Name: Securing the Supply Chain with Multi-Signal Defense Kill Chain
Start: 2023-01-30T14:53:00Z
End: 2023-01-30T15:27:05.000Z
Location: BrightTALK
Rating: 0

eSentire, Inc. is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries, representing 35 industries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts, Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. 

For more information, visit http://www.esentire.com and follow https://twitter.com/eSentire.

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Rise of OneNote Abuse: How OneNote is being leveraged for malware delivery and recommendations on how to identify similar attacks.
- Silicon Valley Bank failure: IoCs and due diligence recommendations for SVB-related BEC/Phishing attacks 
- Updates on Qakbot, GootLoader, and SocGholish
- Notable vulnerabilities impacting FortiNAC, Carbon Black, and ZK Framework
- A brief update on cyberattacks related to ongoing geo-political tensions

March 2023 TRU Intelligence Briefing

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Threat Landscape: A review of recently observed malware by the SOC such as GootLoader, Qakbot, and More_Eggs and notable vulnerabilities impacting VMware (CVE-2022-31706, CVE-2022-31704), Zoho (CVE-2022-47966), and Git (CVE-2022-23521, CVE-2022-41903)
- A brief update on cyberattacks related to ongoing hybrid war in Ukraine, including recent wiper attacks
- ChatGPT – Myths & Malware: Overview on what ChatGPT is, its impact on cybersecurity, eSentire’s response, and predictions for the future
- Tactical Threat Response (TTR) – Fortinet Authentication Bypass Vulnerability (CVE-2022-40684): Overview on threat hunts, specifically on the exploitation of the Fortinet Authentication Bypass Vulnerability

February 2023 TRU Intelligence Briefing

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Threat Landscape: A review of recently observed malware by the SOC such as Socgholish, Raspberry Robin, and IcedID and notable vulnerabilities impacting Fortinet (CVE-2022-42475), Citrix (CVE-2022-27518) and Microsoft (CVE-2023-21674)
- A brief update on cyberattacks related to ongoing geo-political tensions
- Year in Review: A discussion on the top threats and attack methods for 2022, and insights into 2023
- Tactical Threat Response (TTR) Roadmap: A review of new platforms and detections in 2022, and what's to come in 2023

January 2023 TRU Intelligence Briefing

Recent geopolitical climate has played an important role in how adversaries are targeting their victims. As geopolitical tensions rise, so do threats from state-sponsored adversaries. Battle lines have been redrawn and state-sponsored threat actors are adapting new tradecraft and targets to respond to global trends.

In this live webinar, join Ryan Westman, Sr. Manager, Threat Intelligence at eSentire, and Cameron Buriani, Sr. Solutions Architect, Team Lead at CrowdStrike, as they share their insights on how geopolitical tensions have impacted the evolution of cybercrime.

Key takeaways include:
- The key drivers of state-sponsored cyberattacks
- Notable trends in ransomware, as observed by eSentire’s Threat Response Unit (TRU) and CrowdStrike
- How geopolitical tensions are giving rise to the weaponization of zero-day vulnerabilities, wiper malware, and more
- Recommendations to protect your organization against state-sponsored attacks

The Impact of Geopolitical Tensions on the Evolution of Cybercrime

New Federal Trade Commission (FTC) Safeguards Rule requirements come into effect in June 2023. Under the new regulations, automotive dealerships are considered non-banking financial institutions and must comply with the updated requirements.

Given that dealerships are considered the retail operational fronts for the automotive industry, they are highly susceptible to cyberattacks that impact the financial, retail, and manufacturing industries.

Watch this webinar with Greg Crowley, CISO at eSentire to learn more about:
- How to achieve compliance with the FTC Safeguards Rule to protect customer information, including the 9 elements that auto dealerships must have in place as part of their information security program
- The two primary reasons that auto dealers are attractive targets for cyberattacks
- Potential GLBA penalties for non-compliance
- How eSentire can help you achieve compliance
- How eSentire Managed Detection and Response (MDR) addresses key automotive industry challenges, including the results the automotive cybersecurity leaders can expect

Are Automotive Dealerships Ready for the FTC Safeguards Rule Update?

