The Healthcare CISO Journey through COVID-19

Cyberattacks are on the rise, and financial institutions using SWIFT and other payment mechanisms are increasingly becoming targets of sophisticated attackers.

Effectively detecting and identifying these advanced cyberattack activities in a complex SWIFT environment requires a big data analytics platform that can collect, enrich, analyze, and correlate/connect billions of disparate data points in real-time, as well as incorporate historical information to identify behavioral anomalies. This approach allows fraud and security analyst teams to concentrate on the most critical events.

Thomas Harrington, Securonix Board of Advisors, CISO Citi (ret.), Associate Deputy Director FBI (ret.), will moderate an interactive session with Securonix Threat Experts, Oleg Kolesnikov, VP of Threat Research, and Aditya Sundararam, Senior Director of Cyber Threat Analytics.

Join our panelists to learn about:
- The latest attack techniques used in financial services/SWIFT organizations' cyberattacks, such as Lazarus/BeagleBoyz/FASTCash v1/2, TA505, Carbanak, and others.
- Current trends observed in the wild to help better prepare for the "next generation" of financial services/SWIFT cyberattacks.
- Examples of some of the most effective detection behaviors your blue teams can look for to increase the chances of detecting some of the latest variants of these cyberattacks.
- How the Securonix behavior analytics approach can assist with detection and meeting compliance requirements.

Cyber threats continue to get more advanced. To proactively combat these threats, Security teams cannot simply rely on pre-baked detections. They need the ability to discover threats early and detect those hidden already in their environment, without waiting for an incident to happen.

The challenge, with legacy and on-premise solutions, is the architecture is not designed to support proactive and historical searches without major performance issues. Another challenge with legacy SIEM is the huge cost associated with searchable data retention.

Securonix's new search capabilities leverage the power of Amazon Web Services' (AWS) cloud-native and big data architecture to enable dynamic and long-term searches at a fraction of the cost, without any performance impact.

Join Nitin Agale, Senior Vice President, Products & Marketing, Securonix, and Patrick McDowell, Global Technical Lead, AWS to learn about how your organization can benefit from:

• Live Search to proactively detect threats on streaming data with virtually zero-latency.
• Long-Term Search to search across historical data at one-third of the cost.
• The security industry’s first Community-Powered Threat Hunting capability with ready-to-deploy collaborative workbooks utilizing threat intelligence from Securonix, and global communities such as MITRE, Sigma, and others.
• Out-of-the-box bi-directional integrations for Amazon Simple Storage Service (S3), Amazon CloudWatch, and Amazon GuardDuty.

With our perimeters expanding beyond the confines of the typical workspace, it has become increasingly evident and critical to monitor the threats posed using insider credentials. Regardless of whether the threats are accidental or intentional, they both ultimately lead to data theft or some form of service disruptions.

Major gaps in controls, logging, and monitoring cause organizations to be unaware of the different threats that already exist within their environments. Insider credentials with access to critical infrastructure and data, need to be closely monitored.

The best approach to detect these scenarios is to tie anomalies to an identity using a kill chain approach to model potential threat vectors and detect proactively.

Join Kayzad Vanskuiwalla, Principal Threat Hunter - Cyber Threat Analytics, Securonix and
Dharaninath Doppalapudi, Senior Vice President - Cyber Security, Accolite to learn how to:

• Identify gaps in logging and monitoring in order to be equipped to detect key threat vectors
• Identify and continuously monitor key assets, potential insider threat entities, and privileged accounts
• Detect the unknown threats via focused micro-threat models/kill chains, and shift your focus to anomalies and threats, instead of signatures
• Maintain GDPR compliance while monitoring as it pertains to the European Union and European Economic Area

In the past few years, Insider Threat has evolved in several aspects from how sensitive data leaves the organization to ways in which privilege access gets misused, creating risks for organizations to mitigate. The proliferation of cloud applications had made tracking and protecting sensitive data extremely challenging. Add to this the current remote work setup in the midst of COVID-19, and one can imagine how hard it is to track, monitor, and protect your crown jewels.

Insider threats can originate from malicious insiders or insiders that are simply negligent and do not follow best practices. Insider threats can also originate from compromised accounts that are controlled by an outsider. Given all the scenarios, monitoring solutions are forced to curate use cases in conjunction with purpose-built detection techniques in order to derive specific outcomes to be effective in detecting infractions.

