Hi [[ session.user.profile.firstName ]]

Seeing red from the SUNBURST: Insights and analysis

Unless you’re living off the grid, you’ve heard of the SolarWinds/SUNBURST attack by an elite Russian adversary. In this month’s Cyber Look Back, we’ll live stream with IronNet SOC experts and threat researchers to unpack the latest and ongoing analysis of this egregious attack. In other news, we’ll also cover coin mining as a distraction tactic, a new vuln in VMware, and Trickbot UEFI capabilities.

Host:
Joel Bork, IronNet Senior Threat Hunter

Speakers:
Brett Fitzpatrick, IronNet Threat Hunter
Peter Rydzynski, IronNet Threat Analysis Lead
Recorded Jan 8 2021 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Peter Rydzynski, IronNet Threat Analysis Lead & Brett Fitzpatrick, IronNet Senior Threat Hunter
Presentation preview: Seeing red from the SUNBURST: Insights and analysis

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The March Cyber Lookback: Mac Malware and More Recorded: Mar 5 2021 49 mins
    Brett Fitzpatrick, IronNet Threat Hunter, Peter Rydzynski, IronNet Threat Analysis Lead & Joel Bork, IronNet Sr Threat Hunter
    Researchers are still anticipating the jump-scare of the mystery malware that is running natively on Apple’s new M1 chip; but justice is coming for 3 North Korean hackers indicted for activity related to WannaCry ransomware deployments and attacks on Sony and other media companies. Join IronNet threat hunters to discuss and debate these and other cyber news items closer to go-live time.
  • Data sharing in cyber: Myths and realities Recorded: Feb 18 2021 46 mins
    Maj Gen USAF (Ret.) Brett Williams IronNet Co-Founder & Cyber Strategist and David Foelber, IronNet Senior Software Engineer
    Threat data and intelligence sharing is a topic often surrounded in a swirl of controversy and questions of privacy, trust, and regulation. But in the cybersecurity space, operationalizing the real-time sharing of threat data is the only way to get ahead of attacks. It can be done safely, and anonymously — and we’ll show you how.

    In this webinar you’ll learn about:
    Data minimization and how IronNet handles it
    How IronDome participants can control what is shared, and with whom
    How the resulting “radar” view can help identify broad cyber campaigns like SUNBURST

    Speakers:
    Maj Gen USAF (Ret.) Brett Williams, IronNet Co-Founder & Cyber Strategist
    David Foelber, IronNet Senior Software Engineer
    Joel Bork, IronNet Senior Threat Hunter & Advisor
  • The next four years...in cyber Recorded: Feb 9 2021 59 mins
    GEN (Ret) Jack Keane, Chairman, ISW, Former Vice Chief of Staff, US Army, GEN (Ret) Keith Alexander, IronNet Founder & Co-CEO
    With the U.S. election only one week away, the security posture of the nation’s future is on the minds of these two top-ranked former military leaders. Join General (Ret) Keith Alexander, General (Ret) Jack Keane, and IronNet CMO Russ Cobb as they analyze what the next four years could look like with regards to cybersecurity threats from nation states like China, Russia, and Iran. Tap into their combined experience and intelligence access as we tackle questions such as:
    Is Russia holding true to their claim not to interfere in the U.S. election? Are they likely to interfere?
    How might cybersecurity policy and strategy look in the next four years?
    Should the U.S. adopt an all-of-nation approach to cybersecurity, similar to China and Russia, to even the playing field? What would that look like?
    Which adversaries pose risk and where are the most likely confrontations to occur in the next four years ?

    Speakers:
    GEN (Ret) Jack Keane, Chairman, Institute for the Study of War, Former Vice Chief of Staff, US Army
    GEN (Ret) Keith Alexander, IronNet Founder & Co-CEO
    Russ Cobb, IronNet CMO
  • The February Cyber Lookback: Solarwinds Aftermath Recorded: Feb 5 2021 60 mins
    Peter Rydzynski, IronNet Threat Analysis Lead & Brett Fitzpatrick, IronNet Threat Hunter
    Keeping it all straight, in the SolarWinds Aftermath. Joel Bork, Peter Rydzynski, and Brett Fitzpatrick, will be deep diving into what has occurred since IronNet’s January Cyber Lookback Edition - analyzing associated malware including SuperNova, SunSpot, and Teardrop, and the associated data leaks - what are they and do they impact you? How do the claims about Jetbrains and Teamcity play into the analysis of the SUNBURST attack?