With Microsoft offering a cost-effective and highly integrated security stack that covers endpoint, email, cloud, identity and more, many organizations are replacing their legacy tools with Microsoft’s advanced security stack and getting the most out of their Office 365 investment.
To fully unlock the power of E5, cybersecurity leaders need to take advantage of the threat detection and investigation capabilities 365 Defender and Sentinel offer. Unfortunately, most organizations struggle with the in-house expertise and resources needed to operationalize and manage these tools. That’s where the role of an MDR provider becomes indispensable.

Watch this webiar to learn more about:
- What companies get with E5 licensing
- The Defender 365 and Sentinel toolset capabilities
- The response and remediation capabilities MDR can offer for Microsoft 
- How eSentire’s 24/7 MDR service leverages your existing investment in the Microsoft ecosystem to shrink threat actor dwell time and reduce your risk of business disruption

Unlocking Your E5 Investment with MDR for Microsoft

Safeguarding your legal firm from cyberattacks and threats caused by user execution takes an understanding of the threats, a robust cybersecurity program, and the contribution of all team members. To help your team in these pursuits, eSentire’s Threat Response Unit (TRU) has correlated key findings and threat trends based on global threat hunts across our global legal customer base. 

In this masterclass, Spence Hutchinson, Principal Threat Researcher, will share original research from TRU and recommendations on how you can protect your legal firm from specific industry threats. 

You’ll learn more about:
- Web-borne cyber threats that leverage attack techniques like search engine optimization (SEO) poisoning, compromised websites, and malicious downloads to gain initial access into your environment (e.g., GootLoader, SocGholish, and SolarMarker)
- Top email-borne threats used to dominate the legal industry’s threat landscape (e.g., Emotet, Qakbot, and IcecID)
- Tactical and strategic recommendations on how your organization can minimize risk and build a strong cybersecurity foundation with a multi-signal Managed Detection and Response strategy

Securing Law Firms Against The Top Web and Email-Borne Cyber Threats

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Threat Landscape: A review of recently observed malware by the SOC such as BumbleBee, FormBook, IcedID and notable vulnerabilities impacting Atlassian, VMware, and Fortinet
- A brief update on cyberattacks related to ongoing geo-political tensions
- Qakbot Fall Campaign: A deep dive into the Qakbot malware, including a recent fall campaign, eSentire’s observations of the threat, and associated Black Basta ransomware activity
- Tactical Threat Response (TTR) Offensive Security Tool Model: An overview from the TTR team on how eSentire develops detections for offensive security tools

December TRU Intelligence Briefing

When it comes to cloud migration, do you view security as a destination or a journey? Regardless of your answer, robust cloud security posture management means having visibility across your attack surface, the ability to identify and prioritize the most critical security violations and misconfigurations, and most of all, proactive response.

Join eSentire & Lacework for this fireside chat with two Bad SaaS Women talking all things cloud security. Tia Hopkins, Field CTO & Chief Cyber Risk Strategist at eSentire, will host a special edition of eSentire’s Cyber Talks series with Erin K. Banks, Senior Director of Product Marketing at Lacework, to share their unique perspectives on how cloud security and business strategy converge. This Cyber Talks session will also cover key considerations around Platform, Application and Infrastructure protection and focus on recommendations from eSentire & Lacework on how to best secure your cloud ambitions.

Key conversation topics will include:
- Are all cyber risks equal?
- The dynamic vocabulary of cloud security
- Matching cloud security models to business innovation strategies
- How to think about the detection and response of cloud based threats

Cyber Talks: Risk is Risk Is Cloud Security The Journey or The Destination?

In May 2022, Conti leaders shut down operations as a formal entity. Yet affiliate groups, Black Basta and BlackByte, have followed in Conti’s footsteps, carrying out destructive and damaging ransomware attacks against organisations globally.

