Name: To Whack or Not to Whack — Incident Response and Breach Mitigation
Start: 2019-04-11T03:00:00Z
End: 2019-04-11T03:44:00.000Z
Location: BrightTALK
Rating: 0

Gigamon is the first company to deliver unified network visibility and analytics on all information-in-motion, from raw packets to apps, across physical, virtual and cloud infrastructure. We aggregate, transform and analyse network traffic to solve for critical performance and security needs, including rapid threat detection and response, freeing your organization to drive digital innovation.

Originally aired as an iSMG webcast.

Perimeter defenses are nothing new, and when it comes to cybercriminals and ransomware purveyors, they’re getting better at evading perimeter defenses.

Once they’ve gotten in, they’re hiding in network blind spots, operating using encrypted traffic and targeting cloud workloads. What if you could turn this behavior to your advantage?

View this webinar OnDemand now, and learn from the discussion on how to use these attackers’ strength against them and how SOC teams should hunt for attackers while leveraging network visibility and network metadata. Topics include:
 - How network packet data is the best way to detect early signs of compromise
 - Why complex infrastructures indicate that blind spots are only getting worse
 - How network detection and response (NDR) tools are the best to fight ransomware

Cybersecurity Judo: Using the Adversary’s Strength Against Them

Originally aired on an ActualTech Media webcast.

Every organization is facing challenges when it comes to cloud security. The ever-increasing complexity and severity of the threat landscape means that organizations must empower their people and tools with high-fidelity data but still be mindful of cost and performance implications. As a result, many organizations are faced with a devil’s dilemma of security vs. cost. 

But it doesn’t have to be that way. Join cloud security expert and Gigamon Field CTO, Jim Mandelbaum, CISSP, in conversation with Martyn Crew, Sr. Director, Solutions Marketing, as they discuss practical ways to increase cloud security by powering your tools and teams with high-fidelity network traffic and intelligence.  

In this free-flowing discussion, you’ll learn ways to: 
 - Increase your cloud security posture by powering people and tools with the right data 
 - Reduce compute and bandwidth costs by optimizing tools traffic without compromising data-fidelity 
 - Break the direct link between traffic growth and the number of tools you need to manage it

Cloud Security Costs: Are Your Tools to Blame?

Originally aired on an ActualTech Media webcast.

Cloud workloads protected by platform tools are not immune to threats, whether the cybercriminal’s intent is targeted or opportunistic. Join the webinar and see a demo of how the new “deep observability” technology fills a gap in your cloud security posture for threat detection and response, and unwanted activities, such as crypto-jacking.

Securing Cloud Workloads from Threats and Unwanted Activities

Originally aired on an SANS webcast.

The state of cloud security is evolving. Many organizations are implementing new and more advanced cloud security services that offer cloud-focused controls and capabilities, including services and tools that provide network connectivity and security for end users and office locations, security monitoring and policy controls, and identity services, among others.

The SANS 2022 Cloud Security Survey explores the types of services organizations are using, what types of controls and tools provide the most value, and how effective cloud security brokering is for a range of use cases. The survey focuses on:
 - Cloud security skills gaps and requirements
 - Cloud security automation
 - Cloud security operations guardrails, tools, and processes
 - Cloud security threats and incidents

SANS 2022 Cloud Security Survey

Originally aired on a SANS webcast.

The years 2020 and 2021 were undoubtedly the years of ransomware. Threat actors wasted no time taking advantage of the chaos caused by the COVID-19 pandemic, launching attacks that netted millions (if not billions) of dollars in extortion fees and leaked a record amount of data from victim organizations.

On this webcast, we will look at how ransomware defenses have changed from 2020 through 2022. The webcast will also explore ransomware threat actor changes, current trends, and how to implement defenses against those trends.

SANS: Ransomware Defense in 2022

Whether through intentional strategy or practical reality, nearly all organizations are running a hybrid cloud. Security in the hybrid cloud requires visibility into all data in motion, and without any blind spots, for your security and observability tools to do their job.
 
