Name: Automating Threat Detection and Response with Azure Sentinel
Start: 2021-12-01T18:00:00Z
End: 2021-12-01T18:00:52.000Z
Location: BrightTALK
Rating: 0

eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks.  
For more information, visit www.esentire.com and follow @eSentire

In this webinar, Derek Thomas, Director, Tactical Threat Response at eSentire will discuss: 
- Why operationalizing threat hunting is important to create a systematic and proactive approach to threat detection and response.
- How the outcomes of each phase of the “Global Threat Framework” supports the Detect and Respond functions, and how our Threat Response Unit (TRU) puts them into practice for proactive threat hunting and 24/7 threat detection and response.
- Challenges in implementing a Threat Detection and Response program, including expertise, visibility, and response.
- Recommendations on how your organization can leverage proactive threat hunting and multi-signal Managed Detection and Response (MDR) to improve your ability to detect and respond to cyber threats.

Reactive to Proactive: Leveraging NIST for Improved Threat Detection & Response

During the April TRU Intelligence Briefing, our Threat Response Unit (TRU) reviewed:
- Search Ad Evolution: eSentire TRU researchers discuss threat actor developments related to the use of malicious search ads to distribute malware.
- ScreenConnect Exploitation: An overview of the recently exploited ScreenConnect vulnerabilities (CVE-2024-1709/CVE-2024-1708), including details on real-world attacks and eSentire’s response & recommendations.
- Updates on More_eggs, Koi Loader and Agent Tesla.
- Notable vulnerabilities impacting Fortinet, JetBrains Team City and XZ Utils.
- A brief update on notable cyberattacks related to ongoing geo-political tensions.

April 2024 TRU Intelligence Briefing

In this webinar, Spence Hutchinson, Staff Threat Intelligence Researcher at eSentire will discuss:
- The top trends eSentire’s Threat Response Unit (TRU) has observed about Ransomware-as-a-Service and the DW providers that enable attacks including initial access brokers, credential markets and information stealing malware.
- Why leveraging proactive threat intelligence and research is critical to stay ahead of the evolving threat landscape, inform your cybersecurity strategies, and reduce cyber risk.
- Why real-time DWM and correlation are important for threat context to inform decisions based on data residing in DW networks.
- How to correlate your business’s internal security context with deep and dark web threat intelligence to predict threat actor moves and extend visibility into early Indicators of Compromise (IOC) with the power of eSentire’s DWM service with MDR.

From Defense to Offense: Leveraging Threat Intelligence & Dark Web Monitoring

During the March TRU Intelligence Briefing, our Threat Response Unit (TRU) reviewed: 
- Threat Landscape: A review of malware recently observed by eSentire’s SOC such as Bloody Ransomware, Sorillus RAT, and Rusty Stealer, as well as notable vulnerabilities impacting ConnectWise (multiple), Outlook (CVE-2024-21413), and JetBrains (CVE-2024-27199).
- A brief update on notable cyberattacks related to ongoing geo-political tensions.
- Deepfake Video Phishing: eSentire TRU researchers detail a recent deepfake phishing incident that cost a Hong Kong company $25M and share advice on how to avoid becoming the next victim.
- Active Phishing Techniques & Security Recommendations: A review of several active phishing techniques and security recommendations from eSentire’s Tactical Threat Response (TTR) team.

March 2024 TRU Intelligence Briefing

During the February TRU Intelligence Briefing, our Threat Response Unit (TRU) reviewed:
- Threat Landscape: A review of malware recently observed by eSentire’s SOC such as Atomic Stealer, Ducktail, and SocGholish, as well as notable vulnerabilities impacting Ivanti (CVE-2023-46805, CVE-2024-21887, CVE-2024-21893), Atlassian (CVE-2023-22527), and Apache (CVE-2023-46604).
- A brief update on notable cyberattacks related to ongoing geo-political tensions.
- Ransomware Readiness: A discussion of highlights and key takeaways from eSentire's newly released ransomware report.
- Initial Access – Exploiting Public Facing Applications: Observations associated with ongoing exploitation of edge devices and eSentire responses and best practices to follow.

February 2024 TRU Intelligence Briefing

In this webinar, presented in partnership with SC Media, Keegan Keplinger, Sr. Threat Intelligence Researcher at eSentire, Paul Asadoorian, Principal Security Evangelist at Eclypsium, and Bill Brenner, VP, Content Strategy at CyberRisk Alliance, discuss lessons learned from recent ransomware attacks involving the MOVEit vulnerability and the cyberattacks on MGM/Caesars.

Ransomware Attack Lessons: From MOVEit to MGM/Caesars

During the January TRU Intelligence Briefing, our Threat Response Unit (TRU) reviewed: 
- Threat Landscape: A review of the most notable malware and vulnerabilities that eSentire observed throughout 2023.
- 2023 Year in Review and 2024 Outlook: Key takeaways on observed tactics and techniques that were prevalent in 2023 and insights into what the eSentire Threat Intelligence team expects to be observed in 2024.
- Tactical Threat Response – 2023 Recap & Looking Forward: A discussion of new research and platforms supported by the eSentire Tactical Threat Response team in 2023, and a look into the 2024 roadmap.

January 2024 TRU Intelligence Briefing

During the December Threat Intelligence Briefing, our Threat Response Unit (TRU) reviewed:
- Ransomware Roundup: An overview of Tactics, Techniques and Procedures (TTPs) of three ransomware cases, their access methods, key takeaways, and strategies to defend against these attacks.
- eSentire recommendations that your organization can take to reduce risk and assist in the proactive prevention of ransomware threats.
- Updates on DanaBot, FakeBat, and AsyncRAT.
- Notable vulnerabilities impacting ownCloud, Google, and Microsoft.
- A brief overview on cyberattacks related to the ongoing geo-political tensions.

