Protecting Your Business from the Ransomware Threat

Today, ransomware attackers won’t simply back down if an organization refuses to pay the demanded sum in order to get their files back. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding ransom. If the victim refuses payment and initiates restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online if the ransom goes unpaid.

That threat is a completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat. And of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.

During this webcast, Randy Franklin Smith from Ultimate Windows Security provides an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He also discusses detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks, such as:

- Phishing (T1566)
- System Services (T1569)
- Command and Scripting Interpreter (T1059)

Then, Brian Coulson from LogRhythm’s Threat Research team demonstrates how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.

Register for the webcast to learn about the latest ransomware threats and how you can protect your organization from them.

Want to learn how you can benefit from integrating the MITRE ATT&CK framework into your SIEM?

During this Live Webinar, our experts will demonstrate how feeding data from a wide set of technologies including endpoint detection and response (EDR), antivirus/anti-malware and intrusion detection/prevention systems (IDS/IPS), can help you get the most out of your SOC.

You'll Learn:
• How to apply the latest common ATT&CK techniques in your SIEM
• Prioritise those techniques based on your business context, and
• 3 ATT&CK Use Cases you can easily apply

Save your spot!

The healthcare industry already faces a number of unique challenges and threats. The data that these organizations collect includes extremely sensitive — and therefore valuable — information, making those organizations a target among cyberattackers. As telemedicine continues to grow, healthcare providers will have to address the proliferation of these threats, as well as the new cybersecurity concerns that come with a rise in adoption.

Join this webinar to learn about the current telemedicine landscape and the future risks and requirements healthcare organizations will need to address if they want to secure ongoing and evolving telemedicine initiatives. You’ll hear from James Carder, LogRhythm’s CSO and former healthcare security director, and Kevin McDonald, a healthcare cybersecurity advisor with decades of experience in the industry.

You’ll learn:

• The current state of telemedicine
• The cybersecurity threats specific to telemedicine
• Future risks and requirements of securing telemedicine
• Examples of how your team can best use its tools to monitor for these risks

Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

These include:

• Integrating endpoint detection for improved threat hunting capabilities
• Combining logical and physical authentication to spot anomalous access
• Automating detection and response to Phishing attacks
• Detecting possible indicators of bit-coin mining
• Improving incident response times through audio and visual alerting

Join this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.

Looking to take the next step in your career? Find out how others paved the way for success in the security field.

In this roundtable, you'll hear from tenured security professionals on how they established their careers, overcame obstacles, and ascertained new roles and promotions. Most careers in cybersecurity are anything but linear. Learn how to navigate your own path — with or without a "traditional" background.

Panelists included Kevin McDonald, Principal Healthcare Cybersecurity Advisor at MedSec, Kyle Dimitt Compliance Research, Senior Engineer at LogRhythm, and Sam Straka, Manager, Product Owners at LogRhythm.

Watch the on-demand webinar today to find out how to achieve your career goals in the world of security.

APT29, or Cozy Bear, is well-known for its alleged infiltration of the U.S. Democratic National Committee in 2016.

While the 2020 U.S election security may not be relevant to your organization, it's worthwhile to be familiar with the threat group; other actors can easily implement many of its behaviors to target organizations across industries.

During this webinar, Randy Franklin Smith from Ultimate Windows Security and LogRhythm Labs' Threat Research team will:

- Provide a holistic overview of APT29 and its notable activities
- Share commonly-used TTPs that other threat actors can easily implement
- Demonstrate how to identify and remediate threats resulting from these TTPs

In this webinar, Leonardo Hutabarat, LogRhythm Sales Engineer & Solution Architect, Scott Jarkoff, Crowdstrike Strategic Threat Advisory Grp Director, APJ & EMEA and Sanket Bhasin, Crowdstrike Cyber Security Consultant, discuss how you can apply MITRE ATT&CK for rapid threat detection and response within your IT environments’ most crucial areas. You’ll see a live demo of incident response in action on the LogRhythm NextGen SIEM Platform with seamless Crowdstrike integration.