41% of these victim organisations tracked on Black Basta and BlackByte leak sites are based in Europe, and the other 59% are primarily U.S.-based. Moreover, many of the Europe-based organisations targeted by Black Basta and BlackByte are part of critical infrastructure sectors including energy, transportation, pharmaceuticals, education, government, facilities, and food.

Join this webinar with Keegan Keplinger, Research and Reporting Lead at eSentire, as he walks through: 
- The background and history of the Conti ransomware group, how they have evolved, and the current state of their operations

- Notable Black Basta and BlackByte ransomware attacks on critical infrastructure sectors, and the subsequent damage to victim organisations 

- Recommendations from TRU on how to protect your organisation from this cyber threat 

Register now to reserve your spot and submit your related questions in advance for the live Q&A.

Keeping Up With Conti

With unparalleled access to valuable information across all facets of the public and private sectors, legal firms have been subject to cyberattacks leading to massive ransomware attack outages, public exposure, and crippling reputational damage.

To prevent your practice from becoming a victim of business disrupting cyberattacks, you need a robust cybersecurity strategy and the expertise to proactively detect and remediate these cyber threats. 

At eSentire, we work with law firms to protect over 14,000 attorneys in the ALM 100 and ALM 200. Our Managed Detection and Response (MDR) services hunt threats and suspicious activity to investigate in minutes and contain these attacks before they become business disrupting for you and your clients. 

In this product briefing, eSentire’s Senior Solution Architect, Nickolas Davie, will walk you through real case studies from CIOs at Hughes Hubbard & Reed and Quarles & Brady, and demonstrate how we combine cutting-edge machine learning XDR with 24/7 threat hunting expertise and security operations leadership to hunt and disrupt known & unknown threats with a 15-minute Mean Time to Contain (MTTC).

Making the Case for MDR at Your Law Firm

At most private equity firms, CIOs lack visibility into the security operations across all their portfolio companies. The fact is that portfolio companies have limited knowledge of their cyber risks and an equally limited cybersecurity budget.  

Unfortunately, cybercriminals understand this Private Equity/Portfolio Company dynamic well and many take advantage of limited visibility and budgets to execute targeted ransomware attacks that can disrupt business operations and damage brand reputation. 

Unless you’re prepared to defend against modern ransomware threats, your portfolio companies could be locked out of critical systems and applications for days. The resulting downtime can cost your firm $225K per day in downtime costs alone 

Join this exclusive Private Equity Threat Summit, to listen to: 

- Private Equity Threat Briefing
Presented by Ryan Westman, Senior Manager, Threat Intelligence, eSentire
Ryan will share our latest intelligence and research based on global threat hunts across eSentire’s global Private Equity customer base. 

- A Fireside Chat with Alex Manea, CISO at Georgian
Hosted by Eldon Sprickerhoff, Founder and Advisor, eSentire
Eldon and Alex will discuss the main cybersecurity challenges and top concerns Private Equity CISOs face, and share experiences and insights security leaders can leverage to address these challenges.

- Customer Perspectives
Presented by Mark Benaquista, Managing Partner, Thomas H. Lee Partners
Mark will provide his security leadership perspective as a customer, discussing the value eSentire’s provides his firm in ensuring a consistent security posture across portfolio companies with 24/7 MDR that provides proactive detection, disruption, and remediation of cyber threats before they become business disrupting events.

Securing Your Portfolio Investments from the Risk of Costly Downtime

Ransomware has become a topic of discussion globally as cybersecurity leaders grapple with the magnitude and impact of cyber risk and the threat of downtime revenue disruption to their business. 

Unless you’re prepared to defend against ransomware, these attacks result in your firm being locked out of critical systems and applications for days and even weeks. In many cases, the resulting downtime can cost upwards of $225K per day in revenue disruption.

