Name: Tales From the Frontlines - Threat Group UNC1945
Start: 2023-07-06T09:00:00Z
End: 2023-07-06T09:00:47.000Z
Location: BrightTALK
Rating: 5

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.

Learn from legal and crisis communications experts about the importance of incident response planning and how AI adoption has changed risk, incident response, and the impact of a breach. 

In this interactive discussion, Dan Wire, Head of Crisis Communications at Mandiant and Beth George, Partner at Freshfields, examine how the rise of generative AI is shifting the cybersecurity threat and response landscape. 

Watch now to learn how to:

*Recognize the evolving AI threat landscape: The importance of educating teams on the increasing sophistication of threats including AI-powered impersonation using deepfake voice and video, and the use of generative AI to create deceptive content like flawless phishing emails and convincing resumes.

*Expand the scope of incident response to effectively manage emerging AI-related risks. This includes creating a plan for when customer-facing LLM products behave unexpectedly.

*Establish effective governance and escalation by embedding robust decision-making models, escalation criteria, and a "whole of company" response to ensure business needs are balanced against legal constraints during a crisis.

*Manage the complexities of ransomware events, including the necessity of pre-vetted external negotiators and the critical importance of a legal partner to assess sanction risks and manage disclosures.

*Build foundational crisis muscle with pre-incident tabletop exercises, which are vital for exposing vulnerabilities in internal team cohesion (e.g., between Legal, Comms, and Sales) and ensuring the organization can execute a strategy of "measured transparency" to maintain consumer trust and mitigate long-term business risk.

Incident response planning in the age of AI

Measuring SOC impact is difficult. This talk argues that focusing on analytic maturity and consistency—rather than just speed metrics like mean-time-to-response (MTTR)—is the best way to reduce incident costs. We explore how Google SecOps features like Ontology and Alert Grouping build this consistency by structuring threat data. This approach shifts analysts from repetitive triage to complex puzzle-solving, ensuring diverse analysts can reach the same informed conclusion. Learn how this standardized, high-quality output is the foundation to mature your SOC.

Supercharge Your SOC: Driving Consistent Analysis with Google SecOps & Mandiant Dan Nutting

In the time it takes to read a news headline about an emerging cyber threat, your organization is already at risk. The critical gap between awareness and action leaves security teams scrambling to translate threat reports into meaningful defense.

Join us to unveil the new Emerging Threats Center, a real-time, AI-powered news feed within Google Security Operations that fundamentally changes how teams consume and operationalize threat intelligence. We will demonstrate how security teams can now move at the speed of news, instantly answering the questions that matter most: ""Are we vulnerable? Have we been impacted? And are we protected going forward?"

From Headline to Hardened: Instantly Operationalize Emerging Threats

Le minacce informatiche sono in continua evoluzione. Scopri come stare al passo nel 2026 con l'esperto di sicurezza Gabriele Zanoni.

Partecipa a questa sessione di approfondimento basata sul report "Cybersecurity Forecast 2026", dove Gabriele esporrà le tendenze chiave e le intuizioni per aiutarti a rafforzare le tue difese informatiche nell'anno a venire, tra cui:

-La Corsa agli Armamenti dell'IA: Come l'IA generativa viene utilizzata sia dagli attaccanti che dai difensori.
-Minacce degli Stati Nazionali: Un'analisi approfondita delle attività dei "Big Four"—Cina, Russia, Corea del Nord e Iran.
-L'Economia del Cybercrime: Le ultime tattiche in fatto di ransomware, estorsione e operazioni di criminalità informatica.
-Intelligence Regionale: Approfondimenti e previsioni esclusivi per le regioni JAPAC ed EMEA.

Google Cloud EMEA Cybersecurity Forecast 2026 in Italiano

Cyber-Bedrohungen entwickeln sich ständig weiter. Erfahren Sie von unserem Experten Jochen Klotz, auf was Sie sich im kommenden Jahr vorbereiten sollten.

Nehmen Sie an dieser Deep-Dive-Session teil, die auf dem Bericht „Cybersecurity Forecast 2026“ basiert. Jochen Klotz stellt darin wichtige Trends und Erkenntnisse vor, mit denen Sie Ihre Cyber-Abwehr im kommenden Jahr stärken können.

