Hi [[ session.user.profile.firstName ]]

Hunting for Advanced Threats - Tips and Tricks

The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for attackers. In a rare occurrence, security professionals know cyber attacks are coming, they just don’t know when. Preventative defenses are not enough, security professionals must proactively hunt for the advanced cyber threats. Threat hunting is more than just searching for threats, threat hunting involves researching unusual activity, correlating suspicious activity, and attempting to find the unknown in the known.

In this presentation, we’ll review the steps today’s security professionals must take to proactively hunting for sophisticated threats.
Recorded Aug 26 2020 31 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ken Donze, Security Engineer
Presentation preview: Hunting for Advanced Threats - Tips and Tricks

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Taking Down Nation State Botnets Recorded: Apr 14 2021 59 mins
    Diana Kelley, SecurityCurve | Johna Till Johnson, Nemertes Research | Craig Harber, Fidelis | Derek Manky, Fortinet
    This month's episode of The (Security) Balancing Act will focus on botnets as a growing threat to the enterprise, examples from the real world, and what enterprises can do to better protect against botnet-fueled state sponsored attacks.

    Join this interactive roundtable discussion with security experts and industry leaders to learn more about:
    - How botnets have become a tool for cyber criminals and nation state actors
    - Real-world examples & known botnet attacks
    - Nation state ransomware attacks
    - DDoS attacks
    - Cyber espionage
    - ATPs
    - The trouble with attribution
    - What enterprises and governments can do to address the threat

    - Johna Till Johnson, CEO and Founder of Nemertes Research
    - Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet
    - Craig Harber, Chief Customer Success Officer, Fidelis

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • The Nation’s Great Test: Securing COVID-19 Data Recorded: Mar 31 2021 62 mins
    Jennifer Franks, Director of Cybersecurity at the GAO, & former NSA CISO, Chris Kubic
    As the nation attempts one of the largest logistical feats in its history, max vaccination against COVID-19, federal agencies are at the forefront of collecting, managing, and analyzing critical information about this initiative - from personal information to vaccine efficacy.
    Gain key insights from government experts, Jennifer Franks, Director of Cybersecurity at the GAO, and former NSA CISO, Chris Kubic, on how agencies are protecting this sensitive data from cyber attackers in an environment where data is in disparate sources across the country and at various levels of government?
    Join this webinar to learn the proactive approach to data protection and how all organizations can apply these strategies to the current fight to protect sensitive data from cyber adversaries.
  • Humans and Machines - Where's The Gap? Recorded: Mar 15 2021 60 mins
    Helen Beal - DevOps Institute | Zack Wood - Fidelis | Judy Ryan - Lifework System | Don White - Agility Science
    The Enterprise DevOps Skills Report of 2019 found that the top three attributes needed in the DevOps space are automation, process skills - and most importantly, soft skills. While new technology and processes are always evolving and improving the way developers and IT operations teams work, one thing is for certain - it is the people that ensure success.

    In episode 12 of Day-to-Day DevOps, we’re exploring how DevOps teams can bridge the gap between humans and machines to create truly best-in-class collaboration and problem solving, and ensure happiness at work.

    Join us live as we cover:
    - What humans can do that machines can’t in DevOps
    - How to harness your soft skills to achieve success
    - The SKIL framework and what it can bring to your operations
    - And more

    Zack Wood - Sr. Cloud Systems Architect at Fidelis
    Judy Ryan - CEO, Lifework Systems
    Don White - CEO - Agility Science
  • Deception Technology 101: Implementer's Guide to Deception Recorded: Mar 3 2021 51 mins
    Kyle Dickinson, SANS Analyst
    Everything you wanted to know about Deception Technology but were afraid to ask. Deception is a proactive cyber defense strategy. Deception provides an additional layer of defense by using decoys and breadcrumbs to lure and detect attackers that have breached your environment.

    In this presentation, you'll learn:
    • What deception technologies are all about
    • How deception technologies can assist with common attack types, including account hijacking, human error, vulnerable applications, and insider threats
    • How organizations can implement and automate deception technologies through a SOAR or SIEM
    • What open source tools are available to assist organizations in their implementation initiatives
  • Succeeding as a CISO in 2021 Recorded: Feb 17 2021 62 mins
    Diana Kelley, SecurityCurve | Patricia Titus, Markel Corp | Jonathan Nguyen-Duy, Fortinet | Gerald Mancini, Fidelis
    This month's episode of The (Security) Balancing Act will look at how the CISO role has evolved in the last few years, what today's expectations are and what it takes to succeed as a CISO.

