Name: Anomali Detect LIVE: Sunburst Under a Microscope
Start: 2021-04-12T21:45:00Z
End: 2021-04-12T21:45:34.000Z
Location: BrightTALK
Rating: 0

Anomali is the leader in intelligence-driven extended detection and response (XDR) cybersecurity solutions. Anchored by big data management and refined by artificial intelligence, the Anomali XDR platform delivers proprietary capabilities that correlate the largest repository of global intelligence with telemetry from customer-deployed security solutions, empowering security operations teams to detect threats with precision, optimize response, achieve resiliency, and stop attackers and breaches. Anomali serves public and private sector organizations, ISACs, MSSPs, and Global 1000 customers around the world in every major industry. Leading venture firms including General Catalyst, Google Ventures, and IVP back Anomali. Learn more at www.anomali.com.


An Informative Fireside Chat

Chip Stewart, former Chief Information Security Officer at the State of Maryland, discusses with Anomali’s Rajiv Raghunarayan how he transformed security operations for the state. Chip also brings a wealth of experience from the private sector, having played practitioner and CISO roles in his past life. 

This session focused on insights we can draw from Chip’s experience. What drive’s a CISO? The transforming role of a CISO. Why visibility matters? How do you translate the threat landscape to day-to-day operations?

Watch this illuminating discussion and learn how to move from threat insights to transformation.

A CISO Perspective: From Threat Landscape Insights to Transformation Programs

Ten Things You Can Do to Amplify Visibility and Unlock the SOC

“The only limits are those of the vision,” goes an old saying by James Broughton. It couldn’t be truer in cybersecurity. We are often limited by our visibility into ever-evolving attackers and the constantly changing IT environment. This session explores the top 10 things organizations have done to unlock their visibility, unblock their SOC, and translate visibility to (business) value. 

This presentation should help you answer questions around:

-What data sources are more critical for ensuring enterprise visibility?
-How do I translate threat intel feeds to strategic insights?
-How do I optimize my data and team silos?
-How do I optimize my existing security investments against the threat landscape?

Watch the webinar to learn how to eliminate the obstructions in your cybersecurity visibility.

From Insights to Action

An Illuminating Fireside Chat with BT Security and Anomali

Organizations and consumers are under constant attack from an increasingly sophisticated range of cyber actors. The barriers to entry for these groups continue to get lower and lower with advances in technology and better collaboration.

Data is everywhere, and while the problem used to be getting it, the challenge now is knowing what data to use and how to use it. This is where the power of big data comes in. To make sense of massive data sets using a wide range of technologies and AI to get and stay ahead of the cyber threat actors.

In this session, Tristan Morgan, Managing Director at BT Security, and Steve Benton, VP of Anomali Threat Research at Anomali, cover:

-A viewpoint from operating at the frontline into real attack trends
-Making sense of the vast amounts of data and how to leverage it best
-Sharing threat intelligence and collaboration protects the greater community

Watch the lively discussion to hear more about big data capabilities from these cybersecurity experts.

Taking a Threat-Centric Approach with Big Data

Utilizing an Outside-In, Top-Down Approach Provides Key Insights 
Most organizations focus their time and resources on collecting logs from their environment, whether on-premise or cloud devices. They may excel in this process but typically find identifying external threats amongst the data difficult. This is often due to a need for more historical visibility in what logs are readily available for adversarial detection or the inability to consume all the external intelligence into solutions holding their logs.

Another common challenge is immediately correlating all log data against new external intelligence. And finally, there is a failure to search for attacks related to adversaries in a straightforward and swift top-down search.

Parthi Sankar, Technical Director of Northern Europe for Anomali, demonstrates the solution to these universal problems. By amplifying visibility through an outside-in, top-down approach, you are continuously correlating all logs and external threat intelligence, making it simple and quick to search for the activity of adversaries of interest in your environment. 

Watch this session to learn how this approach allows you to detect ever-increasing adversarial attackers and stop breaches.

A Change in Perspective Can Enhance Your Visibility to Detect Cyberthreats

An Informative Session with Experts from Anomali and MITRE Engenuity Center for Threat-Informed Defense

This on-demand webinar begins with a Q&A discussion on the Attack Flow Project: Collaborative R&D that’s Changing the Game featuring Mark Alba, Chief Product Officer, Anomali and Jon Baker, Director, MITRE Engenuity Center for Threat-Informed Defense and is moderated by Rajiv Raghunarayan, Senior Vice President of Product Marketing, Anomali. They cover the evolution of the Center for Threat-Informed Defense and the Attack Flow Project, the challenges Attack Flow seeks to address, and Anomali’s role in the project.