Dazu gehören unter anderem:

- Das KI-Wettrüsten: Wie generative KI sowohl von Angreifern als auch von Verteidigern eingesetzt wird.
- Nationalstaatliche Bedrohungen: Eine detaillierte Analyse der Aktivitäten der „Big Four“ – China, Russland, Nordkorea und Iran.
- Die Cybercrime-Wirtschaft: Die neuesten Taktiken bei Ransomware, Erpressung und Cybercrime-Operationen.
- Regionale Analysen: Exklusive Einblicke und Prognosen für die Region EMEA.

Google Cloud EMEA Cybersecurity Forecast 2026 - Germany

Las ciberamenazas están en constante evolución. Aprende cómo mantenerte a la vanguardia en 2026 con los expertos en seguridad Jose Alemán y Gerard Salvador López.

Únete a esta sesión, basada en el informe Cybersecurity Forecast 2026 donde Jose y Gerard cubrirán las tendencias clave e información esencial para ayudarte a fortalecer tus defensas en ciberamenazas durante el próximo año. Esto incluye:

- La carrera armamentista de la IA: Cómo la IA generativa está siendo utilizada tanto por atacantes como por defensores.
- Amenazas de los estados nación: Un análisis profundo de la actividad de los "Big Four"—China, Rusia, Corea del Norte e Irán.
-La economía del cibercrimen: Las últimas tácticas en ransomware, extorsión y operaciones de cibercrimen.
- Inteligencia regional: Información exclusiva y predicciones para las regiones de JAPAC y EMEA.

Google Cloud EMEA Cybersecurity Forecast 2026 en español

Les cybermenaces sont en constante évolution. Découvrez comment garder une longueur d'avance en 2026 avec David Grout, CTO EMEA Mandiant et CE Manager Europe du Sud.

Participez à cette session d'analyse approfondie basée sur le rapport « Cybersecurity Forecast 2026 ». David y présentera les tendances et perspectives clés pour vous aider à renforcer vos cyberdéfenses pour l'année à venir.

Au programme :

- La course à l'armement de l'IA : Comment l'IA générative est utilisée à la fois par les attaquants et les défenseurs.
- Les menaces étatiques : Une analyse approfondie des activités du « Big Four » – la Chine, la Russie, la Corée du Nord et l'Iran.
- L'économie de la cybercriminalité : Les dernières tactiques en matière de ransomware, d'extorsion et d'opérations de cybercriminalité.
- Analyses régionales : Perspectives et prévisions dédiées pour la région EMEA.

Google Cloud EMEA Cybersecurity Forecast 2026 - French

Cyber threats are constantly evolving. Learn how to stay ahead of them in 2026 with security expert Jamie Collier.

Join this deep-dive session based on the Cybersecurity Forecast 2026 report, where Andrew will cover key trends and insights to help strengthen your cyber defenses in the year ahead, including:

- The AI Arms Race: How generative AI is being used by both attackers and defenders.
- Nation-State Threats: A deep dive into activity from the "Big Four"—China, Russia, North Korea, and Iran.
- The Cybercrime Economy: The latest tactics in ransomware, extortion, and cyber crime operations
- Regional Intelligence: Exclusive insights and predictions for the JAPAC and EMEA regions.

Google Cloud EMEA Cybersecurity Forecast 2026

The browser is key for harnessing AI’s power in modern work. In this session, discover how recent AI features in Chrome Enterprise and Google Workspace help employees get their work done, and how robust controls and security features enable IT teams to manage and mitigate generative AI risks.

Chrome Enterprise: Secure browsing and collaboration for your enterprise

Concerned about AI agent security? Discover how to confidently deploy and use AI agents. Learn about critical risks like compromised agent identities and unsafe tool use. And explore how Google Cloud helps secure the entire AI agent life cycle with visibility, data protection, and threat mitigation.

Unsupervised autonomy: How to secure AI agents and limit risk

Identity and access management (IAM) and cloud resource posture are at the core of your security infrastructure and fundamental to your AI innovation in the cloud. Join this session to learn about the latest innovations in IAM, access risk, cloud governance, and Gemini-powered assistance.

Protect your AI innovation with Google Cloud IAM

Unlock innovation without sacrificing control. Learn how Google’s Sovereign Cloud delivers the power of choice with residency, access, and transparency controls. Find out directly from Regnology how Data Boundary transformed their business strategy.