Save your spot to see it in action.

Presenters: Leonardo Hutabarat, LogRhythm Sales Engineer & Solution Architect, Scott Jarkoff, Crowdstrike Strategic Threat Advisory Grp Director, APJ & EMEA, Sanket Bhasin, CrowdStrike Cyber Security Consultant

MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including:

- Initial Access: Get into your network
- Persistence: Maintain their foothold
- Privilege Escalation: Gain higher-level permissions
- Defense Evasion: Avoid being detected
- Credential Access: Steal account names and passwords
- Discovery: Figure out your environment
- Lateral Movement: Move through your environment
- Collection: Gather data of interest to their goal
- Exfiltration: Steal data

The only ones missing at this time are:

- Execution: Run malicious code
- Command and Control: Communicate with compromised systems to control them
- Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data.

In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework.

Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment:

- T1114: Email Collection
- T1534: Internal Spearphishing
- T1098: Account Manipulation
- T1136: Create Account
- T1192: Spearphishing Link

Watch this on-demand technical session for the latest ways to protect your cloud resources with MITRE ATT&CK.

COVID-19 has caused businesses across industries to implement remote work policies. But what new security concerns should be on their radar because of this?

In the webinar, we will discuss how to:
•Secure your remote users and mitigate common attack vectors
•Achieve pervasive network visibility even in complex environments
•Realize rapid threat detection and response with LogRhythm & Gigamon integration

Presenters:
Leonardo Hutabarat, LogRhythm Enterprise Sales Engineer,
Ng Yeok Chong, Gigamon APJ Sales Engineering Director,
Eugene Lee, Exclusive Networks, Product Manager

Women are rising through the cybersecurity ranks to become recognised leaders, experts and mentors. The 2020 SANS Women in Cybersecurity Survey drew on the shared experiences of successful women in cybersecurity to provide practical advice on becoming leaders in their organisations.

Join this webinar to learn why opportunities for women in security have never been better, including survey data points such as:

- More than 70% of respondents feel respected by their teammates
- 64% report that they are sought out for their opinions on cybersecurity issues
- 37% are advancing rapidly, moving into a senior position within one to four years

In this webinar, we'll discuss gender bias, the effects of mentorship and practical advice on how to get ahead.

Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

These include:

• Integrating endpoint detection for improved threat hunting capabilities
• Combining logical and physical authentication to spot anomalous access
• Automating detection and response to Phishing attacks
• Detecting possible indicators of bit-coin mining
• Improving incident response times through audio and visual alerting

Join this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.

As cyberattacks continue to make headlines worldwide, organisations that neglect the importance of fusing a pervasive security culture containing effective SecOps processes with skilled team players committed to do their very best are making a catastrophic error in judgement.

A proliferation of security technologies alone – even if they are correctly configured – will never stop cyberattacks or protect an organisation from a possible data breach, unless the correct playbooks are implemented and consistently operated by a skilled, motivated team with full backing of the board of directors.

Leading a cybersecurity team requires recruiting and retaining talent, developing the right strategy and fostering a culture of success. All while managing critical relationships with the board and other fickle stakeholders.

In this webinar, Dan Crossley and Kevin Eley are joined by guest industry speakers Michael Brown and Andy Johnson as they discuss the key attributes of a successful cybersecurity leader. The discussion will include:

•The importance of managing expectations with the board and implementing a robust infosec management system that must be measured
•Whether a security operations maturity model can assist an organisation on their journey to building a culture of security that reduces risk
•What – if any – lessons can the CISO learn from other walks of life

In light of COVID-19, we’re seeing businesses across industries implement remote work policies. This brings about new security concerns, many of which either weren’t considered or prioritized beforehand.

During this webinar LogRhythm experts including James Carder, CSO and VP of LogRhythm Labs, will review best practices for securing a remote workforce and what to expect when your employees make this kind of shift, whether it needs to happen now or in the future. Specific topics will include:

- Getting started with log collection for remote systems
- Priority use cases you should employ, such as monitoring VPN access and collaboration security
- The types and levels of activity you should expect to see on your network, depending on your industry
- The security awareness topics you should educate your employees on

We’ll also discuss the impacts we’re seeing from the rush to support remote work due to COVID-19. These reveal lessons that others can implement now or work into a future plan to support a rise in remote workers.

