Name: Threat Hunting: What Are The 7 Most Common Hunts?
Start: 2019-09-24T02:00:00Z
End: 2019-09-24T03:43:00.000Z
Location: BrightTALK
Rating: 5

Notice: LogRhythm APJ channel has moved!  Please note that this channel will not be updated with new content from 31 December 2020. We invite you to our new and improved LogRhythm channel, which can be accessed here: https://www.brighttalk.com/channel/12099/                      
                                                                                  At LogRhythm, we strive to provide our users and subscribers with the latest security tips & tricks available on-demand. Check out our latest talk: 
How to build an effective security program with limited resources: https://www.brighttalk.com/webcast/12099/460817

We’ve all seen the headlines – women make up 26% of all computing related jobs and for the cybersecurity industry, it’s even less at 20%. For women of color, it’s down to the single digits. 

During our RhythmWorld 2020 Security Conference, our distinguished panel of executives at the helm of leading cybersecurity companies including Sam King, CEO of Veracode, and Avani Desai, President of Schellman & Company, dive into the unique challenges women face in the industry, share their career journey and leadership philosophy, moderated by LogRhythm CMO Cindy Zhou.  

This panel aims to inspire young women to build a career in cybersecurity, and discuss how men can help by mentoring and partnering with women. Save your seat today.

Women in Security: Executive Panel

Looking to turn third-party threat research into actionable takeaways for your team?

Dan Kaiser and Sally Vincent from LogRhythm Labs walk through their process for reviewing third party reports using the real-world example of Maze ransomware. They demonstrate how threat research can be truly useful in protecting your organization from the latest developments in cyberattacks.

Discover how to:

- Turn threat details into new monitoring and threat hunting techniques
- Configure your security solution to incorporate those actionable takeaways
- Use samples of Maze that have been reverse engineered to test your newly configured solution

They also demonstrate how to map third-party threat reports to ATT&CK techniques that can be used to develop mitigation, detection and response actions including:

- Initial Access
- Execution
- Persistence
- Privilege Escalation
- Discovery
- Lateral Movement
- Impact

Save your seat to learn how to make the most of threat research.

Use Threat Research & MITRE ATT&CK to Turn Analysis into Action

During our RhythmWorld 2020 Security Conference, a panelist of five security executives met to discuss some of the major challenges, changes, and opportunities facing chief information security officers (CISOs) today.

The Modern and Evolving Security Leader: Security Executive Panel, explores insider secrets on:

•Building deeper organizational consensus
•Finding security advocates
•Boosting board buy-in
•And much more!

Register now to get the inside scoop from industry veterans James Carder, Karen Holmes, Kip James, Christopher Mitchell, and Dilip Singh.

The Modern and Evolving Security Leader: Security Executive Panel

Cyber attacks are exploding. This year, as of Q3 2020, 16 billion records have been exposed. This represents a 273% increase compared to the first half of 2019*.

LogRhythm, joined by Forrester Principal Analyst serving Security & Risk Professionals Jinan Budge, Unisys, and Blackberry Cylance, discuss how you can effectively achieve true cyber resilience.

Key Takeaways:
1. What is Zero Trust and its alignment to the NIST-CSF
2. How to detect, respond and mitigate common attacks (e.g. phishing) using a Zero Trust model
3. How an organization can embark on a successful Zero Trust journey and avoid common pitfalls.



* Source: Security Boulevard - https://securityboulevard.com/2020/08/5-biggest-data-breaches-of-2020-so-far

Increase Cyber Resilience with Zero Trust

Attacks on operational technology (OT) have been on the rise for decades. Most recently, attackers have wreaked havoc on healthcare systems and medical devices, SCADA, IoT devices, industrial control systems, with exploits such as EternalBlue, SweynTooth, or ransomware variants. 
These attacks threaten national interests, and as OT continues to be vital in day to day operations, overall business continuity is also endangered. Governments and organizations worldwide have begun implementing programs and delivering mandates to protect critical infrastructure and business operations.

