Name: Splunk Threat Research: Cloud Federated Credential Abuse & Cobalt Strike
Start: 2021-09-24T10:25:00Z
End: 2021-09-24T10:25:21.000Z
Location: BrightTALK
Rating: 1

Splunk helps make organizations more resilient. Leading organizations use our unified security and observability platform to keep their digital systems secure and reliable. Organizations trust Splunk to prevent security, infrastructure, and application issues from becoming major incidents, absorb shocks from digital disruptions and accelerate digital transformation.

Fouad Latrech, Global CTO, revient sur son arrivée chez Decathlon en 2019. Avec une ruée sur le sport pendant le confinement, le pic de trafic en ligne l’a poussé à devoir stabiliser en urgence l’infrastructure des plateformes eCommerce. Une marche forcée vers le digital qui a conduit l’entreprise à repenser durablement la notion de stock, les offres produits, les business models ou l’innovation. Il évoque également d’autres défis à l’international, comme les risques cyber, la compliance, ou encore la gouvernance.

Épisode 3 : Decathlon : une culture agile à l'international

Arrivée chez le géant de la grande distribution en plein confinement, Katia Statuto, RSSI chez Carrefour, nous raconte dans cet épisode l’accélération forcée vers le e-commerce, l’accompagnement à la résilience des consommateurs ou encore les limites de la régulation.

Comment Carrefour a transformé la crise sanitaire en tremplin pour se réinventer

Mit Karsten Mostersteg, ehemals Head of Global IT Service Operation der ISS Facility Services Holding GmbH, wo er den Grundstein für die heutige IT- und Prozesslandschaft legte, unter anderem indem er die Ablösung eines Full-Outsourcings realisierte.

In Folge 2 werfen wir einen Blick auf die Bedeutung des Themas Resilienz für den IT-Betrieb. Karsten hat im Zusammenhang mit zahlreichen M&As, Carve-Outs und Großkundenprojekten bei ISS Deutschland manchmal durchaus leidvoll erfahren, wie wichtig es ist, Störungen bewältigen zu können, um den Betrieb einer IT-Organisation aufrechtzuerhalten. Wir sprechen mit ihm darüber, was operative Resilienz aus Unternehmenssicht bedeutet und gehen der Frage nach, ob und wie sich digitale Resilienz im Unternehmen messen und damit ihre Wirkung belegen lässt. Karsten erklärt außerdem, warum Standards für ihn das A&O eines resilienten IT-Betriebs sind, wieso er ZDF gegenüber RTL den Vorzug gibt (Spoiler: wir sprechen hier nicht übers Fernsehen) und weshalb Resilienz nicht ohne Plan B funktioniert – also Rück- und Fehlschläge schlicht zum Unternehmensalltag gehören. Und er erklärt nicht zuletzt, wie dieser Plan B aussehen und was er enthalten muss.

Folge 2 | Resilienter IT-Betrieb: Was wirklich dazugehört.

Patrick Prosper, RSSI de Groupama, nous parle de son équipe, qui tente de résister à des chocs majeurs comme les cyber-attaques et les fuites de données, de la résilience comme un état d’esprit, d’une gestion de crise réussie, de DORA (mais pas l’exploratrice), et même de Wolverine !

Épisode 1 : Comment Groupama s’assure d’être résilient face aux crises

Folge 1 | Digitale Resilienz: Warum sie heute alternativlos ist.

Mit Petra Jenner, Senior Vice President und General Manager für Europa, den Nahen Osten und Afrika bei Splunk

In unserer ersten Episode begrüßen wir Petra Jenner, die mit uns die Bedeutung von Resilienz sowohl für individuelle Karrieren als auch für den dauerhaften Unternehmenserfolg diskutiert. Wir sprechen über Herausforderungen von Unternehmen, die in hybriden Multi-Cloud-Umgebungen agieren, sehen uns Lösungen für das wachsende Problem des Fachkräftemangels an und betrachten die Bedeutung von digitaler Resilienz und wie sie Unternehmen hilft, unausweichliche Disruptionen in ihren Geschäftsprozessen zu erkennen und erfolgreich zu bewältigen. Unter anderem stellen wir dabei erfolgreiche Beispiele von BMW, der DKB und Puma vor.

Folge 1 | Digitale Resilienz: Warum sie heute alternativlos ist.

Bien que l’Observabilité soit le dernier mot à la mode du monde « cloud native », il ne s’agit que d’une étape dans votre stratégie de résilience digitale. L’objectif de cette session est de comprendre comment étendre l’Observabilité aux services « métier», comment traduire ses KPIs techniques en impact commerciaux et comment fournir une  vraie visibilité de bout en bout, de l’application d’e-Commerce dans le cloud, au processus de fabrication (IoT) jusqu’à la facturation, en un seul et unique dashboard.