As a result of recent events and the COVID-19 pandemic, most organizations are implementing work-at-home policies. Yet company-wide remote environments present unique challenges for IT and cybersecurity professionals.

In this webinar, Rex Young, chief information officer, and Zack Rowland, strategic integrations engineer, reveal how LogRhythm rapidly migrated employees from in-office to remote work.

The two discuss the steps LogRhythm took to prepare for such an event and how they put that plan in action as remote work became necessary. Rex and Zack also answer questions posed to them to help others implement the same work-from-home environment while keeping IT and security best practices top of mind.

Topics covered during this webinar include:
• How LogRhythm prepared its IT and security operations to accommodate a global work-from-home event
• Q&A session to help IT and security teams accommodate a remote team
• How to balance business continuity with security measures
• IT and security implications to consider when implementing a work-at-home set-up

Register today!

Cloud computing has delivered on its promise. By moving operations online, organisations have become more agile and have accelerated time to market for innovations. The number of organisations migrating to the cloud continues to accelerate. Gartner predicts that 28 per cent of spending in key IT segments will shift to the cloud by 2022.

In this webinar, LogRhythm’s Andrew Hollister, Dan Crossley and Kevin Eley consider the cybersecurity implications for organisations that are seeking to embrace the cloud for doing business. They explore the options available to organisations to ensure the risks from cloud-borne cyberattacks are adequately reduced and mitigated.

Attend this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for stopping cyberattacks to protect your organisation, and if you have cloud-first initiatives in your business.

Many successful attacks begin with a phishing email that some user falls for. And that’s why MITRE prominently features Spearphishing (T1192) as an Initial Access technique in ATT&CK.

In this webinar, LogRhythm and Ultimate Windows Security explore the latest phishing techniques used by attackers and how MITRE ATT&CK can help detect and remediate these threats.

In this on-demand webinar, we’ll show you actual examples of phishing attempts executed through:

- Legitimate file-sharing sites
- Fake Office 365 websites
- Spoofed executive emails
- The baseStriker vulnerability

Watch now to learn more.

“If you know the enemy and know yourself you need not fear the results of a hundred battles” - Sun Tzu. The MITRE ATT&CK knowledge base provides a mechanism to understand the tactics employed by adversaries to compromise systems and ultimately exfiltrate data.

In this webinar, Kev Eley and Dan Crossley outline genuine attack scenarios in the context of ATT&CK and discuss effective techniques for thwarting bad actors.

Watch this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for stopping cyberattacks to protect your organisation.

Certain vendors, some industry commentators and even some security professionals in enterprises proclaim that SIEM is no longer relevant and can be replaced by other controls. What fuels this speculation? And is it accurate?

In this webinar, Kevin Eley and Daniel Crossley will

- discuss the reasons why elements of the security community have become disillusioned with SIEM longing for its demise
- outline the reasons why SIEM can deliver on its promise if undertaken correctly.

If the volume of data in your environment is expanding exponentially, you have likely been surprised to see a rise in your SIEM contract each year. You may have even had to make the difficult — and risky — decision of which data not to protect to stay within your budget. Starting now, you don’t have to.

With LogRhythm’s new True Unlimited Data Plan, your organization will pay one price to protect all data, users, and systems, even if those numbers increase year to year.

Join Optiv and LogRhythm as we discuss how the True Unlimited Data Plan can help you reduce risk in your environment without spending millions of dollars to do so.

This webinar will review how together, Optiv and LogRhythm can help you overcome the following challenges:

> Increased headcount: more people means more data.
> Infrastructure growth: adding networking and hardware increases your log volumes.
> Increased revenue: the more your organization is worth, the larger the target it becomes.
> Cloud-first initiatives: apps in the cloud generate more logs.