James Carder, CSO & VP, LogRhythm Labs, discusses ways to evaluate risk, and tips to protect OT.
He’ll discuss:
-  Key operational risks tied to various critical industries, and where OT threat landscape is headed
-  3 practical steps to improve your OT cybersecurity strategy
-  6 example cybersecurity OT use cases (e.g. real-time monitoring of SCADA, water systems, telehealth, OT/IT convergence)

Managing Security and Operational Risk in Critical Infrastructure

Today, ransomware attackers won’t simply back down if an organization refuses to pay the demanded sum in order to get their files back. Even companies who have great backups and a fast recovery process are vulnerable to an emerging strategy: exfiltrating the victim’s most private data before demanding ransom. If the victim refuses payment and initiates restoring their systems, the attacker reveals what information they have exfiltrated and threatens to post it online if the ransom goes unpaid.

That threat is a completely different from the standard ransomware threat. This is because we’ve now shifted from an Integrity and Availability threat to a Confidentiality threat. And of course there is the possible nightmare of privacy and other compliance regulations depending on the nature of the data that’s been exfiltrated.

During this webcast, Randy Franklin Smith from Ultimate Windows Security provides an overview of some recent high-profile attacks that have employed this strategy, including those against Honda, Xerox and Garmin. He also discusses detection methods and MITRE ATT&CK® techniques commonly used in ransomware attacks, such as:

- Phishing (T1566)
- System Services (T1569)
- Command and Scripting Interpreter (T1059)

Then, Brian Coulson from LogRhythm’s Threat Research team demonstrates how to detect and respond to these types of threats using MITRE ATT&CK, UEBA capabilities, and more.

Register for the webcast to learn about the latest ransomware threats and how you can protect your organization from them.

Keeping Pace with Ransomware Tactics and Strategies: Lessons Learned from 1 Year

Want to learn how you can benefit from integrating the MITRE ATT&CK framework into your SIEM?

During this Live Webinar, our experts will demonstrate how feeding data from a wide set of technologies including endpoint detection and response (EDR), antivirus/anti-malware and intrusion detection/prevention systems (IDS/IPS), can help you get the most out of your SOC.

You'll Learn:
• How to apply the latest common ATT&CK techniques in your SIEM
• Prioritise those techniques based on your business context, and
• 3 ATT&CK Use Cases you can easily apply

Save your spot!

MITRE ATT&CK in the SIEM – An Update in SIEM Alignment

The healthcare industry already faces a number of unique challenges and threats. The data that these organizations collect includes extremely sensitive — and therefore valuable — information, making those organizations a target among cyberattackers. As telemedicine continues to grow, healthcare providers will have to address the proliferation of these threats, as well as the new cybersecurity concerns that come with a rise in adoption.

Join this webinar to learn about the current telemedicine landscape and the future risks and requirements healthcare organizations will need to address if they want to secure ongoing and evolving telemedicine initiatives. You’ll hear from James Carder, LogRhythm’s CSO and former healthcare security director, and Kevin McDonald, a healthcare cybersecurity advisor with decades of experience in the industry.

You’ll learn:

• The current state of telemedicine
• The cybersecurity threats specific to telemedicine
• Future risks and requirements of securing telemedicine
• Examples of how your team can best use its tools to monitor for these risks

Securing Telemedicine: The Current Landscape and Future Risks

Without rapid and accurate threat detection, your mean time to detect and respond to damaging cyberattacks is compromised, allowing attackers time to steal your organisation’s sensitive data. From collecting security and log data to utilising machine analytics, your team can effectively reduce the time it takes to discover threats on your network.

In our webinar Jake Anthony and Simon Hamilton from LogRhythm outline five practical use cases to enhance threat detection and response with your existing tools.

These include:

• Integrating endpoint detection for improved threat hunting capabilities
• Combining logical and physical authentication to spot anomalous access
• Automating detection and response to Phishing attacks
• Detecting possible indicators of bit-coin mining
• Improving incident response times through audio and visual alerting

Join this webinar: if you are a SOC manager, security analyst, security architect and you are responsible for managing your organisations cybersecurity.