    Speakers:
    Joel Bork, IronNet Senior Threat Hunter
    Peter Rydzynski, IronNet Threat Analysis Lead
    Brett Fitzpatrick, IronNet Threat Hunter
  • SUNBURST retrospective: Changing the outcome with Collective Defense Recorded: Feb 5 2021 43 mins
    Anthony Grenga, VP Cyber Operations, Peter Rydzynski, Threat Analysis Lead, and Joel Bork, Senior Threat Hunter
    Unless you’re living off the grid, you’ve heard of the SUNBURST attack by an elite Russian adversary that affected more than 18,000 companies. The 18,000 companies worked individually to protect their network. Imagine now, if security analysts for these companies had been working together at network speed and sharing crowdsourced knowledge, leveraging their collective expertise to defend themselves, their industries, and the nation. The end results would likely be very different.

    IronNet first detected the initial SUNBURST behaviour months ago on May 31st 2020, in near real-time on a customer’s network. The intel was correlated and shared into IronDome, IronNet’s Collective Defense platform that significantly increases IronNet’s customers’ ability to detect threats and take actionable steps. Join IronNet’s cyber operations experts Anthony Grenga, Joel Bork and Peter Rydzynski to unpack the latest and ongoing analysis of this egregious attack, and learn how you can stand a chance against future threats.
  • Your SOC. Multiplied Recorded: Feb 3 2021 48 mins
    Maj Gen USAF (Ret.) Brett Williams IronNet Co-Founder & Cyber Strategist and Dr. Ania Kacewicz, IronNet Senior Data Scientist
    Alert fatigue. The lack of senior analysts. Cyber talent turnover. An ever-expanding threat landscape. What if you could automate some threat investigation steps so your analysts can spend time more strategically? Join our senior threat hunter, senior data scientist, and cybersecurity strategist to discuss the power of machine learning + human insights in leveling up your cyber defense via an automated expert system for threat detection.

    Speakers:
    Maj Gen USAF (Ret.) Brett Williams, IronNet Co-Founder & Cyber Strategist
    Dr. Ania Kacewicz, IronNet Senior Data Scientist
    Joel Bork, IronNet Senior Threat Hunter
  • From the top down: Why every board of directors needs to address cybersecurity Recorded: Feb 2 2021 55 mins
    VADM Jan Tighe, U.S. Navy, GEN (Ret.) Keith Alexander, IronNet Founder and Co-CEO and Russ Cobb, IronNet CMO
    Get the latest insights on the global cyber threat landscape from IronNet founder and co-CEO GEN (Ret.) Keith Alexander, this time joined by Vice Admiral (Ret.) Jan Tighe. As political tensions continue to escalate between the U.S. and adversarial nation states, protecting critical infrastructure rises to the top of urgent issues. How can senior leaders of critical infrastructure companies incorporate a greater focus on cybersecurity and further drive sharing within sectors and with the public sector? Learn how collaborating on the real-time cyber threats hitting our networks — and automating that sharing at network speed — can accelerate defensive responses and strengthen the nation’s security as a whole.

    Presenters:
    Jan Tighe, Retired Vice Admiral, Former Deputy Chief of Naval Operations for Information Warfare and Director, Naval Intelligence, US Navy
    General (Ret.) Keith Alexander, Founder and Co-CEO, IronNet
    Russ Cobb, CMO, IronNet
  • Eyes only: Top U.S. and foreign cybersecurity policy issues Recorded: Jan 28 2021 59 mins
    Former House Intelligence Committee Chair Mike Rogers; General (Ret) Keith Alexander, IronNet Co-CEO; Russ Cobb, IronNet CMO
    With issues such as Huawei and 5G, election security, and ongoing attacks from foreign actors, the world is seeing a frenzy of cybersecurity policy discussions. Get an inside perspective from seasoned cyber intelligence experts on the priorities for securing the public and private sectors — and how they can work together for stronger results. Join IronNet as we host former U.S. House Intelligence Committee Chairman Mike Rogers, who is also Vice Chairman of the Board of Trustees of MITRE Corporation, for a people-process-technology discussion about the cybersecurity industry and policymaking.

