Name: Enabling effective alert triage and analysis with Kaspersky Threat Data Feeds
Start: 2021-03-25T14:30:00Z
End: 2021-03-25T14:30:24.000Z
Location: BrightTALK
Rating: 5

On this channel, Kaspersky experts share their knowledge and key insights into high-fidelity threat hunting and intelligence, incident management, malware analysis, reverse engineering, security solutions, and several other vital aspects of the cyberworld. To keep you up to date, the experts also provide detailed webinars and workshops on how Kaspersky security solutions and services can halt and prevent a vast range of malicious attacks conducted by cybercriminals. 

Kaspersky is a global cybersecurity and digital privacy company that has been providing protection for 25 years, with over 400 million users from more than 200 countries. Kaspersky experts' mission is to help you find the perfect weapon to protect against any cyberthreat, carried out by even the most sophisticated cybercriminals. 

Kaspersky researchers are top-notch cybersecurity and protection technology experts, who regularly take part in leading information security events worldwide as best-in-class speakers. Kaspersky’s deep threat intelligence and security expertise is constantly being transformed into innovative security solutions and services that protect businesses, critical infrastructure, governments and consumers around the globe.

Subscribe and learn more about the latest cybersecurity discoveries on the threat landscape and how to defend against them.

Contact us at https://www.kaspersky.com/about/contact 




In today's digital landscape, phishing and social engineering attacks have become increasingly sophisticated, posing significant threats to organizations worldwide. According to Kaspersky's 2023 report, spam accounted for an alarming 45.60% of global email traffic. Furthermore, a staggering 77% of companies have fallen victim to cyber incidents in the past two years, with 21% of these incidents attributed to employees succumbing to phishing attacks.

Beyond the mere inconvenience of sorting through spam, these attacks can lead to severe consequences. From compromising confidential data to incurring substantial financial and reputational damages, the implications are vast. Additionally, recipients risk losing personal funds to scam messages, underscoring the urgency for robust email security measures.

Join us for this enlightening webinar where Kaspersky's experts, Anna Lazaricheva and Alexander Rumyantsev, will delve into the most prevalent and current email threats observed over the past year.

• Understand the diverse forms of spam and email threats plaguing organizations today.
• Explore real-world examples and case studies highlighting the impact of phishing and social engineering attacks.
• Discover the advanced features of Kaspersky Security for Mail Servers (KS for Mail Server), designed to combat sophisticated email threats effectively.

Email security: Top threats and how to counter them

Kaspersky issued its annual Incident Response Analyst Report that provides insights into incident investigation services conducted by the company to willing customers in 2023, builds a holistic overview of any cyberthreat trends and summarizes observations into statistical analysis of recent incidents. 

Join our webinar on May 8, when Ayman Shaaban, Digital Forensic and Incident Response Manager in GERT, Global Emergency Response Team, at Kaspersky, will highlight the most common attack scenarios based on 2023 incident investigations, including observations on: 

• Top targeted regions and industries 
• Most common initial compromise vectors 
• Attack duration and impact 
• Adversarial tools and tactics 
• Expert incident response recommendations 
• Examples of investigated incidents from 2023

Analyzing last year’s cyber incident cases

In 2023, Kaspersky Managed Detection and Response (MDR) received more than 314,000 alerts worldwide. Kaspersky team processed these alerts and accumulated as anonymized customer cases to provide information about the current threat landscape.

Join our webinar with Sergey Soldatov, Head of Kaspersky Security Operations Center, where he will tell about the nature of the identified incidents and highlight the most common tactics and techniques attackers used.

On this webinar you will understand:
• Who are your potential attackers?
• How do they operate today?
• How can their activity be detected?

These new findings will help you to protect businesses from the growing number and complexity of real-life threats.

MDR report 2023: Analyzing the state of the global threat landscape

As the industrial landscape evolves, so do the threats that accompany it. While many industrial threats may be developing slowly from year to year, subtle changes are reaching a critical mass, poised to reshape the cybersecurity landscape in the near future.

Join us for the webinar featuring Evgeny Goncharov, head of Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT). Evgeny will dissect the current state of industrial cybersecurity and provide invaluable foresight into what lies ahead. From the persistent menace of ransomware to the burgeoning wave of cosmopolitical hacktivism, we'll delve into the multifaceted risks facing industrial enterprises.