Five practical use cases to enhance threat detection and response

Looking to take the next step in your career? Find out how others paved the way for success in the security field.

In this roundtable, you'll hear from tenured security professionals on how they established their careers, overcame obstacles, and ascertained new roles and promotions. Most careers in cybersecurity are anything but linear. Learn how to navigate your own path — with or without a "traditional" background.

Panelists included Kevin McDonald, Principal Healthcare Cybersecurity Advisor at MedSec, Kyle Dimitt Compliance Research, Senior Engineer at LogRhythm, and Sam Straka, Manager, Product Owners at LogRhythm.

Watch the on-demand webinar today to find out how to achieve your career goals in the world of security.

Experiences from the Trenches: Security Career Roundtable

APT29, or Cozy Bear, is well-known for its alleged infiltration of the U.S. Democratic National Committee in 2016.

While the 2020 U.S election security may not be relevant to your organization, it's worthwhile to be familiar with the threat group; other actors can easily implement many of its behaviors to target organizations across industries.

During this webinar, Randy Franklin Smith from Ultimate Windows Security and LogRhythm Labs' Threat Research team will:

- Provide a holistic overview of APT29 and its notable activities
- Share commonly-used TTPs that other threat actors can easily implement
- Demonstrate how to identify and remediate threats resulting from these TTPs

Anatomy of a Hacker Group: APT29 On-Demand Webcast with UWS

In this webinar, Leonardo Hutabarat, LogRhythm Sales Engineer & Solution Architect, Scott Jarkoff, Crowdstrike Strategic Threat Advisory Grp Director, APJ & EMEA and Sanket Bhasin, Crowdstrike Cyber Security Consultant, discuss how you can apply MITRE ATT&CK for rapid threat detection and response within your IT environments’ most crucial areas. You’ll see a live demo of incident response in action on the LogRhythm NextGen SIEM Platform with seamless Crowdstrike integration.

Save your spot to see it in action.

Presenters: Leonardo Hutabarat, LogRhythm Sales Engineer & Solution Architect, Scott Jarkoff, Crowdstrike Strategic Threat Advisory Grp Director, APJ & EMEA, Sanket Bhasin, CrowdStrike Cyber Security Consultant

MITRE ATT&CK for Threat Hunting and Detection

MITRE isn’t resting on their laurels with ATT&CK; they keep making it better. ATT&CK now includes cloud-specific content, and I don’t mean just generalized cloud guidance. Just like how ATT&CK has specific Techniques for Windows and Linux, ATT&CK’s cloud matrix defines Techniques specific to Office 365, Azure, AWS, Google, and others. It also covers most of the same Tactics found in the original ATT&CK matrix, including:

- Initial Access: Get into your network
- Persistence: Maintain their foothold
- Privilege Escalation: Gain higher-level permissions
- Defense Evasion: Avoid being detected
- Credential Access: Steal account names and passwords
- Discovery: Figure out your environment
- Lateral Movement: Move through your environment
- Collection: Gather data of interest to their goal
- Exfiltration: Steal data

The only ones missing at this time are:

- Execution: Run malicious code
- Command and Control: Communicate with compromised systems to control them
- Impact: Where the adversary tries to manipulate, interrupt, or destroy your systems and data.

In addition, MITRE’s cloud matrix already has over 40 different documented Techniques, and in this real training for free ™ event, Randy Franklin Smith of Ultimate Windows Security will provide an overview of the matrix and show you how it fits into the overall ATT&CK framework.

Then, members of LogRhythm’s Threat Research team — Brian Coulson, Dan Kaiser, and Sally Vincent — demonstrate how you can use the following 5 cloud Techniques to identify anomalies in an Office 365 environment:

- T1114: Email Collection
- T1534: Internal Spearphishing
- T1098: Account Manipulation
- T1136: Create Account
- T1192: Spearphishing Link

Watch this on-demand technical session for the latest ways to protect your cloud resources with MITRE ATT&CK.

5 MITRE ATT&CK Techniques for Office 365

COVID-19 has caused businesses across industries to implement remote work policies. But what new security concerns should be on their radar because of this?