    From this webinar, you’ll get insight into:
    The most pressing vulnerabilities the private and public sector is facing today
    The cyber policies and technologies that are most important to pay attention to right now
    How MITRE’s new Engenuity foundation is driving research and development into areas like encryption standards and 5G networks.
  • Collaborate for a stronger cyber defense: Leadership advice from the front lines Recorded: Jan 26 2021 51 mins
    Steve Swick, Chief Security Officer, AEP, GEN (Ret.) Keith Alexander, IronNet Co-CEO, and Russ Cobb, IronNet CMO
    From the Cyber Solarium Commission and CISA to the World Economic Forum — experts around the world and across all industries agree that collaboration is the key to a stronger cyber defense. How can organizations get beyond the theory and into the practice of collaborating on everything from best practices and threat intelligence to real-time detections of attacks? In this webinar, you’ll learn:
    How to overcome concerns or misconceptions about sharing information in cybersecurity
    The role that talent development and upskilling plays in preparing an organization for better collaboration
    Recommendations for getting started with the local, state, and national organizations.
  • New security strategies for healthcare Recorded: Jan 26 2021 52 mins
    Paddy McGuinness, John Ford and Joel Bork
    It could be said that 2020 was the year of Ransomware attacks – in cyber security terms. Healthcare organisations in particular, had a tougher cyber defence challenge to contend with. Whilst making waves in the news, Ransomware has proven to be one of the most persistent and destructive cyber threats, causing business disruption, financial and legal strain to healthcare providers and their supply chain worldwide. Blending attacks with extortion techniques, ransomware attacks are also becoming data breaches.

    With ransomware-as-a-service (RaaS) on the rise and the high yields that Ransomware attacks generate for criminals, what actions can we take to mitigate risks and minimise damage? Join us to discuss the protection of healthcare providers with testimonial from those on the frontlines of the pandemic.

    Cyber security experts Paddy McGuiness, Former UK Deputy National Security Adviser for Intelligence, Security and Resilience, John Ford, IronNet Cybersecurity Strategist and Joel Bork, IronNet Senior Threat Hunter will discuss:

    The recent surge in cyberattacks on UK healthcare systems, providers, and laboratories
    Key attack trends we have noted in 2020 to healthcare providers
    How threat actors are adjusting their attack models from ransomware to extortion
    How we can collaborate to protect the healthcare sector from nation state actors and secure the Covid-19 vaccine supply chain
    Peer testimonial from those on the frontlines of the pandemic
    Transatlantic sharing of behavioural-based attack intelligence as a force-multiplier
  • Healthcare cybersecurity: Why you can't spend your way out of this dilemma Recorded: Jan 21 2021 45 mins
    IronNet Cyber Strategist, John Ford and IronNet Threat Hunter, Joel Bork
    Despite many cybersecurity professionals claiming confidence in their enterprise cyber defense technologies and systems—and continuing to invest in additional solutions—malicious attacks are still getting through. These attacks are avoiding detection, slipping past defenses and compromising network security, well before anyone realizes it has happened. Nation-state actors are joining together to dedicate economic and human resources to cyberattacks at a scale and speed that demand an equally coordinated defense. And they are not alone. Organized cybercriminal attack groups have risen almost 25 percent year over year and, armed with nation-state level capabilities, are targeting the healthcare sector with the ability to monetize their attacks across healthcare’s vast ecosystem and supply chain.

    Add in catastrophic events such as COVID-19, and the sector in general simply cannot devote the time, talent, and resources to get ahead of the threat landscape. Combined, this has created an inflection point in how we as companies, sectors, and governments think about the models that better protect our citizens, assets, and industries. Defense in isolation is no longer an option, and the pivot is to a Collective Defense capability that can respond in real time and provide situational awareness across the sector without additional cybersecurity resources.