Join us to gain valuable insights into the key cybersecurity challenges facing industrial enterprises in the upcoming year. Learn how to effectively safeguard your operations and stay ahead of emerging threats. Plus, get an analysis of trends from 2023 and a comprehensive outlook on the evolving threat landscape in 2024.

Industrial cybersecurity in 2024: trends and forecasts

As the number of cyberattacks increases, it is crucial to be able to reverse-engineer malware quickly and efficiently. To do so, it is very important to learn to master tools for reverse engineering.

In this webinar, we will dive into the depths of Ghidra, an indispensable tool for InfoSec professionals that is commonly used to analyse malware. To demonstrate how it can come in handy when reverse engineering; we will show you its capabilities using a malware called Calypso as an example. While analyzing this malware with Ghidra, we will share various tips and tricks that will be useful during the reverse engineering process – for instance, we will tell you how to analyze functions that make use of structures and function pointers properly.

Additionally, we will provide information about our recently released online training course on malware analysis with Ghidra. This course includes advanced topics such as API function hashing, decompiler scripting and extending Ghidra’s capabilities, and it will be useful for cybersecurity specialists wanting to learn how to do malware analysis using Ghidra.

Take your reverse engineering to another level with Ghidra

With Ransomware attacks continuing to get media attention, this evolving attack vector is only going to grow. In this presentation, we’ll take a deep dive into the whole attack kill chain for a number of high profile ransomware groups; from their Ransomware-as-a-service models to each stage of the infection kill chain. We will analyze common Tactics, Techniques, and Procedures (TTPs) employed by ransomware groups and share our best practices for ransomware protection and prevention. You will also get an overview about the best technologies to protect your network, minimize the impact and build an effective response strategy.

Fortifying Cyber Defenses: A Comprehensive Approach to Ransomware Mitigation

In the AI domain, individuals often find themselves taking a stance. Some argue that AI's technological advancements revolve around control and power, while others highlight its convenience. Simultaneously, the cybersecurity community remains wary of AI's potential to disrupt the threat landscape, possibly causing upheaval in defense organizations globally. 
 
At the same time, the regulatory framework for emerging technologies is in its early stages of development, navigating uncharted territory during its formative development stages. This adds complexity to the discourse, as the ethical, legal, and societal implications of AI are yet to be fully addressed. 
 
In this webinar, Kaspersky's experts and Prof. Dr. Dennis-Kenji Kipker  of cyberintelligence.institute will delve deep into the multifaceted current influence of AI on cyber threats and the privacy landscape. While our Kaspersky expert illuminates technological intricacies, Prof. Dr. Dennis-Kenji Kipker will navigate the intricate landscape of AI laws and regulatory trends.Furthermore, our panel will scrutinize the pivotal AI developments of 2023 and provide insights into the forecast for the upcoming year. Our roundtable is joined by: 
- Dennis Kipker, Research Director, cyberintelligence.institute, Frankfurt am Main 
- Vladislav Tushkanov, Research Development Group Manager at Kaspersky’s Machine Learning Technologу Research Team 
- Victor Sergeev, Incident Response Team Lead at Kaspersky’s SOC Technologies Research and Development Team 
- Vladimir Dashchenko, Security Evangelist, Kaspersky’s ICS team

The Future of AI in cybersecurity: what to expect in 2024

In today's media landscape, we consistently encounter news of companies falling victim to cyberattacks, resulting in the exposure and sale of their data on the dark web. The wide array of data available on the dark web market, including internal databases, infrastructure access, and compromised accounts, presents a pervasive problem that affects businesses of all sizes. These breaches and related incidents don’t only disrupt operations and damage reputations, but they can also result in substantial fines and legal consequences. 

According to Kaspersky, nearly half of the organizations that faced data breach incidents in 2022 lacked contact person responsible for handling such incidents. About one-third either failed to react, denied the incident, or showed indifference to their data being traded on the dark web. Only a few were adequately prepared to respond. 

At our upcoming webinar, Anna Pavlovskaya, an expert at Kaspersky Digital Footprint Intelligence, will present a comprehensive guide to setting up a system that monitors dark web threats and navigating the aftermath of an incident. You will gain insights into: 

- Structuring the incident response process, including the approach, necessary steps, and the specific roles assigned to the team members responsible for the process. 
- Identifying the types of data commonly offered for sale on the dark web and understanding the differing response strategies based on these data categories. 
- Effective communication with the media, customers, partners, shareholders, top management, and other parties involved. 
- Strategies for rapid incident identification, investigation, response, and recovery from an incident or preventing it from occurring.

