Name: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers
Start: 2025-03-25T15:00:00Z
End: 2025-03-25T15:00:38.000Z
Location: BrightTALK
Rating: 3.7

Transform your cybersecurity with frontline intelligence, modern security operations and AI-powered cloud innovation.

Traditional, static, rule-based methods for identifying cloud security risks often fail to detect complex, multi-stage attacks and "unknown unknowns," leaving organizations exposed.  And the sheer volume of alerts leave security teams struggling to prioritize the most critical risks.

Security Command Center's (SCC) delivers the best protection for Google Cloud. Its unique virtual red teaming feature solves the above problems by continuously simulating millions of attack permutations against a digital twin of your cloud environment. This proactive approach discovers the highest risk attack paths and vulnerabilities that are often concealed, providing prioritized, actionable insights and reducing alert noise, allowing teams to focus on the most significant risks and improve their overall cloud security posture.  Join us to learn:

> Why typical static posture rules and attack path analysis fail
> What is Virtual Red Teaming and how it works
> How Virtual Red Teaming is integrated into CNAPP
> How SCC delivers risk mitigation, AI protection, and threat detection
> Live demo of Virtual Red Teaming in action

Security Foundation: How to uncover hidden risk with virtual red teaming?

The AI era presents unprecedented opportunities and challenges, particularly for security professionals. This webinar, featuring Archana Ramamoorthy from Google Cloud, and Dave Gruber from Enterprise Strategy Group, explores the critical security concerns arising from the rapid adoption of generative AI and recommendations for how organizations can accelerate AI transformation securely.

Based on a recent Enterprise Strategy Group showcase report, we'll delve into the primary security risks organizations face, including data protection, regulatory compliance, and AI-specific threats like hallucination and prompt injection. Our speakers will discuss the three foundational building blocks of AI security: discovery and visibility; control mechanisms; and detection and response, and how these can be implemented to ensure secure, private, and compliant AI deployments. Viewers can also learn more about Google Cloud's new AI Protection solution, which provides end-to-end capabilities to help manage risk across the AI lifecycle. 

Join us to gain actionable insights on establishing robust AI security measures and understand how you can protect your innovations in the AI era.

Securing AI 101: Breaking down the building blocks to enable secure AI transformation

This webinar, the final session in The Defender's Advantage virtual series, focuses on how Google Cloud Security can help organizations of all sizes activate their defender's advantage by guiding them through the activation of the six critical functions of cyber defense.    

You will learn about:
*The Defender's Advantage methodology and its benefits    
*How Google Cloud Security solutions map to the six critical functions of cyber defense  
*Real-world examples and case studies of how organizations have successfully implemented The Defender's Advantage with Google Cloud Security    

Join us to discover how to make Google part of your security team. 

About The Defender’s Advantage:
Google Cloud Security published The Defender’s Advantage, a cyber defense framework to help all organizations prepare for and mitigate future security incidents. We believe that security teams like yours have the ultimate cyber defense advantage, the ability to control the environment being attacked.  Learn more here: https://cloud.google.com/security/resources/defenders-advantage

Activate the 6 critical functions of cyber defense with Google Cloud Security [The Defender's Advantage series, part 4]

Protecting your sensitive data in the cloud is paramount, and encryption at rest is a critical component of a robust security posture. However, navigating the various options and choosing the right strategy can be complex.

This talk provides an overview of encryption of data at rest in Cloud. We’ll review the factors that affect when you should own and control your own keys, and the differences between the different Google Cloud offerings. 

Join this webinar to  learn:
> How to choose your encryption strategy
> How to easily and continuously align with recommended encryption and key management practices

Security Foundation: Why your cloud keys matter and how to manage them in cloud.