    In this webinar you’ll learn:
    How collaborating on defense can shift an organization's threat detection strategy towards a more proactive posture and bolster its position against cybercriminals and state-actors
    How security executives can get the C-suite and board in support of a collective defense approach.
  • How to use the MITRE ATT&CK® Framework to prioritize cyber initiatives Recorded: Jan 19 2021 33 mins
    Adam Pennington, ATT&CK Lead & Bill Swearingen, IronNet Cyberstrategist & former CISO
    Security leaders who are new to the MITRE ATT&CK Framework will learn how to make better use of the framework to identify security weak spots — and where to prioritize budget and project planning, from IR and threat intelligence to SOC operations. Cybersecurity analysts already know how ATT&CK can help identify adversaries by mapping TTPs and behaviors across the framework. In this application, ATT&CK has become a daily tool for hunters and analysts to better connect and anticipate multi-stage or nation-state attacks. But the MITRE ATT&CK framework can also be used to assess your level of strategic coverage and prioritize how you build out your cyber organization.
  • Why a national supply chain cybersecurity strategy matters Recorded: Jan 19 2021 53 mins
    Vice Admiral (Ret) Mike McConnell, Former Director of the NSA and General (Ret) Keith Alexander, IronNet Founder and Co-CEO
    As IronNet’s Supply Chain September focus continues, we welcome two intelligence heavy-hitters to discuss hidden risks and expert recommendations related to supply chain cybersecurity at a national level: Retired U.S. Navy vice admiral and former director of the National Security Agency, Mike McConnell; and IronNet’s founder, GEN (Ret.) Keith Alexander, also former NSA director and former commander of U.S. Cyber Command. Join IronNet CMO Russ Cobb as, together, they offer a unique inside look at why supply chain security is a critical national topic and what’s being done to address it.

    In this webinar, you’ll learn:
    What the real potential costs are of supply chain vulnerabilities
    How the public and private sectors are working together to improve supply chain security
    Why intelligence sharing and collaboration are critical cyber strategies

    Speakers:
    Vice Admiral (Ret) Mike McConnell, Former Director of the NSA
    General (Ret) Keith Alexander, IronNet Founder and Co-CEO
    Russ Cobb, IronNet CMO
  • Ask the experts: Detecting ransomware before the payload Recorded: Jan 14 2021 44 mins
    Jon Perez, Director of Threat Research, IronNet and Anthony Grenga, VP Cyber Operations, IronNet
    Read the full research or executive summary ahead of time and bring your questions. IronNet threat researchers analyzed multiple lab-detonated ransomware variants and discovered commonalities in the artifacts and metadata that may prove helpful in detection. Factors such as east/west vs. north/south traffic and data file entropy will be discussed.

    Full Research:
    https://www.ironnet.com/blog/detecting-ransomware-three-research-based-recommendations

    Executive Summary:
    https://www.ironnet.com/blog/ransomwares-malevolent-heyday
  • Five Strategies for Securing your Supply Chain Recorded: Jan 12 2021 55 mins
    Alla Valente, Forrester Research analyst covering GRC and Third-Party Risk and IronNet Cyber Strategist, Bill Swearingen
    While the news of the latest zero day attack always dominates the headlines, a more insidious risk is building much closer to home: the vulnerabilities posed by unsecured supply chains.

    How can security professionals get their arms around this problem that touches everything from hardware and software to legal contracts and operational processes?

    Join IronNet cyber strategist and former CenturyLink CISO Bill Swearingen as he hosts guest Alla Valente, a Forrester Research analyst covering GRC and Third-Party Risk, to provide some practical advice on tackling this massive issue.
    We'll cover these and other practical recommendations:
    * The top questions to ask in your vendor RFPs to assess security risks
    * Best practices for creating a risk management program that includes supply chain risks
    * Techniques to identify significant supply chain risk
    * Most common tactics attackers use when targeting the supply chain
    * Defenses, frameworks, and other defenses tactics
  • Seeing red from the SUNBURST: Insights and analysis Recorded: Jan 8 2021 49 mins
    Peter Rydzynski, IronNet Threat Analysis Lead & Brett Fitzpatrick, IronNet Senior Threat Hunter
    Unless you’re living off the grid, you’ve heard of the SolarWinds/SUNBURST attack by an elite Russian adversary. In this month’s Cyber Look Back, we’ll live stream with IronNet SOC experts and threat researchers to unpack the latest and ongoing analysis of this egregious attack. In other news, we’ll also cover coin mining as a distraction tactic, a new vuln in VMware, and Trickbot UEFI capabilities.