Speakers : 
Stéphane Estevez : EMEA Product Marketing Director
Pierrick Planchon : Staff Sales Engineer

La trilogie de l’observabilité -Episode 3: Observabilité la revanche des métiers

Toute approche d’observabilité commence par la collecte des données de télémétrie. Le projet open source, OpenTelemetry (OTel) s’est imposé comme le nouveau standard de facto du marché pour la collecte des logs, traces et métriques.
Lors de cette session, apprenez ce qu’est OTel, ses avantages et limitations, comment le déployer et surtout pourquoi ce sera votre dernier projet de collecte qui fera plaisir à vos équipes d’experts et réduira la dette technique de votre DSI.

Speakers : 
Stéphane Estevez : EMEA Product Marketing Director
Pierrick Planchon : Staff Sales Engineer

La trilogie de l’observabilité - Episode 2 : OpenTelemetry un nouvel espoir

Recent Enterprise Strategy Group (ESG) research reports that 90% of organizations are actively automating security operations processes to scale efforts alongside the exponential amount of data, networks, identities, and assets they need to protect.

However, sourcing the right tools—like SOAR—time, software development skills, and process immaturity all seek to stall these efforts. 

In this exclusive Fireside Chat session, experts from Deloitte and Splunk join Jon Oltsik, Distinguished Analyst & Fellow at ESG, to demystify the current state of security operations process automation, fueled by vendor agnostic ESG research, and to navigate these roadblocks. 

Register for the session—planned for October 19th at 1PM EST—to also learn: 
     • What are the key business cases for security operations process automation?
     • How are Splunk and Deloitte addressing common roadblocks in this area?
     • 5 SOAR use cases & benefits

The State of Security Operations Process Automation and SOAR

L’observabilité est le dernier “buzzword » du monde du DevOps, pourtant chaque éditeur et chaque entreprise en a sa propre définition. Le marché est plus confus que jamais. Lors de cette session nous aborderons les idées reçues, les pièges techniques à éviter et leurs conséquences pour les métiers ; vous serez en mesure de poser les questions qui fâchent, différencier l’observabilité du monitoring, et définir la première étape de votre stratégie d’observabilité grâce à des approches de type OpenTelemetry.

Speakers:
Stéphane Estevez : EMEA Product Marketing Director 
Pierrick Planchon : Staff Sales Engineer

La trilogie de l’observabilité - Episode 1 : Le côté obscur de l’observabilité

According to Enterprise Strategy Group (ESG), only 4% of organizations can deliver real-time data insights to business decision-makers, with another 45% reporting that it takes weeks or longer to provide these insights. Eliminating data silos and embracing modern analytics is essential for developing a resilient supply chain and quickly getting real-time data into the hands of decision-makers.

Join us in this fireside chat featuring supply chain experts from ESG, Accenture and Splunk to learn about:
• 3 common supply chain challenges and how you can overcome them
• Why data insights & analytics are key to creating more resilient supply chains
• How to use Generative AI for data insights

Building a Resilient Supply Chain with Splunk and Accenture

In this session, AWS and Splunk explore the role and importance of data and technology to overcome sustainability challenges and drive change for the future. We look at examples and discuss how businesses have advanced in not only looking at data but actually using data enabled end-to-end visibility to improve internal processes and customer outcomes.

We look at how businesses can utilise the building blocks already in place to continuously drive end-to-end sustainability initiatives, and how businesses could empower their internal teams to amplify change by allowing them to work from data insight.

Learn more about:

- How data could drive decisions and gap analysis in sustainability planning and execution
- The importance of end-to-end visibility in improving customer outcomes 
- How businesses could utilise the building blocks already in place to accelerate their sustainability initiatives
- How to evolve a data enabled approach to drive decision making towards true transformation

Presenters:

- Bryan Click | Editor in Chief | Computer Weekly
- Mark Woods | Chief Technical Advisor EMEA | Splunk
- Hilary Tam | Principal, Sustainability & Innovation | AWS

The Role of Technology and Sustainability and Where to Start

McLaren’s Shadow Esports team has worked over the last several years in partnership with Splunk to bring data to F1 esports like never before. Join this live webinar to hear how McLaren leveraged their decades of racing expertise in partnership with technologists at Splunk to develop similar data-driven insights to help improve driver performance, pit strategy and overall race results. You’ll hear how Splunk developed custom data collection capabilities for these digital racing platforms to feed real time racing telemetry data into the Splunk platform to help deliver the competitive advantage McLaren knew lay hidden in data.

In this session, we will discuss:

How McLaren leveraged their racing heritage to lead in a digital native arena
The journey McLaren Shadow embarked on with Splunk to glean insights from dark data
Why McLaren continues to lean on Splunk’s Observability capabilities for competitive advantage in a digital first economy
Splunk is more to McLaren than a sponsor with a sticker on that beautiful F1 car. Splunk is a true technology partner helping McLaren use Observability to develop competitive advantage in F1 Esports and beyond!