Cybersecurity should be a team sport. Attackers are sharing tactics and sometimes infrastructure, so defenders need to work together as well. Sharing threat intelligence within trusted circles is no longer a "nice to have"—it's an essential component of a robust security strategy. Join our webinar to learn how Google Threat Intelligence empowers you to collaborate with internal groups, industry peers, MSSPs, and Mandiant experts to strengthen all of our collective defense.

Join Megan DeBlois, Google Threat Intelligence Product Manager, as she explores how private collections within Google Threat Intelligence can provide a secure and confidential space to share critical intelligence, including IOCs, TTPs, and strategic insights. Discover how these trusted circles enable you to:

*Proactively improve your organization's defenses
*Stop threats before they impact your systems
*Gain a deeper understanding of the evolving threat landscape. 

Don't miss this opportunity to learn how to build and share private collections within your trusted circle.

Don't go it alone: Use private collections in threat intelligence to strengthen your trusted circles

Security operations is notoriously difficult and most organizations fall short of their expected security outcomes when it comes to threat detection, investigation, and response (TDIR). Why is that? There’s the standard answers of lack of data and context, limited attacker insight, and manual and complex processes. But there’s an additional challenge - the ability to use metrics to demonstrate the value that security teams bring to the larger organization.

Security leaders have struggled to identify metrics that demonstrate the value that the SOC delivers and how it performs, as the standard metric of success in the SOC is avoiding a breach or stopping it quickly. Thanks to the vast array of tools security pros use everyday, it’s also very difficult to build a system to properly track metrics in the SOC.

So how do you choose the metrics that matter? Join Google’s Anton Chuvakin and guest speaker, Forrester’s Allie Mellen and dig into the paradox of metrics; the easy metrics versus the metrics you really want, why we can’t agree on metric recommendations and more.

The SOC Metrics that Matter…or Do They?

Streamlined security and compliance guardrails are essential for navigating complex global regulatory landscapes.

Building on our series of cloud security webinars, this webinar dives deep into Assured Workloads and how it enables you to rapidly build applications within secure, pre-configured environments designed to meet stringent global compliance requirements.

In this webinar, you will learn:
> The benefits of a software-defined regulatory cloud.
> A practical walkthrough of deploying and managing Assured Workloads.
> How Assured Workloads support compliance frameworks beyond U.S. regulations.

Register now to learn about the latest features and how to effortlessly achieve your data residency and compliance objectives.

Security Foundation: How to easily address compliance with Assured Workloads?

This talk is designed to illuminate how Mandiant contextualizes Threat Profiles and provide implementation ideas on how they can be leveraged to bolster organizational security. We will discuss the strategy behind creating a Threat Profile, highlight the types of information Mandiant considers key to enable successful defender advantage, and then explain how to build a proactive strategy with the Threat Profile as the foundation. 


Attendees will learn how to identify stakeholders, conceptualize business operations, identify relevant intelligence, and use this data to shape an organization's defensive posture. We will showcase some examples of how clients have used our reports to enhance their security operations.

So you need a Threat Profile... now what?

Security operations teams have their hands full, especially as both data volumes and cyber threats continue to increase across on-premises data centers, endpoints, and clouds. Traditional security information and event management (SIEM) systems have evolved over the years for greater integration and visibility, and yet they remain complex beasts to manage. Meanwhile, cybersecurity talent gaps persist. In this webinar, experts from IDC and Google Cloud discuss security and SIEM trends for 2025. They also offer best practices to create a proactive security operations environment that results in greater business value, including improved productivity, a data- and intelligence-led security posture, scalability, and cost benefits.

Best practices to boost security operations in 2025

SIEM's complicated evolution has resulted in unsustainable cost increases, scope creep, and the occasional declaration that the product space is essentially dead. Thanks to deep expertise in search and data management, access to OSINT and frontline intelligence, and AI-infused features, Google SecOps demonstrates that the SIEM still has plenty of gas in the tank. Discover how SecOps is ushering in the "SIEM's Third Act" by addressing the limitations of traditional SIEMs and empowering security teams with cutting-edge tools for threat-informed defense.