Following the Q&A discussion, Cindy Goodwin-Sak, VP of Global Sales Engineering at Anomali, provides a demo on A Day in the Life of an Analyst Before and After. Cindy shares what it is like for a SOC Analyst using the old way of threat detection and hunting versus the latest method and leveraging Attack Flow.   

The final segment is a panel discussion on The Implementation of Attack Flow. Proper implementation of Attack Flow requires a coming together of security professionals, vendors, and their technologies. Our featured experts summarize what they have learned about the Attack Flow Project and discuss what is required to further the adoption of the framework.

View this informative session with industry experts to learn how to leverage attack flow.

Attack Flow Panel Discussion and Demo

Identify and Block Threats, Including Those that Haven’t Been Detected Yet

As a community, we can realize the dream of predictive intel. Learning from past incidents enables us to accelerate threat hunting. Using events correlated to MITRE ATT&CK® helps intel teams with attribution. 

We have created the puzzle pieces through the Center for Threat-Informed Defense’s R&D program. Now it’s time to assemble them as a community and truly enable predictive intelligence.

In this session, Jon Baker, Co-Founder and Director at MITRE Engenuity Center for Threat-Informed Defense, covers:

-What is a threat-informed defense
-Sightings Ecosystem Project and Report 
-Top ATT&CK Techniques Project
-Attack Flow Data Model

Knowing the attacker is essential, but understanding how to prevent a breach is vital to a robust cyber defense.

Attack Flow: Laying the Foundation for Predictive Intelligence

To move forward, we often reflect on the past. It’s no different in cybersecurity. 

Take, for instance, threat detection. In the early days of the internet, recognition entailed when a “threat” indicated a payload embedded with an indiscriminate worm that produced an irritating message or an awkward gif. As technology progressed, attackers took advantage by forming more advanced polymorphic delivery systems that bypassed signature-based identification, constructed permanency by sabotaging terminals, and detonated a payload at its selected time.

As threats increased in intricacy, so did detection capabilities. Starting with event monitoring, which necessitated analysts to sift through the noise for evidence that could potentially lead to the attacker. Advancing to user and entity behavior analysis – an approach that assumes any deviation from a baseline of documented activity means an attack – disregarding that, at times, users vary from what’s usual, particularly if confronted with worldwide events like a pandemic. 

While successful at the time, user behavior-based discovery and manual event-based monitoring concentrated on discovering threats by differentiating the bad from the good. This not only generated false positives but often resulted in a dead end.

A new approach to detecting threats is rising, one that leverages advancements to find threats by incessantly tracking the bad guys and their patterns, providing real-time visibility into risk – including before and after an attack.

Watch the on-demand webinar to learn how to map attack patterns to detect threats before, during, and after they happen.

Mapping Attack Patterns to Detect Threats

An Integrated Defense Against Advanced Threats

As cyber threats continue to evolve and become more sophisticated, organizations are struggling to keep up with the changing threat landscape. In this session, Chris Wilder, Research Director and Senior Analyst at TAG Cyber, explores the future of XDR (extended detection and response) in cybersecurity and how it will help your organization to better detect and respond to cyber threats. 

He discusses integrating cutting-edge technologies such as AI and machine learning, cloud security, IoT security, Zero Trust models, and threat intelligence to provide a more holistic view of security posture and incident response. Viewers also get an overview of automation and orchestration in incident response, reducing the risk of data breaches.

Fortify your cyber defenses with an integrated technology approach by leveraging multiple technologies.

The Future of XDR in Cybersecurity

An Informative Session with Experts from TAG Cyber, PolySwarm, and Anomali

Digital transformation not only fundamentally changed the way we work, but it’s also expanded the current threat landscape exponentially. Today’s enterprise attack surface is dynamic, transitory, and has far more available for attackers to target than ever before, making it even harder to defend against threats.

And with the threat landscape constantly changing, the risks associated with using cloud solutions, a remote workforce, and more have opened the doors for sophisticated threat actors to deploy an array of threats. 

This session features Chris Wilder from TAG Cyber, Steve Bassi of PolySwarm, Steve Benton, and Rajiv Raghunarayan from Anomali.  