Based on our new Definitive Guide to Network Visibility and Analytics in the Hybrid Cloud, Dave Shackleford and Michael Dickman will discuss securing and optimizing your hybrid cloud.

You will learn how to: 
 - Strengthen security with network-based threat detection and response building on full visibility 
 - Balance agility, cost, and flexibility with legacy requirements 
 - Select the right network visibility and analytics solution for your hybrid cloud

Definitive Guide to Network Visibility for Hybrid Cloud

Threats are excellent at evading endpoint detection: hiding in network blind spots, operating using encrypted traffic and targeting cloud workloads. Attackers are dwelling on network up to 280 days on average, evading endpoint detecting and covering their tracks. Join Chris Borales as he discusses how network and security teams can leverage visibility in their security processes to combat today’s ransomware threats.

Agentless threat hunting: Stopping ransomware before the encryption happens

The war has come to you. From state sponsored actors to financially motivated criminals, all kinds of cyber-threats are targeting your critical solutions and operational technology (OT) 24/7 to compromise and steal your valuable data. Join industry experts from Gigamon and Armis to craft and adopt a winning strategy to mitigate, detect and respond to new, fast-changing risks and assaults by gaining full visibility and control over 100% of your assets. 

We’ve seen recently how state actors use cyberwarfare to bring down critical systems and how financially-driven cybercriminals innovate new forms of attack using phishing or brute force techniques to breach networks and inject ransomware or exfiltrate valuable data. With the constantly evolving threat landscape, the question is not whether you will be attacked, but will you be ready to respond when the attack comes—because it will come.

Join this webinar and learn: 
 - How to gain complete and dynamic visibility into your OT infrastructure and security  
 - How the post-Ukraine OT cybersecurity threat landscape will evolve 
 - Deeper insights and recommendations for your OT cybersecurity strategy  
 - Best practices for gaining comprehensive visibility into all OT assets and connections

Cyber-Warfare: Is Your Critical OT Infrastructure Ready?

Originally aired on an ActualTech Media webcast.

It's getting harder to distinguish the cloud from the edge and from the data center as technologies converge. As the functional capabilities of different areas of your infrastructure become more intermingled, it becomes increasingly difficult to maintain a security posture that reduces an organization's risk. The inherent complexity of hybrid and multi-cloud environments can lead to security blind spots and application performance issues that can slow cloud migration, adoption and increase security risks. 

During this event, learn about solutions that directly address these issues combining existing security, performance and observability tools with network-level intelligence and visibility to secure your cloud instances. Join Chris Borales as he discusses the importance of visibility, detection and response when securing your hybrid cloud environments.

Securing Cloud Environments

Originally aired on an ActualTech Media webcast.

The inherent complexity of hybrid and multi-cloud environments can lead to security blind spots and application performance issues that can slow cloud migration, adoption and success. Gigamon Hawk is the only solution that directly addresses these issues using an approach called Deep Observability that powers existing security, performance and observability tools with network-level intelligence. Learn how Gigamon Hawk can help you Wrangle the Cloud.

Wrangling the Cloud: Avoiding Missteps and Improving App Environments

The tenets of zero trust are well defined in NIST SP 800-207, but have organizations and security architects really taken them on-board? Are we exhibiting a familiarity bias: over-trusting certain network and software components, while ignoring others that may represent security vulnerabilities?  Are we looking too much at the actual network we are trying to protect, and disregarding unmanaged devices, such as IoT/OT/ICS, BYOD?  Is EDR the solution or just an initial step towards a solution on the road? Join us as we explore these issues and offer suggestions on how to address them.