Sovereign Cloud from Google: The power of choice

The rapid advancement of AI is fundamentally reshaping the global technological landscape and the concept of digital sovereignty. Learn how Google Cloud’s digital sovereignty solutions are evolving to continue to provide greater control, choice, and security – without compromising functionality.

Digital Sovereignty in the age of AI

Discover how AI is revolutionizing security. Learn about Google’s approach to empowering defenders with AI, how to manage AI risks, and our strategy for securing your AI innovations in the cloud. Join us to learn how the latest AI capabilities can be a force multiplier for your security teams.

What’s next in AI security: Empowering defenders and securing innovation

Is AI the game-changing tool for threat actors that we’ve been warned about? This session provides an analytical exploration of the practical applications, limitations, and real-world impact of generative AI in the hands of government-backed attackers.

We'll examine:

- Current Capabilities: How AI is used for automated content (phishing, disinformation), enhanced reconnaissance, and even malware development.

- Practical Limitations: Challenges like training data, computational resources, AI biases, and the ongoing need for human expertise.

- Real-World Impact & Case Studies: Demonstrable uses of AI in influence operations, espionage, and critical infrastructure targeting, alongside instances where its impact is overstated.

-Future Trends & Defensive Strategies: Emerging AI capabilities and proactive defenses, including AI literacy, AI-powered defensive tools, and international collaboration.

Hype vs. Reality: What to know about government-backed AI threats

Join us as we demo Google SecOps AI agents for alert triage, investigation, and malware analysis. Learn how to build your own workflows, use the SecOps Model Context Protocol to answer cross-product questions, and get immediate access to our latest AI innovations in SecOps Labs.

Empower your SOC with agentic AI for autonomous outcomes in Google SecOps

In today's complex threat landscape, Security Operations Centers (SOCs) face unprecedented challenges, from overwhelming alert volumes and analyst burnout to sophisticated, rapidly evolving attacks. Traditional automation alone is no longer enough.

Join experts from Google and Codsec for a deep dive into the revolutionary concept of the Agentic SOC. This webinar will explore how intelligent AI agents are transforming cybersecurity by operating with unprecedented autonomy, reasoning, and precision, working seamlessly alongside human analysts.

Key Takeaways:

- Understanding Agentic AI: Discover what an Agentic SOC truly is, how it differs from conventional automation, and its core capabilities, including autonomous triage, intelligent investigation, and proactive response.

- Google's Vision for AI in Security: Learn how Google's cutting-edge AI, including Gemini in Security Operations and Google SecOps, is enabling this shift, offering natural language querying, automated detection, and integrated threat intelligence at hyperscale.

- Practical Implementation with Codsec: Explore how Codsec, a certified Google partner, leverages its expertise in NextGen SOC and SecOps Automation to help organizations implement tailored agentic solutions that maximize existing SIEM, SOC, and SOAR investments, driving a significant boost in security team productivity.

- Real-World Impact: See how an Agentic SOC dramatically reduces investigation times, minimizes alert backlogs, and empowers security teams to shift from reactive firefighting to proactive, intelligence-driven defense.
Q&A: Get your questions answered live by Google Security Experts.

This webinar is essential for security leaders, SOC analysts, and cybersecurity professionals looking to understand and harness the power of agentic AI to build a more resilient, efficient, and future-ready security operation.

The Agentic SOC: Supercharging Security Operations with AI and Automation

The webinar is a summary of the activity that Mandiant captured while doing incident response and enterprise forensics on different entities targeted by the group UNC1945. 

Please join Mandiant’s Luis Rocha, Principal Consultant, Mandiant; Google Cloud, for an in-depth look at UNC1945, including the group’s:

- Demonstrated access to exploits, tools, and malware for multiple operating systems
- Exploitation of an Oracle Zero-day
- Disciplined interest in covering or manipulating their activity
- Advanced technical abilities during interactive operations

Tales From the Frontlines - Threat Group UNC1945

Cyber Attacks

Cyber Crime

Incident Detection

Incident Resolution

Incident Response

Threat Defence

Threat Detection

Threat Analysis

Cyber Incident Response

Cyber Defence

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Tales From the Frontlines - Threat Group UNC1945

Presented by

About this talk

Mandiant EMEA