare Cybersecurity Advisor at MedSec, Kyle Dimitt Compliance Research, Senior Engineer at LogRhythm, and Sam Straka, Manager, Product Owners at LogRhythm.

Watch the on-demand webinar today to find out how to achieve your career goals in the world of security.

APT29, or Cozy Bear, is well-known for its alleged infiltration of the U.S. Democratic National Committee in 2016.

While the 2020 U.S election security may not be relevant to your organization, it's worthwhile to be familiar with the threat group; other actors can easily implement many of its behaviors to target organizations across industries.

During this webinar, Randy Franklin Smith from Ultimate Windows Security and LogRhythm Labs' Threat Research team will:

- Provide a holistic overview of APT29 and its notable activities
- Share commonly-used TTPs that other threat actors can easily implement
- Demonstrate how to identify and remediate threats resulting from these TTPs

In this webinar, Leonardo Hutabarat, LogRhythm Sales Engineer & Solution Architect, Scott Jarkoff, Crowdstrike Strategic Threat Advisory Grp Director, APJ & EMEA and Sanket Bhasin, Crowdstrike Cyber Security Consultant, discuss how you can apply MITRE ATT&CK for rapid threat detection and response within your IT environments’ most crucial areas. You’ll see a live demo of incident response in action on the LogRhythm NextGen SIEM Platform with seamless Crowdstrike integration.

Save your spot to see it in action.

Presenters: Leonardo Hutabarat, LogRhythm Sales Engineer & Solution Architect, Scott Jarkoff, Crowdstrike Strategic Threat Advisory Grp Director, APJ & EMEA, Sanket Bhasin, CrowdStrike Cyber Security Consultant

MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including:

- Initial Access: Get into your network
- Persistence: Maintain their foothold
- Privilege Escalation: Gain higher-level permissions
- Defense Evasion: Avoid being detected
- Credential Access: Steal account names and passwords
- Discovery: Figure out your environment
- Lateral Movement: Move through your environment
- Collection: Gather data of interest to their goal
- Exfiltration: Steal data

The only ones missing at this time are:

- Execution: Run malicious code
- Command and Control: Communicate with compromised systems to control them
- Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data.

In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework.

Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment:

- T1114: Email Collection
- T1534: Internal Spearphishing
- T1098: Account Manipulation
- T1136: Create Account
- T1192: Spearphishing Link

Watch this on-demand technical session for the latest ways to protect your cloud resources with MITRE ATT&CK.

COVID-19 has caused businesses across industries to implement remote work policies. But what new security concerns should be on their radar because of this?

In the webinar, we will discuss how to:
•Secure your remote users and mitigate common attack vectors
•Achieve pervasive network visibility even in complex environments
•Realize rapid threat detection and response with LogRhythm & Gigamon integration

Presenters:
Leonardo Hutabarat, LogRhythm Enterprise Sales Engineer,
Ng Yeok Chong, Gigamon APJ Sales Engineering Director,
Eugene Lee, Exclusive Networks, Product Manager

MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including:

- Initial Access: Get into your network
- Persistence: Maintain their foothold
- Privilege Escalation: Gain higher-level permissions
- Defense Evasion: Avoid being detected
- Credential Access: Steal account names and passwords
- Discovery: Figure out your environment
- Lateral Movement: Move through your environment
- Collection: Gather data of interest to their goal
- Exfiltration: Steal data

The only ones missing at this time are:

- Execution: Run malicious code
- Command and Control: Communicate with compromised systems to control them
- Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data.

In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework.

Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment:

- T1114: Email Collection
- T1534: Internal Spearphishing
- T1098: Account Manipulation
- T1136: Create Account
- T1192: Spearphishing Link

Watch this on-demand technical session for the latest ways to protect your cloud resources with MITRE ATT&CK.

Women are rising through the cybersecurity ranks to become recognised leaders, experts and mentors. The 2020 SANS Women in Cybersecurity Survey drew on the shared experiences of successful women in cybersecurity to provide practical advice on becoming leaders in their organisations.

Join this webinar to learn why opportunities for women in security have never been better, including survey data points such as:

- More than 70% of respondents feel respected by their teammates
- 64% report that they are sought out for their opinions on cybersecurity issues
- 37% are advancing rapidly, moving into a senior position within one to four years

In this webinar, we'll discuss gender bias, the effects of mentorship and practical advice on how to get ahead.

Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

These include:

• Integrating endpoint detection for improved threat hunting capabilities
• Combining logical and physical authentication to spot anomalous access
• Automating detection and response to Phishing attacks
• Detecting possible indicators of bit-coin mining
• Improving incident response times through audio and visual alerting

Join this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.

As cyberattacks continue to make headlines worldwide, organisations that neglect the importance of fusing a pervasive security culture containing effective SecOps processes with skilled team players committed to do their very best are making a catastrophic error in judgement.

A proliferation of security technologies alone – even if they are correctly configured – will never stop cyberattacks or protect an organisation from a possible data breach, unless the correct playbooks are implemented and consistently operated by a skilled, motivated team with full backing of the board of directors.

Leading a cybersecurity team requires recruiting and retaining talent, developing the right strategy and fostering a culture of success. All while managing critical relationships with the board and other fickle stakeholders.

In this webinar, Dan Crossley and Kevin Eley are joined by guest industry speakers Michael Brown and Andy Johnson as they discuss the key attributes of a successful cybersecurity leader. The discussion will include:

•The importance of managing expectations with the board and implementing a robust infosec management system that must be measured
•Whether a security operations maturity model can assist an organisation on their journey to building a culture of security that reduces risk
•What – if any – lessons can the CISO learn from other walks of life

In light of COVID-19, we’re seeing businesses across industries implement remote work policies. This brings about new security concerns, many of which either weren’t considered or prioritized beforehand.

During this webinar LogRhythm experts including James Carder, CSO and VP of LogRhythm Labs, will review best practices for securing a remote workforce and what to expect when your employees make this kind of shift, whether it needs to happen now or in the future. Specific topics will include:

- Getting started with log collection for remote systems
- Priority use cases you should employ, such as monitoring VPN access and collaboration security
- The types and levels of activity you should expect to see on your network, depending on your industry
- The security awareness topics you should educate your employees on

We’ll also discuss the impacts we’re seeing from the rush to support remote work due to COVID-19. These reveal lessons that others can implement now or work into a future plan to support a rise in remote workers.

As a result of recent events and the COVID-19 pandemic, most organizations are implementing work-at-home policies. Yet company-wide remote environments present unique challenges for IT and cybersecurity professionals.

In this webinar, Rex Young, chief information officer, and Zack Rowland, strategic integrations engineer, reveal how LogRhythm rapidly migrated employees from in-office to remote work.

The two discuss the steps LogRhythm took to prepare for such an event and how they put that plan in action as remote work became necessary. Rex and Zack also answer questions posed to them to help others implement the same work-from-home environment while keeping IT and security best practices top of mind.

Topics covered during this webinar include:
• How LogRhythm prepared its IT and security operations to accommodate a global work-from-home event
• Q&A session to help IT and security teams accommodate a remote team
• How to balance business continuity with security measures
• IT and security implications to consider when implementing a work-at-home set-up

Register today!