    Host:
    Joel Bork, IronNet Senior Threat Hunter

    Speakers:
    Brett Fitzpatrick, IronNet Threat Hunter
    Peter Rydzynski, IronNet Threat Analysis Lead
  • Why a national supply chain cybersecurity strategy matters Recorded: Jan 6 2021 53 mins
    Vice Admiral (Ret) Mike McConnell, Former Director of the NSA and General (Ret) Keith Alexander, IronNet Founder and Co-CEO
    As IronNet’s Supply Chain September focus continues, we welcome two intelligence heavy-hitters to discuss hidden risks and expert recommendations related to supply chain cybersecurity at a national level: Retired U.S. Navy vice admiral and former director of the National Security Agency, Mike McConnell; and IronNet’s founder, GEN (Ret.) Keith Alexander, also former NSA director and former commander of U.S. Cyber Command. Join IronNet CMO Russ Cobb as, together, they offer a unique inside look at why supply chain security is a critical national topic and what’s being done to address it.

    In this webinar, you’ll learn:
    What the real potential costs are of supply chain vulnerabilities
    How the public and private sectors are working together to improve supply chain security
    Why intelligence sharing and collaboration are critical cyber strategies

    Speakers:
    Vice Admiral (Ret) Mike McConnell, Former Director of the NSA
    General (Ret) Keith Alexander, IronNet Founder and Co-CEO
    Russ Cobb, IronNet CMO
  • The Cyber Lookback: October Edition Recorded: Jan 5 2021 42 mins
    Oliver Wai, VP Product Marketing, Peter Rydzynski, Detection Research Engineer and Brett Fitzpatrick, Threat Hunter
    From (fileless) APT attacks to Zerologon, IronNet’s security operators are back to give you the lowdown on what’s escalating in the cyber world. What’s behind the resurgence in Emotet malware, and what are we learning about the behavior and characteristics of ransomware that may help us detect these malicious and costly attacks? Join two members of IronNet’s elite SOC, threat hunter Brett Fitzpatrick and Detection Research Engineer Peter Rydzynski, along with Oliver Wai, VP of product marketing, for an entertaining deep-dive into why these events matter, what IronNet saw in customer environments over the month of September and, as a bonus, get a preview of upcoming ransomware research being released by the IronNet threat research team.
  • Five Strategies for Securing your Supply Chain Recorded: Dec 22 2020 55 mins
    Alla Valente, Forrester Research analyst covering GRC and Third-Party Risk and IronNet Cyber Strategist, Bill Swearingen
    While the news of the latest zero day attack always dominates the headlines, a more insidious risk is building much closer to home: the vulnerabilities posed by unsecured supply chains.

    How can security professionals get their arms around this problem that touches everything from hardware and software to legal contracts and operational processes?

    Join IronNet cyber strategist and former CenturyLink CISO Bill Swearingen as he hosts guest Alla Valente, a Forrester Research analyst covering GRC and Third-Party Risk, to provide some practical advice on tackling this massive issue.
    We'll cover these and other practical recommendations:
    * The top questions to ask in your vendor RFPs to assess security risks
    * Best practices for creating a risk management program that includes supply chain risks
    * Techniques to identify significant supply chain risk
    * Most common tactics attackers use when targeting the supply chain
    * Defenses, frameworks, and other defenses tactics
  • Collaborate for a stronger cyber defense: Leadership advice from the front lines Recorded: Dec 10 2020 52 mins
    Steve Swick, Chief Security Officer, AEP, GEN (Ret.) Keith Alexander, IronNet Co-CEO, and Russ Cobb, IronNet CMO
    From the Cyber Solarium Commission and CISA to the World Economic Forum — experts around the world and across all industries agree that collaboration is the key to a stronger cyber defense. How can organizations get beyond the theory and into the practice of collaborating on everything from best practices and threat intelligence to real-time detections of attacks? In this webinar, you’ll learn:
    How to overcome concerns or misconceptions about sharing information in cybersecurity
    The role that talent development and upskilling plays in preparing an organization for better collaboration
    Recommendations for getting started with the local, state, and national organizations.
The Leader in Collective Defense
Our mission is to deliver the power of collective cybersecurity to defend companies, sectors, and nations so that people, companies, and nations can live and work with peace of mind in cyberspace.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Seeing red from the SUNBURST: Insights and analysis
  • Live at: Jan 8 2021 4:35 pm
  • Presented by: Peter Rydzynski, IronNet Threat Analysis Lead & Brett Fitzpatrick, IronNet Senior Threat Hunter
  • From:
Your email has been sent.
or close