This shift in behavior is becoming more evident as organizations ramp up visibility into how its employees and contractors use their assets and resources over time. Join Shareth Ben (Executive Director, Insider Threat &Cyber Threat Analytics, Securonix) and featured speaker Joseph Blankenship (Vice President, Research Director, Security & Risk, Forrester) to gain some insights into:

• How Insider Threat has evolved over time and the new challenges it presents.
• What are some of the most common Insider Threat behaviors observed in the field?
• Which detection techniques are effective in detecting nefarious behaviors within the organization?
• Walkthrough of the key trends and observations from the Securonix 2020 Insider Threat Report.

Organizations are experiencing a changing cyber threat landscape. Phishing and malware attacks are on a rise and more effective than ever before because of the fear factor and lack of in-person communication. Having a large workforce working remotely presents more risk of opening-up exploits and sensitive data leakage.
The lack of security controls, new unknown attacks, and insufficient training are creating a very different set of applications and data vulnerabilities.

As enterprises plan to adapt to these new challenges, implementing strong security monitoring and detection controls is imperative.

Join Securonix’s Aditya Sundararam, Director of Cyber Threat Analytics and Booz Allen’s Michael Sechrist, Head of Solutions, Advanced Threat Services to understand how to defend your enterprise from ransomware, phishing, VPN attacks, data compromise, and emerging challenges like executive protection.

From PPE phishing scams to ransomware, to hacking attempts of DNS routers, to hospital supply chain risks, malicious actors are looking to take advantage of the crisis caused by the Covid-19 outbreak.

Healthcare organizations worldwide have been through pandemic planning before, but never to this extent. The pandemic plans for Ebola and SARS were useful but not holistic.

Securonix is inviting Security leaders in healthcare to a panel discussion on the information security challenges amidst the current health crisis. Robert Martin, CISO, Alberta Health Services, Matthew Modica, CISO, BJC HealthCare and Nathan Moon, Director, Detection & Response, Intermountain Healthcare will discuss the current situation, challenges, and steps they took to mitigate risk while maintaining business continuity and patient care.

Thomas Harrington: Securonix Board of Advisor, Associate Deputy Director FBI (Retired), CISO Citi (Retired) will moderate the session as the panel discusses:

• Challenges healthcare organizations are facing including business continuity, remote workforce, data security and privacy, security training.
• Steps security leaders are taking to mitigate the risks and strengthen security policies and controls.
• Best practices to handle the new patient care norm: remote work environment, virtual care platforms, access to systems from non-traditional locations such as tents, and community vans.
• Balancing risk acceptance with business needs
• Role of technology, threat intelligence, and behavioral-based monitoring

We are facing a new normal in our corporate lives, with work from home becoming a necessity rather than a privilege. This change comes with its own set of cybersecurity challenges that security teams must deal with.

Working remotely could mean the use of unsecured devices, sharing or compromising of credentials, and accessing critical applications over unsecured external networks. This host of inconsistent behavioral attributes raise the possibility of opening-up exploits, compromising system integrity, which could result in sensitive data leakage.

To assist our customers and community with these challenges, Securonix is collaborating with partners like LTI to develop solutions to monitor and mitigate cyber threats effectively and ultimately create a secure work environment.

Join Sujay Doshi, Senior Product Manager for Cyber Threat Content at Securonix, and Prasenjit Saha, Executive Vice President, Global Head - Cyber Security at LTI to discuss:
• Cyber threat challenges that result from remote work setup.
• Critical security controls that organizations should consider for mitigating cyber risk to their environment.
• Securonix packaged solution for remote workforce monitoring.
• Hands-on demo of the Securonix solution with use cases from the trenches.
• LTI advisory service offerings to assist customers.

Digital transformation - we hear about it all the time, but what does it really mean for security? As organizations transition users, applications, workloads, and data from on-premises into the cloud to improve agility and competitiveness - how does that change their security landscape and threat model? And how can organizations address the challenge of protecting both legacy on-premises systems, while at the same time, also having to secure dynamic multi-cloud-based environment?