Our experts cover:

-Lessons learned from 2022
-Industries that are the most vulnerable to cyberattacks
-The latest attack techniques
-A 2023 threat outlook

View this informative session and start implementing the best practices discussed to protect your organization from imminent threats.

What to Expect From Today’s Threat Landscape – A Panel Discussion

An Informative Discussion with ESG and Anomali

In this webinar, Steve Benton, VP of Anomali Threat Research at Anomali, and Jon Oltsik, Distinguished Analyst & ESG Fellow at ESG, examine a wide-ranging review of the state of Cyber Threat Intelligence and its role in securing organizations based on research conducted by the Enterprise Strategy Group by TechTarget.

At the surface level, it looks like CTI programs are ‘Everything, Everywhere, All at Once,’ but what are the fundamental directions and priorities being seen across organizations? Has threat intelligence ‘come of age’ to truly be the tipping point it ought to be for organizations stretched for resources and budgets to better protect their business, employees, and customers? Across people, process, and technology, what are the key takeaways to pump-prime a successful CTI program and achieve a return on investment?

Watch this lively discussion between cybersecurity industry experts to learn about the key ingredients for a successful CTI program and how to achieve a return on investment.

Get a Grip! The Role, State, and Progress of CTI for Organizations

“If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art of War BC500
 

Press, media, open source, and vendors are awash with news articles and bulletins relating to thousands upon thousands of threats every day. There is no way I can assess and act on all of this, right? But in there, I know there is crucial information that tells me what I’m likely facing. How do I gain mastery of this, get a grip on the threats affecting me, and improve my security posture? Can I move with precision, velocity, and impact and keep my stakeholders informed? In this practical session, we will show how this is done.

We talk about the most prominent threat actors in the Carolinas and Tennessee region, highlight their motives and tactics, and then teach you how to engage with them proactively and reactively. The Anomali Threat Research team also demo's an investigation of the groups’ TTPs. We end with a Q&A session with a former FBI Intelligence Analyst who talks about how vigilance is key to guarding against cyber attacks.

Watch the on-demand webinar to learn how to be proactive and what to do when the inevitable happens!

Know Thy Enemy in 30 Minutes

A Panel Discussion on Using Threat Intelligence to Help Break Down Silos  Digital transformation has accelerated the need for organizations to take a holistic approach to cybersecurity. As organizations expand and evolve so does their digital attack surface, security teams struggle to adapt operations or collaborate cross-functionally to ensure adequate defensive measures.  The panel featured Lance Taylor of CLEAR, Kevin Tongs of Flashpoint, and is moderated by Joe Ariganello of Anomali. They discussed how utilizing threat intelligence can help bridge gaps and increase an organization's security posture.  Informative topics covered include:   -The Role Cybersecurity Plays in Digital Transformation -The Covid Impact on Day to Day Operations -A CISOs Guide to Organizational Structure and Key Components to Consider -Challenges Facing Organizations -How Threat Intelligence Plays a Role for Each Security Team Member -Where the Market Is Headed and What Trends and New Threats are Emerging  Watch the session to take the first step towards using threat intelligence to inform and unify!

Breaking Down Silos & Infusing Threat Intel Into Your Security Program

An Informative Q&A Session with Dragos and Anomali

This discussion features Sergio Caltagirone, Vice President of Threat Intelligence, Dragos, Roberto Sanchez, Senior Director, Threat and Sharing Analysis, Anomali, and moderated by Joe Ariganello, VP of Product Marketing at Anomali. They review best practices for using threat intelligence within the MITRE ATT&CK Framework and Industrial Control Systems/Operational Technology (ICS/OT) Environments.

This ICS/OT and Frameworks discussion covers:

-Threat actors’ weaponization of operational technology environments 
-How the MITRE ATT&CK Framework plays a role in keeping up with today’s threats
-Trends that could arise in 2022 across threat actors or attacker groups

View this informative discussion with industry experts and start getting more out of your threat intelligence.

ICS/OT and Frameworks Discussion

Get More Out of Your Data Being Collected 
Security teams are constantly on the lookout for the next hack or vulnerability. With today’s adversaries and attacks becoming more sophisticated, the need for a more proactive approach has never been greater. The problem is that most security teams are stretched thin and overwhelmed, chasing alerts and false positives. 

Threat hunting is one of the key activities organizations can utilize to proactively identify threats and look for traces of attackers, past and present, within their environment. Unfortunately, most struggle with visibility and collaboration across silos and the prioritization of threat-hunting activities. In addition, they often employ a manual, analyst-centric approach that can be time-consuming and bring fewer results. 