Zero Trust and the Dangers of Implicit Trust

Zero trust is increasingly a guiding principle for modern cybersecurity programs. With an ESG survey finding that for 51% of enterprise respondents it’s the top driver of adopting zero trust - ahead of reducing the number of cybersecurity incidents and supporting Digital Transformation - there’s no denying that zero trust is now central to cybersecurity modernization. 
You may ask: ‘Weren’t organizations starting to implement zero trust before the pandemic?’ While that’s certainly true, the leap in adoption of cloud services since March 2020, and the increased dependency on cloud infrastructure, has undoubtedly changed the game. As a result, it’s time to both reexamine zero trust’s applicability for securing growing cloud footprints and increase your knowledge of new zero trust use cases. In episode 3 of Revisiting Threat Models in the Cloud Era Doug Cahill, Senior Analyst at ESG, is teaching organizations how to apply zero trust in new cloud infrastructures and why it’s so critical today. 

Make sure you join and learn:
- What ESG’s definition of zero trust is
- What the scope of zero trust is and essential zero trust use cases
- How zero trust is different to default deny and the way enterprises have treated access previously
- If ZTNA is replacing VPNs
- What the role of monitoring in a zero trust approach is
- And more

[Ep.3]  Zero Trust for the Cloud Era: New Use Case Insights

Think your backups are a panacea for ransomware defense? Think again. Traditional backups are no longer enough and despite ransomware being a popular business model for cybercriminals for years, it’s gaining relevance with supply chain attacks, and big game hunting - attacks on enterprises - are increasing. Graff, JBS, Colonial Pipeline and software manager Kaseya are just some of the businesses held to ransom recently. With Colonial paying $4.4 million and JBS $11 million, it’s more essential than ever that CISOs are clued up on the latest in threat intelligence as enterprise ransomware attacks become more targeted and less ‘spray and pray’. 

This rise of ransomware is coupled with the shift from remote to hybrid working, which has seen the number of remote endpoints and intruder attack space both increasing exponentially. It’s the perfect storm, and organizations must know how to effectively battle ransomware by planning ahead and preparing for the inevitable. In episode 2 of Revisiting Threat Models in the Cloud Era, Doug Cahill, Senior Analyst at ESG, is sharing his expert opinion on exactly how to do that. 

Make sure you tune-in and learn:

- New insights into the shift to enterprises being attack targets and why
- Why ransoms have increased and what the role and relevance of cybersecurity insurance is
- Essential information about the threat actors themselves and how have they changed their approach to monetizing extortion
- Specific best practices for ransomware cybersecurity that businesses must implement
- And more

[Ep.2] The Rise of Ransomware: Planning for When, Not If

Fingers crossed, life is starting to get back to normal, and the winning streak cloud-based services saw as a result of the pandemic shows no sign of slowing down as businesses move to embrace hybrid and ‘work from anywhere’ models. Yet despite the numerous benefits of the rapid migration to cloud - collaboration where previously there were silos ranking near the top - the stark reality is that cyber security for the cloud era is facing a readiness gap. In fact, a recent ESG survey found that despite the benefits of cloud migration and adoption, 88% of enterprise respondents believe that their cybersecurity initiatives need to evolve in order to secure their cloud-native applications and use of public clouds.

87% of respondents to the same survey also fear that the differences between cloud-native applications and the rest of their apps and infrastructure require a different set of security policies and technologies. As such, questions around exactly who is responsible for securing the network are causing a lot of confusion for CISOs and IT leaders. In a bid to provide clarity, in episode 1 of Revisiting Threat Models in the Cloud Era, Doug Cahill, Senior Analyst at ESG, is exploring the dynamics of cloud migration and sharing why the shared responsibility model is foundational to cloud security. 

Join Doug to learn:
- What security trends analysts from ESG are seeing around SaaS, IaaS and PaaS service
- What the shared responsibility model is and why there’s confusion around what it means for CISOs
- Why organizations must gain greater visibility of the ‘cloud security visibility gap’
- The role of developers in the threat model and how they can help
- And more

[Ep.1] Cloud Migration: Who Is Responsible For Securing the Network?

Originally aired on an ActualTech Media webcast.