What You’ll Learn:
 - The Evolution of SIEM: We'll examine the challenges posed by the increasing complexity and scope of traditional SIEMs, highlighting the need for a more streamlined and effective approach.
 - Introducing Google SecOps: Learn how Google SecOps redefines threat detection and response by leveraging the power of Mandiant and VirusTotal threat intelligence, robust SOAR capabilities, and AI-enhanced workflows.
 - Deep Dive into Key Features: We'll explore the core functionalities of Google SecOps, including data collection, threat detection, automation, and case management.
 - Differentiation in a Crowded Market: We’ll conclude by discussing key differences in Google’s approach as compared to traditional SIEM platforms, and why SecOps is well worth a look.

Google SecOps: The SIEM’s Third Act

The digital landscape is evolving at an unprecedented pace, and with it, the sophistication and scale of online threats.  Organizations are facing a constant barrage of phishing attacks, malware infections, and ransomware attempts, putting their data, their customers, and their reputation at risk. Traditional security measures, often reactive and siloed, are struggling to keep up.

Join this webinar to learn how Google Cloud Web Risk, a cutting-edge solution leveraging the power of AI and machine learning, provides real-time protection against the full spectrum of web-based threats.  We'll explore how this new paradigm in online security enables organizations to proactively defend their users, data, and reputation in an increasingly complex digital landscape.

Register now  to gain valuable insights into the future of online security and discover how Google Cloud Web Risk can help you build a more resilient and secure digital future.

Real-Time Protection from Online Threats with Google Cloud Web Risk

Effective security guardrails are the core of your defense-in-depth strategy for cloud environments.

Join this session to learn about access and organization policies in Google Cloud to help you build effective guardrails and manage your security posture at scale. We’ll dive deep into Organization Policy Service and how you can create and manage your own security and compliance policies to meet and address your organization's business requirements and policies.

In this webinar, you will learn how to:
> Utilize organization policies to set specific access permissions for different users, groups, and resources within your Google Cloud projects.
> Manage and enforce security standards across your entire organization, ensuring consistent security practices across all projects and teams.
> Create organization policies to help you address industry regulations and compliance requirements.

Security Foundation: How to build access guardrails with organization policies?

Red team exercises have long been used to test the effectiveness of cybersecurity defenses. Join this technical webinar to learn how advanced red team technology is now being incorporated into cloud security products, and how to smartly combine new virtual capabilities with sophisticated human-led red teaming to discover security gaps before attackers do.

In this webinar, you will learn:
> How virtual red team technology uses a digital twin model of your cloud environment to pinpoint the highest risk issues; giving security teams the critical insight to strengthen their cloud security posture
> Best practices in making red team exercises part of your cloud security strategy. Hear real-world examples from world-class Mandiant security experts.
> See how to create and use custom risk reports to make cloud security improvements across your organization. 

Register now to find cloud security risks you don’t know about and build a more resilient cloud environment.

Elevate Your Cloud Security Strategy with Security Command Center and Mandiant

Cyber threats are constantly evolving. Learn how to stay ahead of them in 2025 with security expert Andrew Kopcienski.

Join this deep-dive session based on the Cybersecurity Forecast 2025 report, where Andrew will cover key trends and insights to help strengthen your cyber defenses in the year ahead, including:

*Attacker use  of AI
*The evolving threat landscape from Russia, China, Iran, and North Korea
*Ransomware and multifaceted extortion as the most disruptive form of cyber crime
*The growing threat of infostealer malware

Google Cloud Cybersecurity Forecast 2025

2024 Enterprise Strategy Group survey data shows us that 99% of organizations are reporting that AI is improving employees productivity and job satisfaction. Investing in security operations (SecOps) processes is a natural extension of this trend, in which AI-fueled threat intelligence, endpoint protection, and SIEM can level-up your proactive security and attack prevention prowess.
 But how do you ensure these AI implementations bear fruit? 
Alongside experts from Google Cloud Dave Gruber, Principal Analyst of Ransomware, SecOps & Services at ESG, unpacks the practical use cases and applications for AI in SecOps.
 Explore the real impact of applying AI within your SecOps functions as we unveil:
• 5 top use cases—including threat hunting, detection & response engineering, and malware analysis
• Why you need a security-specific LLM for the job (vs. a general purpose LLM)
And Google Cloud’s Gemini in Security Operations with a real-time demo.