In this session, Patrick McNaught, Solutions Architect at Anomali, discusses how a threat intelligence-driven XDR solution can help accelerate threat-hunting activities with Michael Krieger, Host of Energize Marketing Tech Talks. Patrick also demonstrates how The Anomali Platform can help organizations develop an automated threat-hunting workflow in minutes, enabling them to:

-Quickly research a threat hunting hypothesis
-Look for evidence of attackers 
-Identify suspected points of a breach for further investigation

Watch the on-demand webinar and start proactively hunting threats with threat intel-driven detection and response.

Cybersecurity Expert Interview: Utilizing Intel-Driven XDR for Threat Hunting

Threat Intelligence Should Drive Everything We Do in Cyber Security  Establishing our internal stakeholders and the consumers of our threat intelligence product breaks down those performance-limiting silos helping to develop a more informed, risk-based program.  While there is no one-size-fits-all solution, fundamental principles exist that can be applied across a multitude of verticals and easily adapted to your specific enterprise.  Listen as Anomali customer, Lance Taylor from CLEAR covers some of the different areas where threat intelligence can be valuable to your security team and drive a more risk-focused, secure environment.  Key topics include:  -Stakeholder Engagement -Threat Intelligence Use Cases -Reducing the Attack Surface -Driving Organizational Change -Maximizing Threat Intelligence Value  Watch to help your organization shift to a threat-intel security-focused mindset!

Intelligence-Driven Security in an Ever-Changing Landscape

What lurks in the shadows? Can you find it? If so, can you share it? 

Threat Intelligence is key to understanding your cybersecurity situation. But knowing your situation is not enough. One of the less common ways to benefit from threat intelligence is to share this information with other groups, which helps to reduce response time to events and enact preventative measures. Sharing takes one organization’s knowledge and spreads it across the entire industry to improve all security practices. We can defeat our adversaries by working as a team, not as individual organizations. 

In this session, Scott Dowsett, Field CTO for Anomali, discusses the discovery of threat intelligence sharing and how organizations benefit from the community’s collective knowledge and experience. 

Key topics covered include:

-Threat intelligence cycle
-The obstacles to information sharing
-Standards for the exchange of information
-Best practices for information sharing
-Creating your own ISAC

Threat intelligence sharing is a critical tool for the cybersecurity community; watch the on-demand webinar to learn how to start sharing today.

Threat Intelligence Sharing: Together Everyone Achieves More

This Q&A discussion featured Christopher Elisan, VP of Threat Intelligence at PolySwarm, Luke Amery, Solution Architect ANZ at Anomali, and is moderated by Stree Naidu, VP and GM of APJ at Anomali. They discussed the new attacks and techniques across the Asia Pacific region and what to be looking for in the coming year.

In this threat landscape discussion, our leading experts covered:
-Staying ahead of Attacker methodologies and techniques continues even as they become more sophisticated
-New types of Attacker activities, including patterns, spikes, and outliers
-Trends across threat actors or Attacker groups

View this informative discussion with industry experts on the Asia Pacific threat landscape.

Threat Landscape Discussion with PolySwarm and Anomali

In this webinar, Costin Raiu, Head of Global Threat Research for Kaspersky and a member of the Virus Bulletin Technical Advisory Board, provided a deep dive on the Sunburst malware and related artifacts used in the SolarWinds backdoor attack.

He walked through their research and analysis and clarified what is known at this point in time—as well as what is still unknown about the attack some are calling the largest collective breach of all time.

He shared:

-The SolarWinds "potential vulnerability" UNC2452 / DarkHalo
-Similar code fragments found in Kuzar
-Important timelines and overall findings

Watch the webinar for countermeasures you can take to increase your protection against high-profile supply chain attacks like Sunburst.

Anomali Detect LIVE: Sunburst Under a Microscope

Cyber Security

Cyber Intelligence

Threat Intelligence

Threat Analysis

Threat Detection

Security Awareness

Threat Management

Security Intelligence

Malware

Malicious Activity

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

Healthcare

Get powerful manufacturing insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on strategies and techniques to accelerate production cycles while increasing efficiencies and improving profitability.

Manufacturing

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

Research and Development

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Anomali Detect LIVE: Sunburst Under a Microscope

Presented by

About this talk

More from this channel