Join today's episode to learn about the reality many organizations are facing when it comes to juggling on-prem and multi-cloud security, what the key differences are and how to address them for your organization. The panel will also discuss the following topics:
- What are the differences between Cloud Security vs On-Premises Security and why do they matter for organizations in 2020?
- Can we normalize our security posture across the legacy and hybrid/multi-cloud environments?
- Is it possible to improve security as part of a digital transformation program?
- What kind of cyber hygiene do we need to practice? What should be added and what can be taken off security teams' plates?
- Where does DevOps (or DevSecOps) fit into all of this?
- Are cloud security failures the customer's fault?
- What is SASE and how will it impact your organization?

This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.

Recent world events have increased the vulnerability landscape and tested the security resiliency of enterprises. Not since the Icelandic volcano eruption in 2010 have we seen global events drive such profound changes to work behavior and employee mobility.

As enterprises enforce remote working – at short notice – they face a critical question: How will their security teams identify bad actors and threats in a time of massive user behavior change? This remote collaboration shift is exacerbated by the existing trend towards using cloud applications in the enterprise, and the security risks, monitoring, compliance, and response challenges that it brings.

In this webinar, Jason ‘JE’ English, Principal Analyst at Intellyx and Jon Garside, former CISO discuss the value of:

• Securing distributed, hybrid IT application work without inhibiting access and collaboration
• Best practices and a security posture for the new norm: remote workforces & hybrid cloud
• SaaS Security, that decreases cost, while scaling to newly diverse environments
• Semi-autonomous, cloud-based security, independent of infrastructure
• New threat chains and security playbooks, in the absence of analysts

Today we are in the midst of a global health crisis, which is affecting every aspect of our lives. In these tough times, many organizations have resorted to working from home to keep their employees safe.

However, this shift in the work setup is posing several challenges to the security teams. Critical data and applications are accessed from untrusted remote locations. Remote authentication and VPN devices suddenly are seeing a massive spike in traffic and targeted attacks. More phishing and malware campaigns are targeting employees. Amidst this increased attack surface, organizations are also concerned about the productivity of their employees, compliance, and licensing mandates.

To help our customers and community with these challenges, Securonix has created a task force of Data Scientists, Threat Researchers, and Detection Engineers. The task force is collaborating with Securonix customers and partners to develop content from the trenches that organizations can deploy to secure their work environment better.

Join Nanda Santhana, to learn about:

- Key challenges in the remote workforce setup.
- Threat and behavior indicators from the trenches.
- Use cases you can implement in your Security monitoring solution.
- Recommended incident response actions.

Organizations today are rapidly moving applications to the cloud, and data to cloud-delivered applications. They are adopting infrastructure-as-a-service (IaaS) cloud for hosting their infrastructure and for applications that were traditionally in a data center and relying on cloud-based software-as-a-service (SaaS) applications for various needs from accounting to marketing. As a result, enterprises now have their data dispersed across multiple cloud vendors. Enterprises are also selecting to work with multiple IaaS providers for cloud diversification to avoid dependency on a single cloud vendor. This creates too many unknown in the access and control of enterprise assets, and further opens up the threat surface.

Addressing the multi-cloud security challenge requires a more holistic approach – a solution that can collect, correlate and analyze the data centrally and provide a single pane of glass for alerting and incident response.

In this webinar Vidit Arora & Jon Garside, former CISO will provide an industry perspective on the growth and adoption of multi-cloud, the associated security challenges and what organizations can do to protect themselves against the growing number of cyberattacks on cloud. Join this session to learn:

- The security challenges with multi-cloud.
- Strategies to protect your organization against cloud cyberattacks.
- How to monitor and prevent insecure user behaviors and movement of data through multiple cloud sources.
- Best practices and case studies on how to build a highly predictive platform for detection and response in a hybrid environment.

Security leadership is under pressure to do more with less - fewer people, budget and time. Meanwhile, the threat landscape becomes ever more diverse, the attacks faced, more complex. The respected analyst and strategy team at ESG undertook an extensive review and testing of the Securonix Security Operations & Analytics Platform. They looked at the SaaS SIEM solution from an enterprise organization's viewpoint. Join Jack Poller and Jon Garside as they discuss:

•Ease of configuration
•Review of operation interface and features
•Deep dive on Securonix Threat Modeling and integration of the MITRE ATT&CK framework
•A look at the costs and return on investment to enterprise clients

What keeps CISOs up at night? What challenges are they facing on a daily basis? And what opportunities are they seeing in the industry?