In this masterclass, eSentire’s Field CTO & Chief Cyber Risk Strategist, Tia Hopkins shares her insights and recommendations on how you can prevent downtime based on your specific industry threats. We also compare the cost of downtime revenue disruption vs the cost of a 24/7 in house SOC vs the value of investing in 24/7 MDR. 

You’ll learn more about: 
- The top malware threats observed in the legal industry that lead to ransomware 
- The cost of downtime based on an organization’s size
- The costs of building, staffing and operating a 24/7 SOC in-house 
- How organizations can experience >70% in cost-savings with (eSentire) MDR

Downtime Revenue Disruption—The Most Costly Aspect of a Ransomware Attack

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Threat Landscape: A review of recently observed malware by the SOC such as SocGholish, LALALA Stealer, Raspberry Robin and notable vulnerabilities impacting OpenSSL (CVE-2022-3602), VMware (CVE-2021-39144), and Apache (CVE-2022-42889)
- A brief update on cyberattacks related to ongoing geo-political tensions
- Black Basta Ransomware: eSentire research on recent Black Basta ransomware activity and TTPs, and the association with Qakbot malware
- Tactical Threat Response: Detection information for Black Basta and associated threats

November TRU Intelligence Briefing

In this breakout session, presented at the National Association of Manufacturing (NAM) Leading Edge Cybersecurity Forum, Larry Gagnon, SVP Incident Response at eSentire shared:
 - The risks associated with relying on traditional Incident Response Plans or Tabletop Exercises and the importance of adopting pre-breach deployment response tools
- A case study on an auto parts manufacturer 
- Effective IR planning and preparation including why time to value is the most critical consideration in building your response
- Recommendations on how to build cyber resiliency and minimize downtime due to a cybersecurity breach

Downtime Revenue Disruption: The Most Costly Aspect of a Ransomware Attack

In this workshop, presented at the National Association of Manufacturing (NAM) Leading Edge Cybersecurity Forum, Eldon Sprickerhoff, Founder and Advisor at eSentire shared:
- Threat research from eSentire’s TRU team on the top techniques ransomware groups are leveraging, and new observations from recent Conti ransomware gang attacks
- The challenges organizations face and the consequences of supply chain attacks
- A case study on Log4j
- Recommendations on how organizations can minimize supply chain risk
- The importance of your people, process, and technology (PPT) in building cyber resilience 
- How to leverage the pragmatic security event management playbook to navigate common cybersecurity scenarios and enrich your current IR plan

Securing Your Manufacturing Organization Against Future Supply Chain Attacks

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Threat landscape: A review of recently observed malware by the SOC such as Qakbot, Gootloader, BatLoader, and notable vulnerabilities impacting Microsoft (CVE-2022-41033 & CVE-2022-37968), and Fortinet (CVE-2022-40684)
- A brief update on cyberattacks related to ongoing geo-political tensions
- ProxyNotShell Vulnerabilities (CVE-2022-41040 and CVE-2022-41082): Background, details, and detections
- eSentire MDR for Log: Recent platform expansions

October TRU Intelligence Briefing

In this webinar, Spence Hutchinson, Principal Threat Researcher with eSentire’s Threat Response Unit (TRU), Spence discusses:
- The top cyber threats observed from our manufacturing customers from 2022 and key takeaways from the incident data
- Why ransomware is a top concern for the manufacturing sector
- Initial Access techniques and code execution trends from 2022
- How InfoStealers are emerging as a threat type, what their role is in the cybercrime ecosystem, and how they are achieving a foothold inside of networks
- Tactical and strategic recommendations on how your manufacturing organization can manage initial access risks, minimize supply chain risks, and build a strong cybersecurity foundation

Securing the Supply Chain with Multi-Signal Defense Kill Chain

Cyber Attacks

Cyber Intelligence

Manufacturing

Supply Chain

Cyber Threats

Threat Analysis

Ransomware

Cyber Crime

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Securing the Supply Chain with Multi-Signal Defense Kill Chain

Presented by

About this talk

More from this channel