December 2023 TRU Intelligence Briefing

During the November Threat Intelligence Briefing, our Threat Response Unit (TRU) reviewed:
- QR Code Phishing: Overview of the uptick in QR code phishing attacks (also known as quishing), what they look like, and how threats like DadSec Phishing-as-a-Service (PhaaS) are abusing them.
- eSentire observations and response actions related to Adversary-in-the-Middle (AiTM) attacks and best practices to defend against these attacks.
- Updates on PikaBot, Customer Loader, and Nitrogen Campaign.
- Notable vulnerabilities impacting Atlassian, Citrix, and F5 BIG-IP Vulnerabilities.
- A brief overview on cyberattacks related to the ongoing geo-political tensions.

November 2023 TRU Intelligence Briefing

Watch this webinar to learn how eSentire and Deep Instinct’s partnership is disrupting the MDR market with a new cost-effective endpoint protection platform for SMBs.

Proactive, Prevention-First Protection is Possible

Watch this webinar to learn about the top cloud security challenges that organizations face and how MDR can strengthen your cloud security posture.

Detecting and Responding to Threats in the Cloud

Join Michael Ludgate, Adam Leipold, and CJ Dietzman in this fireside chat as they discuss: 

- How cyber insurers and enterprise organizations evaluate cyber risk
- Security leader considerations for insurability requirements, which will enable organizations to take advantage of the protection that cyber insurance can provide
- How cyber insurance can help protect businesses against the evolving cyber threat landscape

Navigating Risk Reduction and Cyber Insurance

During the October Threat Intelligence Briefing, TRU discussed: 
- Lockbit Ransomware Attacks: Overview of recent attacks, based on eSentire observations and Dark Web Monitoring, including the threat actor’sir use of Remote Monitoring and Management (RMM) tools, and the Valid Credentials initial access vector
- Observations of Lockbit’s use of RMM tools, and recommendations/best practices for defending against this threat
- Updates on Solarmarker, PlugX, and Socgholish malware
- Notable vulnerabilities impacting Libwebp, curl & libcurl, and WS_FTP Server
- A brief overview on cyberattacks related to ongoing geo-political tensions

October 2023 TRU Intelligence Briefing

In this fireside conversation, Tia Hopkins, Chief Cyber Resilience Officer & Field CTO at eSentire, and Eldon Sprickerhoff, Founder & Advisor at eSentire, discussed what we can learn from the SEC’s recent Final Rule and the updates that the SEC is proposing for RIAs with regards to risk assessments, threat and vulnerability management, incident response and recovery, and what RIAs should keep top of mind to ensure compliance with the new rules.

How to Start Preparing for the SEC’s New Cyber Risk Management Rules

In this webinar, Greg Crowley, CISO at eSentire, Dustin Hillard, CTO at eSentire, and Alexander Feick, VP, eSentire Labs, will share their insights on how security leaders can effectively use generative AI technologies across their organizations without compromising their cybersecurity.

Securing the Future with eSentire: Harnessing the Potential of Generative AI

During this month's Threat Intelligence Briefing, our Threat Response Unit reviewed:
- Phishing Attacks 101: Overview of motivations, capabilities, tools, and services that enable threat actors to steal credentials
- Observations of AiTM attacks leading to follow-on Business Email Compromise (BEC) activities and the associated detections from TRU
- Updates on Lumma Stealer, DarkGate, and Private Loader malware
- Notable vulnerabilities impacting WinRar, Ivanti, and Citrix
- A brief overview of notable changes in the cybercrime landscape

September 2023 TRU Intelligence Briefing

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Threat Landscape: A review of recently observed malware by the SOC such as Raspberry Robin, SolarMarker and SectopRAT, and notable vulnerabilities impacting Citrix (CVE-2023-3519), Invanti (CVE-2023-35078, CVE-2023-35081) and Zimbra (CVE-2023-3870)
- A brief overview on cyberattacks related to ongoing geo-political tensions.
- BatLoader Malware – background on the threat and current MSIX campaign, including brand impersonation, targets, and abuse of code signing certificates.
- Tactical Threat Response (TTR) – BatLoader Malware: eSentire response actions relating to BatLoader and recommendations/best practices for defending against this threat.

August 2023 TRU Intelligence Briefing

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Nitrogen Campaign: Details on a recent campaign discovered by eSentire 
- Overview of Pyramid, including associated TRU detections and recommendations
- Updates on GootLoader, Sorrillus RAT, and Rusty Stealer
- Notable vulnerabilities impacting MOVEit Transfer, Fortinet, and Microsoft
- A brief update on cyberattacks related to ongoing geo-political tensions.

July 2023 TRU Intelligence Briefing

As more businesses move to Azure for their cloud computing, there is a growing gap in visibility of the security of cloud resources. Azure Sentinel is the cloud-native SIEM solution from Microsoft. Turning it on potentially means another location for piles of logs and noise.

Attend this session to learn how to get the most from Sentinel at the least cost. Threat hunting, vulnerability discovery, and advanced analytics will all be covered. Learn how to use “Azure Sentinel Analytics” to identify correlations and anomalies in data from hybrid and even multi-cloud environments.

Automating Threat Detection and Response with Azure Sentinel

Azure

Incident Response

Managed Detection and Response

SecOps

Threat Detection

Threat Hunting

Vulnerabilities

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Automating Threat Detection and Response with Azure Sentinel

Presented by

About this talk

More from this channel