Practical use cases for AI in SecOps with Google Cloud and ESG

Join Google's Office of the CISO for a vital webcast designed specifically for Boards of Directors. In today's interconnected world, supply chain attacks are a growing threat to organizations of all sizes. Cybersecurity is no longer just a concern for IT departments; it's a critical business issue that requires board-level attention. This session will provide Directors with the knowledge and strategies needed to strengthen your organization's resilience.

Here are some of the key topics we'll cover:

● Evolving Supply Chain Risks: Understand the latest tactics used in supply chain attacks and the critical role boards play in mitigating these evolving threats.
● Collective Defense Through Information Sharing: Discover how collaborating and sharing threat intelligence with industry peers creates a powerful "digital immune system," fortifying collective defenses and operational resilience.
● Cybersecurity & "Value at Risk": Gain a deeper understanding of how cyberattacks, particularly those targeting the supply chain, can significantly impact your organization's bottom line. This includes quantifying potential financial losses, reputational damage, and operational disruptions.

Google Cloud Webcast Event: Strengthening Resilience - A Critical Discussion for Boards of Directors

In today's interconnected world, sophisticated cyberattacks and data breaches are a constant threat, making robust network security essential for businesses of all sizes. While Google Cloud offers a secure foundation, understanding how to enable network security for your environment is crucial for protecting your valuable assets.

Building a strong security posture requires a proactive approach. This involves implementing a layered defense strategy that encompasses network segmentation, access control, threat detection, and continuous monitoring. Google Cloud provides a broad set of powerful, AI-powered native network security capabilities to help protect your cloud infrastructure from external and internal threats.

In this session, we will provide an overview of the Cloud Network Security product portfolio that addresses use cases including network threat protection, network security posture controls, DDoS and web application protection, and network privacy.

Join this webinar to:
> Explore tools and techniques for detecting and responding to network threats, including NGFW, IPS, and WAF.
> Gain insights into securing hybrid and multi-cloud environments connected to Google Cloud.

Register now and gain the knowledge to fortify your network defenses and safeguard your critical resources in Google Cloud.

Security Foundation: How to build layered network protection in Google Cloud?

In a recent blog post, Mandiant revealed a critical threat: a China-nexus espionage group, UNC3886, has been deploying custom backdoors on Juniper Networks' Junos OS routers. This sophisticated attack leverages vulnerabilities in end-of-life devices to gain unauthorized access and potentially compromise sensitive data.

Join Austin Larsen Principal Threat Analyst and Pete Boonyakarn Cyber Security Consultant for a live webinar as they delve deeper into this activity. We'll discuss the key findings of our investigation, including the techniques employed by UNC3886, the impact on affected organizations, and actionable steps to mitigate this threat.

During this webinar, we will cover:
 - The intricacies of the UNC3886 attack, methods used, and how China-Nexus actors targeted Juniper devices
 - The impact on organizations and mitigation strategies
 - Best practices for network security infrastructure, including device hardening, vulnerability management, and threat intelligence

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers

Threat Intelligence

Threat Analysis

Threat Detection

Incident Detection

Incident Management

Incident Resolution

Incident Response

Threat Assessment

Threat Hunting

Threat Defence

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

The storage community on BrightTALK is made up of thousands of storage and IT professionals. Find relevant webinars and videos on storage architecture, cloud storage, storage virtualization and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Storage

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers

Presented by

About this talk

More from this channel