Name: Security Analyst Diaries - EP6: Chronicle SIEM's Domain Prevalence
Start: 2022-09-27T22:19:00Z
End: 2022-09-27T22:19:11.000Z
Location: BrightTALK
Rating: 4

Transform your cybersecurity with frontline intelligence, modern security operations and AI-powered cloud innovation.

While many organizations have threat intelligence as part of their security operations program, most struggle to apply it effectively, and lack the required resources and expertise to keep up with the latest threat actors and TTPs. In this webinar, we’ll take a look at the new intelligence-driven approach in Google Chronicle Security Operations, and how it can deliver turnkey security outcomes with threat intelligence that’s personalized, relevant, and seamlessly embedded.

Stay ahead of the latest threats with intelligence-driven security operations

Mandiant Managed Defense presents a quarterly webinar series, "Tales from the Trenches," to help you navigate the ever-evolving threat landscape. Our security experts will dive into the latest malware and attack trends they've encountered in the previous quarter. You'll gain valuable insights into how these threats were detected, along with actionable advice to strengthen your own defenses.

In the first installment of the series, Managed Defense consultants will detail findings from January through March 2024, including:

*Phishing emails deploying ASYNCRAT malware
*Ongoing exploitation of ScreenConnect vulnerabilities and hardening guidance 
*New FAKEUPDATES technique compromising Outlook email signatures

Reserve your spot today!

Tales from the Trenches: Malware and attack trends from Managed Defense

As organizations continue to migrate their critical workloads to the cloud, security teams face the daunting task of keeping their multicloud environments safe. Imperative to success is bridging the gap between proactive and reactive security teams so that everyone has a common view of data and events. This requires converging the tools and data used by cloud security and enterprise security operations teams into a single platform.

Join Melinda Marks, Practice Director at ESG, for an in-depth discussion on how the convergence of cloud security and enterprise security operations can streamline the detection and remediation of cloud misconfigurations, software vulnerabilities, and active threats. 

After attending this webinar, you'll be ready to start:
> Bringing together cloud security and security operations teams to drive greater efficiency and issue accountability 
> Prioritizing security response efforts by employing a comprehensive and continuous view of high-risk cloud risks that are specific to the environment 
> Understanding what cloud resources are most exposed through a unified data model that connects cloud security and SecOps teams

Converging Cloud Security with Enterprise SecOps

Proactive threat hunting enables cyber defenders to reduce attack dwell time through the identification of compromise activity previously missed by other detection mechanisms. Yet, many security teams do not have a dedicated threat hunting function and we’re on a mission to change that. 

In this webinar, Mandiant experts will cover:
 - How to establish a threat hunting function 
 - Threat hunting best practices and methodologies
 - Aligning hunt findings to the MITRE ATT&CK framework

Learn how to proactively hunt for evidence from a previous or existing compromise to enhance future response capabilities and realize new methods of threat detection.

Beyond Detection: The Art and Science of Proactive Threat Hunting

Many organizations are eager to take advantage of generative AI, but don’t have the resources to build, train, and maintain costly LLM models of their own. This session will provide an overview of the work Google Cloud is doing to allow customers and partners to call upon pre-trained security models and bring critical security intelligence to power their workflows.

Generative AI for your security use cases

Org Policy Service can help you establish security guardrails allowing only compliant resource configurations in your cloud organization. In this session we will introduce our new custom organization policy capability and how you can create and manage your own security and compliance policies to meet and address your organization's business requirements and policies.

IAM: New custom org policies to help address cloud governance requirements

The key to maintaining a strong cloud security posture is to build from the start on a robust foundation of baseline security controls. Google Cloud’s Security Foundation solution provides recommended controls for common cloud adoption use cases. In this session, you’ll learn how to use layered security defenses in the cloud to protect your cloud-based workloads. You’ll also learn how to build an architecture with security controls optimized for your modern infrastructure.

Security Foundation for Google Cloud: Protecting workloads with layered defenses

Cloud security teams are becoming cloud risk managers. They are moving beyond triaging the massive volumes of security alerts common to most cloud environments, to a new reality where they can efficiently identify and prioritize the high-risk issues that expose their organization’s critical cloud assets and resources. And, they are looking to CNAPP security tools to not only detect cloud misconfigurations, software vulnerabilities, and active threats - but remediate them, as well.