Responding to a data breach: a step-by-step guide

In the rapidly shifting world of advanced persistent threats (APTs), tranquility is a rare sight. Leveraging their profound expertise, which includes tracking of hundreds of active APT campaigns, experts from the Kaspersky Global Research and Analysis Team (GReAT) will unveil their insights into the evolving threat landscape in the upcoming year. 

Join Kaspersky for this webinar, where you will:
• Receive a detailed analysis of which of GReAT’s predictions from the past year have proven accurate and the underlying factors that contributed to their success or divergence.
 • Be given forecasts regarding upcoming trends in the realm of APT activity.
 • Gain insights into the protective measures to counter the ever-evolving threats effectively.

Speakers:
Igor Kuznetsov, director
David Emm, principal security researcher
Marc Rivero, lead security researcher 
Sherif Magdy, senior security researcher 
Dan Demeter, senior security researcher 
Global Research and Analysis Team, Kaspersky

2024 Advanced persistent threat predictions

Modern cars employ a wide array of communication interfaces. Some, like Bluetooth and Wi-Fi, directly engage users, while others, such as RDS and GPS, provide user-facing services, and still others, like CAN and Ethernet buses, ensure the proper functioning of the car's internal systems. These interfaces contribute to the extensive flow of data within the car, forming its data flow graph. Within this graph, they serve as the "entry points" for malicious attackers seeking access to the vehicle. However, tampering with them does not necessarily lead to the loss of the car's security features.

In this webcast, cybersecurity experts, Alexander Kozlov and Sergey Anufrienko from Kaspersky's ICS CERT, will delve into the automotive security. Together, we will examine:

- We'll explore which interfaces attackers tend to favor when targeting cars and the reasons behind their choices.
- We'll focus on the techniques attackers employ when conducting attacks through specific interfaces, with an emphasis on classical techniques.
- We'll discuss how to defend against these threats and evaluate the feasibility of reducing associated risks.

Join us for this webinar, where we'll equip you with the knowledge and tools to not only comprehend the ever-evolving landscape of automotive security but also to safeguard your modern vehicle effectively.

Overview of modern car compromise techniques and methods of protection

There is a common sense that companies need to develop and establish a comprehensive cybersecurity strategy to protect their own perimeter from attacks and also react fast and in the right way if they are under fire.
Despite the fact that still many enterprises don’t have a real strategy until they become a victim – which factors should you take into account when you decide to develop and implement a cybersecurity strategy to protect your company?
 
There is no silver bullet, no strategy you can just clone from another company. Different scales of businesses need to develop different strategies based on
- Budget
- Threat landscape
- Targets
- Type of data
- Business sector
 
In our session you will learn how you can develop a cybersecurity strategy that really that is tailored to really protect your business and helps to to react in the right way to mitigate caber attacks. And you will also learn how much budget you should really invest to be protected.

One fits all? No! All you need to develop the right cybersecurity strategy

Not only do cybercriminals make money by committing cybercrime, but they also expand their operations by offering services to individuals without strong technical skills in malware development. This business model is known as Malware-as-a-Service (MaaS), and it operates on various sites of the "shadow" internet, including the Darknet. MaaS generates stable profits, enabling cybercriminals to maintain a team and continuously improve their services to carry out attacks on companies and individual users.
 
Through our research, we have identified 97 families of malware that have been distributed in the MaaS format – or "by subscription" – over the last seven years. These families include ransomware, various loaders, backdoors, botnets, and infostealers. In this webinar, Alexander Zabrovsky, Digital Footprint Analyst at Kaspersky, will delve into the inner workings of MaaS in the Darknet and address the most relevant issues:
 
- How did malware become a full-fledged product, and how did the "subscription" model become a new standard for cybercriminals?
- Why has YouTube become one of the key platforms for distributing malware? Who are traffers, and what is their function?
- Which families of malware are mentioned most often in the Darknet, and how does the Darknet services market depend on the news agenda?

Unveiling the Darknet's Malware-as-a-Service model: How it works?

Cybercriminals tend to be secretive and act without disclosing their identity. However, when it comes to ransomware negotiations, the victim and the attacker have to “meet” face-to-face. Moreover, by the time the two sides meet to discuss the price, the attackers have already gained control of a company’s data or network – that puts the victim in a weak position.