Join experts from leading security organizations as they discuss strategies, solutions and technologies CISOs use in the face of on-going security challenges:

- Strategies for breach prevention
- Strategies for making the most of AI technology and human talent
- New technologies on the horizon
- Security strategy recommendations

Moderated by:
John Bambenek, VP Security Research and Intelligence at ThreatSTOP, Inc.
Thomas J. Harrington, Associate Deputy Director (Retired), Federal Bureau of Investigation; Managing Director and Chief Information Security Officer (Retired), Citi, Strategic Advisory Board, Securonix
Michal Jarski, Territory Manager, Tenable
Yotam Gutman, Community Manager, Cyber Marketing Pros

The MITRE ATT&CK framework is seeing rapid adoption across security teams worldwide. Join Oleg Kolesnikov and Sujay Doshi as they discuss key insights into how you can better leverage the framework from a SIEM and insider threat/user and entity behavior analytics (UEBA) perspective.

Viewers will also be shown practical examples of the most prevalent MITRE ATT&CK techniques in real-world attacks, as well as share technical insights into how you can better leverage the framework as part of your organization.

Join this webinar to discover:
- What some of the most prevalent real-world MITRE ATT&CK techniques – including Kerberoasting, DCShadow, and lateral movement using administrative shares – look like in your logs, and how you can detect them in your environment.
- What are the key considerations when it comes to leveraging MITRE ATT&CK as part of your SIEM and/or insider threat/UEBA environment.
- How Securonix is aligning content to the MITRE ATT&CK framework in order to improve threat detection and threat hunting capabilities.

Join Joseph Loomis, Founder and CSO of CyberSponse, and Jon Garside, Director of Product Marketing at Securonix, as they discuss the evolving threat landscape in an increasingly common hybrid cloud enterprise environment. Discover how analytics-driven security automation lowers mean time to respond and resolve events, while reducing costs.

When it comes to taking your data from you, cyber criminals never rest. If they can’t get in one way, they'll try another. A sound Security Operations Center (SOC) - staffed by the right people and with the right tools - is an essential component in your cyber defense strategy.

Join Kumar Chandramoulie, Senior Director of Global Cyber Threat and Vulnerability Management at AmerisourceBergen Corporation and Shareth Ben, Executive Director of Field Engineering at Securonix as they discuss how to:

- How to incrementally build your cyber security program
- How to effectively develop your team
- Automate to reduce workloads and drive efficiency
- Create strong KPIs and KRIs to measure success

Cyber threats today are advanced and complex. Even with the best analytics, threats may not be fully uncovered. Cyber threat hunting enables you to investigate the indicators of compromise to get full visibility and context around the threat so you can prioritize your remediation accordingly.

Legacy SIEMs fail to provide organizations the ability to rapidly connect, hunt, and pivot on historic events. Securonix Next-Gen SIEM leverages a big data platform to provide scalable and high performance search. In addition, Securonix leverages hundreds of machine learning operators to rapidly link and correlate events.

Join David Monahan, Managing Research Director of Security and Risk Management at Enterprise Management Associates, Inc. and Aditya Tirumalai Sundararam, Director of Cyber Threat Analytics at Securonix to learn about:
- Key requirements of effective threat hunting
- How to carry out threat hunting - techniques and use cases
- Leveraging threat hunting findings for incident response and tuning your SIEM content
- Short demo of threat hunting scenario with Securonix

The security monitoring and SIEM space is finally going through a much needed evolution to address with the growing volume of cyberattacks and data breaches. The increase in data volume and complexity and extreme shortage of skilled resources necessities innovation in technology and the approach to security monitoring.

Join Sachin Nayyar, CEO of Securonix, and guest speaker Joseph Blankenship, Principal Analyst at Forrester, to learn about:

• Security challenges in 2019
• Market trends for security monitoring and SIEM
• Evolution of security monitoring platforms
• Joseph’s take on the vendor landscape as seen in The Forrester Wave™: Security Analytics Platforms, Q3 2018
• Sachin’s thoughts on Securonix’s approach to Next-Gen SIEM with:
o Scalable data collection (Security Data Lake)
o Advanced threat detection (UEBA)
o Intelligent response (SOAR)
• Taking SIEM to the cloud - SaaS SIEM, managed SIEM service