In the webinar, we will discuss how to:
•Secure your remote users and mitigate common attack vectors
•Achieve pervasive network visibility even in complex environments
•Realize rapid threat detection and response with LogRhythm & Gigamon integration

Presenters:
Leonardo Hutabarat, LogRhythm Enterprise Sales Engineer,
Ng Yeok Chong, Gigamon APJ Sales Engineering Director,
Eugene Lee, Exclusive Networks, Product Manager

Cybersecurity in the Age of Digital Transformation

Exploring 5 Techniques from the MITRE ATT&CK Cloud Matrix Specific to O365

Women are rising through the cybersecurity ranks to become recognised leaders, experts and mentors. The 2020 SANS Women in Cybersecurity Survey drew on the shared experiences of successful women in cybersecurity to provide practical advice on becoming leaders in their organisations.

Join this webinar to learn why opportunities for women in security have never been better, including survey data points such as:

- More than 70% of respondents feel respected by their teammates
- 64% report that they are sought out for their opinions on cybersecurity issues
- 37% are advancing rapidly, moving into a senior position within one to four years

In this webinar, we'll discuss gender bias, the effects of mentorship and practical advice on how to get ahead.

Practical advice from SANS 2020 Women in Cybersecurity Survey

As cyberattacks continue to make headlines worldwide, organisations that neglect the importance of fusing a pervasive security culture containing effective SecOps processes with skilled team players committed to do their very best are making a catastrophic error in judgement.

A proliferation of security technologies alone – even if they are correctly configured – will never stop cyberattacks or protect an organisation from a possible data breach, unless the correct playbooks are implemented and consistently operated by a skilled, motivated team with full backing of the board of directors.

Leading a cybersecurity team requires recruiting and retaining talent, developing the right strategy and fostering a culture of success. All while managing critical relationships with the board and other fickle stakeholders.

In this webinar, Dan Crossley and Kevin Eley are joined by guest industry speakers Michael Brown and Andy Johnson as they discuss the key attributes of a successful cybersecurity leader. The discussion will include:

•The importance of managing expectations with the board and implementing a robust infosec management system that must be measured
•Whether a security operations maturity model can assist an organisation on their journey to building a culture of security that reduces risk
•What – if any – lessons can the CISO learn from other walks of life

Achieving a high-performing SOC - and being a successful cybersecurity leader

Dabble or Deep Dive: 7 Different Threat Hunts You Can Do With Available Resources

In this real training for free session, we will discuss the minimum toolset and data requirements (and not necessarily volume) you need for successful threat hunting. We will take into account that while some of you can devote most of your time to threat hunting, most of us have limited time and resources for this activity. The good news is that threat hunting is flexible and anyone can do it, ranging from a few hours a week to full-time. 

As just one example, a great type of threat hunting is to look for unrecognized/suspicious executables running on you network. You can dip your toe in the water with this type of hunt with a small commitment of time and resources or you can plunge in deep with a major data collection and analysis effort. Starting out simple means you just focus on EXE names; baseline the EXE names being executed on your network, and then perform a daily review of new EXE names showing up for the first time. You can get this information from event ID 4688 and the query capabilities are very light. But I think you’ll be surprised what you are able to learn and catch. 

We will take the same approach with a total of 7 types of threat hunting:

Recognizing suspicious software
Scripting abuse
AV follow-up
Lateral movement
Persistence
DNS abuse
Bait-the-bad-guy

LogRhythm is sponsoring this real training for free event and Nathan Quist (aka “Q”) is helping me on this event. Q is LogRythm’s Threat Research Engineer and works with LogRhythm’s internal SOC team and its clients to perform deep dives into their environments to uncover threats facing our industry.

Threat Hunting: What Are The 7 Most Common Hunts?

Threat Hunting

lateral movement

dns abuse

scripting abuse

LogRhythm

threat hunt

SIEM

Security Operations

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Threat Hunting: What Are The 7 Most Common Hunts?

Presented by

About this talk

More from this channel