The modern network landscape is a continuously evolving mix of workloads and tools running in physical and virtual data-centers, and on cloud platforms. As this landscape evolves, the challenges of ensuring security, availability and performance become more increasingly complex and demanding. Learn how Gigamon Hawk provides the deep observability into the modern network to provide the real-time, high-fidelity network visibility you need to run fast, stay secure and innovate.

Ensuring Visibility Across the Modern Networking Landscape

Originally aired on an ActualTech Media webcast.

Threats are getting better at evading perimeter defenses, that’s a given. After they’ve gotten in, they’re hiding in network blind spots, operating using encrypted traffic and targeting cloud workloads. How do you find adversaries after they’ve bypassed your perimeter and evaded endpoint agents?

Attend this webinar to learn the most effective techniques for dealing with the scourge of ransomware. You’ll hear about the tools you could be using to bolster your defenses and learn about best practices for stopping ransomware attacks. In this session, Chris Borales will discuss the myriad opportunities SOC teams have to hunt for attackers and how improving network visibility, extended network metadata retention are among your best tools to pinpoint adversary activity.

Ransomware: Best Practices - Agentless Threat Hunting

What can security, HTM, and IT teams do differently to quickly detect ransomware and better protect their patients and assets?

No healthcare organization is immune from ransomware attacks. As you know, you are a prime target. Ransomware, and cybercrime in general, is now big business and the threat actors are increasingly sophisticated and collaborating to actively target healthcare organizations of all sizes.

Faced with this crisis, what can you do differently to better detect and mitigate ransomware attacks? Join a panel of industry experts including former Gartner security analyst and Healthcare security practitioner. We’ll discuss your viable options and answer your ransomware and security questions.

What you’ll learn:
• How complete and dynamic visibility can mean the difference between life and death.
• What’s next for the 2022 cybersecurity threat landscape in the Healthcare industry?
• Receive insights and recommendations for your cybersecurity strategy.
• Best practices for gaining comprehensive visibility into all assets and all connections.

Healthcare Security Panel:
• Brad LaPorte, Gartner veteran and Partner, High Tech Advisors
• Benjamin B Stock, Director Of Healthcare at Ordr
• Martyn Crew, Senior Director of Industry Solutions at Gigamon

Triaging the Ransomware Healthcare Crisis

Join Gigamon to learn why visibility is the basis of trust for enterprise IT whether it’s on-premises or in hybrid and multi-cloud environments. The Gigamon Network and Visibility Fabric provides complete visibility into all the data-in-motion on your network from the packet level to the application level.

Ensuring Trust In Enterprise IT and the Cloud

To whack, or not to whack, that is the question:
Whether ‘tis nobler in the mind to torch all
The compromised boxes on your poor network,
Or to take arms against a sea of malware
And by blocking stop them all. 

So, what do you do during an active security incident? When is the proper time to whack-a-mole with your mallet? Is it better to light everything on fire and start over, or should you make observations a key component of your response and mitigation strategy? In this webinar, we'll discuss strategies for when it's time to scorch the earth versus sit back with a cup of tea, gaining intel into what active adversaries are doing in your house.

We’ll break down some of the most important points to remember during the commotion of an active incident response, including:

•Context is king. We’ll explain the important questions you need to be ask when scoping an incident to get an improved view of the situation.
•Thinking fast and slow. It’s understandable to want to nuke everything from orbit just to be thorough, but it’s usually not the smartest play. We’ll outline the potential benefits and risks of hasty containment and remediation efforts versus slow, thoughtful analysis when executing a response game plan.
•The law of diminishing returns. There can be a tipping point where the cost of your decisions and polices no longer justify the answers you’ll find. We’ll talk you through some tactics to find the sweet spot between effort and return.

To Whack or Not to Whack — Incident Response and Breach Mitigation

SecOps

Incident Response

Breach Mitigation

Security

Threat Analysis

Risk Assessment

Cyber Attacks

Security Awareness

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

To Whack or Not to Whack — Incident Response and Breach Mitigation

Presented by

About this talk

More from this channel