Join Philip Bues, Research Manager at IDC, to learn best practices for managing cyber risks in complex multicloud environments. Hear about emerging technologies and tools that help to break down silos between teams, and provide common workflows that bring together proactive and reactive security to drive down cloud risks.

In this webinar, you will learn:
> Why risk management must take center stage when protecting cloud environments
> How to develop strategies for not only finding cloud risks, but automatically remediating them
> The importance of infusing frontline threat intelligence directly into cloud risk management to find and help defeat the latest cyber attacks

Managing and Prioritizing Cloud Risks with CNAPP Security

Everyone wants to dive into security data analytics, but it can get overwhelming trying to figure out how to work with the data they already have. Security teams don’t always know if they have duplicate data or if there is something missing. In this webinar, experts recommend tools and best practices for correlating information from multiple security systems so that your SOC team is focusing on the most important threats first. Get practical advice on how to integrate data from external and internal data sources to get actionable insights. Learn how to identify threats and prioritize your responses.

During this webinar you will: 
 - Learn best practices for turning security data into actionable insights 
 - Find out how to prioritize the most dangerous threats to the enterprise  
 - Get advice on how integrate security data from across the organization in a way that’s most useful for security teams

Presented live by featured speakers Dr. Jason Clark and Greg Kushmerek. Moderated by Becky Bracken.

Making Sense of Security Operations Data

Outdated SIEM systems continue to form the backbone of many security operations despite increasing vulnerabilities and the rise of more powerful alternatives. This presentation offers a practical approach to SIEM migration, addressing the top challenges and providing actionable takeaways for a successful transition.

Veteran security expert Anton Chuvakin will cover essential tips, including:
 - Identifying the need for a new SIEM, understanding market options, and defining clear migration goals.
 - Streamlining the process by focusing on essential log sources and detection content.
 - Leveraging the migration as a catalyst to modernize security processes.
 - Emphasizing thorough testing, training, phased approaches, and the benefits of expert help.

Whether you're a seasoned practitioner or just beginning to consider a SIEM migration, this presentation will provide valuable insights and actionable strategies to ensure success in 2024.

Smooth SIEM Surgery: Practical Tips for SIEM Migration Success in 2024

Join us for a LIVE webinar and be the first to discover the latest features and make the most of VirusTotal.

VirusTotal: New Features 2024 Q1

Security operations are struggling. According to Enterprise Strategy Group (ESG), the primary challenges security teams are facing include spending too much time addressing high priority/emergency issues and not enough time on strategy and process improvement, along with monitoring security across a growing and changing attack surface.

In this webinar, Anton Chuvakin, Security Advisor at Office of the CISO, Google Cloud, and Jon Oltsik, Distinguished Analyst and Fellow, will explore how generative AI can help support your security operations. You will learn:
• Where & why security operations are struggling
• How GenAI can help
• Use cases for GenAI security
• Tips on how to get the most out of GenAI for your security operations

Watch the webinar now!

The Role of Generative AI for Security Operations

Join one of our top VirusTotal researchers for a step by step LIVE session on VirusTotal Threat Hunting.  This time we will cover how to hunt through Sigma rules with the latest features we have added on macOS and Linux, and explore how Crowdsourced AI analysis compares to and complements the identified Sigma rule matches. We will see how to carry out other hunting activities based on infrastructure and behaviors to detect interesting malicious activity.

Threat Hunting with VirusTotal - Episode 5

Fresh-off-the-presses Enterprise Strategy Group (ESG) data illustrates that 88% of organizations plan to increase security operations spending over the next 12-18 months to achieve security operations center (SOC) modernization.  

Organizations are pursuing this veritable SOC north star to improve threat intelligence, integration of asset management, and risk prioritization. So, how can your business similarly kick-start SOC modernization?

Join us on December 12th, 2023, at 11am EST for this custom talk with Jon Oltsik, ESG Distinguished Analyst and Fellow, and Google’s own Christopher Martin, wherein Oltsik and Martin share their SOC expertise and home in on:
• 6 trending SOC-focused objectives 
• Key reasons to move from manual to automated, AI-assisted SOC processes
• Recent ESG research data on security spending priorities 
• How Google supports MITRE ATT&CK Framework adoption for security operations
• And much more.