How Splunk helps McLaren Shadow Gain Competitive Advantage in F1 Esports

With the constant threat of a war room looming, troubleshooting efforts consume our day with the complexity of finding and fixing issues before users are impacted — and having to manually sift through dozens of tools and their respective dashboards never feels effective, let alone efficient. As public sector organizations look to shift from a reactive ‘availability’ mindset toward an optimal AIOps-driven ‘predictive monitoring’ footprint, there are several key steps they must address to ensure success.

During this webinar, we will demonstrate the first steps of an optimal IT Modernization journey, including:


- Reducing the pain of tool sprawl with Splunk’s intelligent event correlation
- Implementing a ‘services monitoring’ mindset through correlation and contextualization of data sources
- How seamless integrations, such as with ServiceNow, improve collaborative remediation

Join us to learn more about how public sector agencies can use event correlation to unlock tremendous value, both in immediate cost savings and time spent investigating incidents, while shifting from a reactive to predictive mindset.

Modernize Your IT Operations with Splunk

Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for AI / Machine Learning based Analytics to supercharge threat detection and minimize the operational overheads of maintaining conventional static detection rules in large scale SOC. However, use of AI / Machine Learning in Security Operations is challenging due to the complex cyber security big data and numerous attacker techniques.

In this webinar, Muath Saleh and Hafiz Farooq (from Saudi Aramco) shall explain how to use the analytical power of Splunk to hunt for cyber and insider threats, and also utilizes the Splunk Machine Learning Toolkit (MLKT) for novelty and outlier detection from the noisy security datasets. This webinar purviews Saudi Aramco’s experience of using Splunk for handling security big data, and explains amazing key capabilities for effective operational security procedures and threat hunting.


In this session we discuss:

Emerging Security Needs & Emerging Big Data

Understanding the cyber security threat spectrum
Cyber Security is a Big Data
Best Practices for Handling Security Big Data

Machine Learning & Modern SOC

Supercharge Threat Detection with Algorithms
Machine Learning Use Cases
Optimal Machine Learning Workflow

Tech Talk: Security Edition Using Machine Learning for Hunting Security Threats

No matter how talented your team might be, there are only so many hours in the day that security professionals can devote to an ever growing sea of alerts and potential threats to your organization.

Machine-scale problems call for machine-scale solutions. Splunk Security, Orchestration, Automation and Response (SOAR) takes security analysts from overwhelmed to in-control and cuts down on menial and repetitive tasks, freeing up your team to tackle your most critical security tasks.

Join Splunk expert, Coty Sugg, for the Power Up Your Security Game with Splunk SOAR Webinar, and see how you can get started building the following five automation playbooks:


Investigate a URL
Investigate a domain
Enrich phishing alerts
Create a ticket, quarantine a host, and block a domain
Perform an end-to-end investigation from a risk notable received from Splunk Enterprise Security (SIEM)

Power Up Your Security Game with Splunk SOAR

The Splunk Threat Research team is dedicated to understanding malicious actor behaviour and researching known threats to build detections and analytics that the entire Splunk community can benefit from.

The latest analytics from the team cover Cloud Federated Credential Abuse of Active Directory Federation Services and between Cloud Providers. They also published an Analytics Story to enable detection of Malleable C2 profiles deployed via Cobalt Strike, an emulation software that Red Teams and pen testers use that recently got into the hands of adversaries.

Join this webinar to learn:
- Why Cloud Federated Credential Abuse has to be top of mind of every security team
- What Cobalt Strike is and what it takes to detect injected shellcode with Splunk
- How the Splunk Threat Research team works and how you can benefit from what they do

Splunk Threat Research: Cloud Federated Credential Abuse & Cobalt Strike

Cyber Threats

Security

IT Security

Cyber Defence

Security Analytics

Cloud Security

Cyber Crime

Data Analytics

Threat Detection

Cyber Incident Response

Get powerful e-commerce insights to grow your online transaction volume. Connect with thought leaders and colleagues to get the most up-to-date knowledge on the e-commerce strategies and techniques that drive growth.

E-commerce

The marketing community on BrightTALK is made up of thousands of engaged marketing professionals. Find relevant webinars and videos on marketing strategy, branding and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Marketing

Welcome to the mobile computing community on BrightTALK! With the consumerization of IT and the widespread adoption of mobile devices across the globe, mobile computing has become an important part of many people's lives in a culture of bring your own device (BYOD). With mobile devices doubling as work phones and more employees working from home, businesses need to provide secure access to data and work applications from anywhere at any time. Join this growing community and hear from industry thought leaders in webinars and videos as they share their insight on mobile computing research and trends.

Mobile Computing

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful insights on how to best serve today's customers. If you want to create a successful customer experience today, you will have to appeal to the need for “alone together” time. Millennials, Gen X, Boomers or Silent Generation all look for shared but individual experiences.

Customer Experience

The sales community on BrightTALK brings together thousands of engaged sales professionals. Learn about careers in IT sales and marketing, sales techniques and selling strategies. Join the discussion by participating in on-demand and live sales webinars and summits with leaders in the sales industry.

Sales

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Splunk Threat Research: Cloud Federated Credential Abuse & Cobalt Strike

Presented by

About this talk

More from this channel