What does it like to negotiate with someone who is trying hard to get a ransom whilst remaining in the dark? What can you expect from such negotiations? In this webcast, Marc Rivero, senior security researcher, GReAT at Kaspersky will observe various tactics used by ransomware groups, explain how the companies are trying to negotiate with these cybercriminals, and what outcome such negotiations may have.

In this webinar, you will learn:
- What Ransomware as a service (RaaS) model is
- What a data leak portal in RaaS terms is
- About ransomware negotiations: stages, means of communication
- What to do if you have been reached by a ransomware group
- Q&A session

Ransomware groups negotiation tactics: what you need to know

Unveiling the Darknet's Malware-as-a-Service model

In 2022, Kaspersky Managed Detection and Response (MDR) received more than 400,000 alerts worldwide. Kaspersky team processed these alerts discovered by the service and accumulated as anonymized customer cases to provide information about the modern threat landscape and the most common adversarial techniques.  

Join our webinar on September 13 when Sergey Soldatov, Head of Kaspersky Security Operations Center, will highlight the results of MDR's operations occurred in 2022, including observations on:
• The most attacked industries
• The nature of high severity incidents
• Tactics, techniques and procedures used by attackers
• The most popular detection scenarios and an average threat detection rate

Findings highlighted in this webinar will help you to be aware of existing attack techniques and protect businesses from the growing number and complexity of real-life threats.

MDR analyst report 2022: the latest statistics on global cyber-incidents

Kaspersky experts will discuss the state of Advanced Persistent Threats (APTs) and explore the latest trends and developments shaping the cybersecurity landscape in the first half of 2023. In this session, we will uncover noteworthy campaigns launched by both established and emerging threat actors, along with the transformative impact they have had on APT activities.

Against the backdrop of geopolitical influences, we will analyze the driving forces behind APT advancements, emphasizing the persistent pursuit of cyber-espionage as a primary objective for APT campaigns. Reflecting on the surprising turns of 2022, a year marked by the anticipation of a cyberwar, we will assess the valuable lessons learned by cyber defenders and the reality of perceived threats.

This webinar will address three key questions, guiding the conversation towards a comprehensive understanding of the current APT landscape:

- Which pivotal cyber events of 2023 warrant the attention of the international community, and what insights can we glean from them? Explore the implications of these events and discover the valuable lessons they have taught us.
- Gain insights into the latest trends shaping the APT threat landscape. Understand the evolving techniques employed by threat actors and the implications for organizations' cybersecurity posture.
- Highlight the main trends APT actors establish in the threat landscape across different regions. Do APT techniques and goals remain the same?
 
Additionally, we will practical guidance on bolstering organizational defenses against cyberattacks. Learn effective strategies and best practices that can help safeguard your systems, data, and intellectual property from APT threats.

Join us for this timely webinar and equip yourself with the knowledge and tools necessary to navigate the ever-changing APT landscape and fortify your cybersecurity defenses.

2023 APT Landscape Unveiled: Trends, Challenges, Solutions

The number of security alerts processed by information security analysts every day is growing exponentially. With this amount of data being analyzed, effective alert prioritization and validation is nearly impossible. There are too many blinking lights coming from numerous security products, leading to important alerts getting buried in the noise, and the strong chance of analyst burnout. By integrating up-to-the-minute threat intelligence feeds into existing security controls, like SIEM systems, security teams can automate the initial alert triage process. Simultaneously, they can then provide their security analysts with enough context to immediately identify alerts that need to be investigated or escalated to incident response teams for further investigation and response. 

Join our webinar to see how Kaspersky Threat Data Feeds enhance your existing security controls and improve forensic capabilities with 100% vetted and context-rich cyberthreat data. Our experts will guide you through the complete investigation process from the initial alert to further response, while also demonstrating how to:

• Effectively distill and prioritize security alerts
• Reduce analyst workload and prevent burnout
• Immediately identify critical alerts and make more informed decisions about what should be escalated to incident response teams
• Build a proactive and intelligence-driven defense

Enabling effective alert triage and analysis with Kaspersky Threat Data Feeds

Threat Analysis

Threat Intelligence

Cyber Incident Response

Cyber Defence

Cyber Attacks

SIEM

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Enabling effective alert triage and analysis with Kaspersky Threat Data Feeds

Presented by

About this talk

More from this channel