The Journey Toward SOC Modernization: Enterprise Strategy Group Session

The cyber threat landscape is constantly evolving, and defenders have the challenging task of keeping up. By exploring the trends we see today, we can improve our cyber readiness and be better prepared for the year ahead. 

To help organizations navigate the cyber landscape in 2024, security expert Andrew Kopcienski is presenting a deep-dive session to cover many of the topics discussed in the latest Google Cloud Cybersecurity Forecast 2024 report, including:

- Tactics and tools to steal credentials
- SMS phishing, notably to access environments
- Increasing use of zero-days
- More targeting of edge and other devices  

Register for the webinar, and read the Google Cloud Cybersecurity Forecast 2024 report: https://cloud.google.com/resources/security/cybersecurity-forecast

Google Cloud Cybersecurity Forecast 2024

Protect against phishing, bots, account takeovers & payment fraud

Cybercriminals are becoming more sophisticated in their methods, using advanced techniques to steal credentials, make unauthorized purchases and cause billions in losses to organizations worldwide. Businesses need a modern, comprehensive fraud prevention solution that can keep up with the rapidly changing threat landscape and protect against phishing, bots, bulk account registration, account takeovers, and payment fraud

Join Google Cloud Security experts as they discuss how Google uses its fraud intelligence to provide best-in-class detection to protect against fraud at each stage of the attack lifecycle.

Key topics include:

- Need for comprehensive protection across each stage of the attack spectrum
- Role of fraud intelligence to provide deep insights into suspicious behavior and trends
 - Importance of AI/ML models for customer-tailored detection against fraudulent activities

Fraud-Proof Your Digital Channels with Google Cloud Fraud Protection Solutions

Nearly 80% of organizations experienced 2 or more account or credential compromise over the last 12 months. Despite this, organizations are failing to learn from and respond to these compromise threats, leaving everyone involved with these companies at risk.

Join Sway Fontanez, Product Manager at Google, and Jack Poller, Senior Analyst at Enterprise Strategy Group (ESG) in this webinar as they discuss why accounts are being compromised and how reCAPTCHA can protect you from these attacks.

This talk will cover:
• The top attack types hackers are using against you
• What to do about the billions of passwords available on the dark web that invite bad actors into your organization
• How to defend yourself from these types of attacks
• The truth about reCAPTCHA and how to deploy it

Google Cloud reCAPTCHA Enterprise: Detect and Prevent Account Takeovers

YARA is one of the most powerful tools for detecting and monitoring malware, but it can be intimidating to master. However it evolves fast! New YARA editors, creation of YARAs by clicking on desired features from a given observable and  Netloc rules, open a full universe for YARA creators. This webinar is for anyone who wants to learn more about YARA, latest innovations and how to use it effectively.

Stay ahead with YARA: Exploring the latest rule writing innovations

Welcome to another Security Analyst Diary entry. We embarked on a journey to drive context-aware detections, and enrich ingested data with actionable information for our customers. A key part of fulfilling on that journey has been Prevalence, an important capability since the very inception of Chronicle. Check out the blog of this diary entry here: https://chronicle.security/blog/posts/security-analyst-diaries-6-finding-the-proverbial-needle-in-a-haystack-with-Chronicle-SIEM-domain-prevalence/

Chronicle SIEM, part of our Chronicle Security Operations suite, enables analysts to drive impactful security operations, context-driven detections and investigations, and enable a faster threat response. In today’s Security Analyst Diary entry, we’re going to cover: 

- What is domain prevalence and UDM implementation?
- Detection engine and prevalence
- Prevalence isn’t just for domains
- SQL queries and how

Security Analyst Diaries - EP6: Chronicle SIEM's Domain Prevalence

Threat Detection

Security Operations

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

The storage community on BrightTALK is made up of thousands of storage and IT professionals. Find relevant webinars and videos on storage architecture, cloud storage, storage virtualization and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Storage

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Security Analyst Diaries - EP6: Chronicle SIEM's Domain Prevalence

Presented by

About this talk

More from this channel