    Some of the topics to be covered during this roundtable discussion with security and tech leaders include:
    - How has the CISO role evolved over the last few years and what is expected of CISOs in 2021?
    - CISO vs BISO
    - How to see ROI on your cybersecurity investment?
    - How to get the business to understand risk and care about security?
    - How to keep cyber employees happy. The churn is exhausting and costly for companies, and it’s exacerbated by employee burnout and a “grass is greener” approach.

    - Patricia Titus, Chief Privacy and Information Security Officer, Markel Corporation
    - Jonathan Nguyen-Duy, Vice President, Global Field CISO Team at Fortinet
    - Gerald Mancini, Chief Operating Officer of Fidelis Security

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Grow Your Cyber Defense Skills: The Elements of Advanced Threat Defense Recorded: Feb 10 2021 26 mins
    COO, Jerry Mancini
    Today’s sophisticated attack campaigns use a combination of automated techniques, along with human-led tactics to perpetuate targeted attacks against an organization. To combat these adversaries, we must arm cybersecurity professionals with the knowledge necessary to detect, hunt and remediate advanced persistent threats.
    In this presentation, COO Jerry Mancini, will explain each element of a cyber threat defense plan and how you execute a defense plan to hunt for advanced threats. Improve your cyber defense skills by learning which cyber defense techniques you can implement at your organization!
  • How to Defend Yourself Against the Full Spectrum of Cyber Threats Recorded: Feb 3 2021 21 mins
    Chris Kubic, CISO
    Witnessing the scale and sophistication of recent attacks disrupting our security world, what can CISOs and security operations teams do to level the playing field and defend their enterprise environments against threats originating from cybercriminals, sophisticated and stealthy nation-state attackers, insiders, 3rd party partners, and supply chains - the full spectrum of threats.

    In his presentation, Chris will explain:
    - Tips for patching business critical and exposed systems
    - Breakdown the known and unknown exploits that threat actors deploy
    - Offer strategies for defending an expanding attack surface
  • Managed Detection and Response Is It For You? Recorded: Jan 13 2021 48 mins
    Anubhav Arora, CTO & Tim Roddy, VP, Marketing and Products
    As attackers continue to make their way past existing security defenses and SOC teams are constantly challenged to outpace well-organized threat actors, augmenting threat hunting along with detection and response functions is becoming a need. Additionally, SOC teams are already widely difficult to staff, from both cost and qualification barriers. Because of these factors, interest in MDR (Managed Detection and Response) has surged, and SOC teams may find themselves wondering if their organizations should consider supplementing their security posture with MDR.

    Join Fidelis Cybersecurity’s CTO, Anubhav Arora, and VP, Marketing and Products, Tim Roddy, as they guide attendees to an understanding of how these various security technologies come together to provide coverage against advanced threats. During the discussion, which will be moderated by SecureWorld’s Director of Media and Content, Bruce Sussman, Anubhav and Tim will discuss various aspects of MDR considerations.
  • Live Demo: Proactive Capabilities of Fidelis Elevate XDR Recorded: Dec 16 2020 27 mins
    Ken Donze, Senior Security Engineer
    You can’t protect your data without understanding your cyber terrain. Attackers conduct recon on environments to understand breaks in the attack surface. In order to effectively defend the enterprise, security teams must have holistic, correlative insight into the environment.

    With this visibility of the cyber terrain and understanding of attacker movements and methods, organizations can anticipate threats and shift their security posture to a more proactive strategy and shorten time to detect and uncover threats.

    Join Ken Donze, Senior Security Engineer for a demo of Fidelis Elevate and find out how to:

    *Why knowing Terrain matters
    *Assess and Identify High-Risk assets within your terrain
    *Leveraging Deception Technologies to continuously alter that terrain
  • Live Demo: Retrospective Capabilities of Fidelis Elevate XDR Recorded: Dec 9 2020 22 mins
    Sal Sanshez, Security Engineer
    Continuously Collect and (Re)assess Metadata from Past Incidents to Help Prevent Future Breaches

    In order to find attackers who are working hard to stay out of sight, you need to collect the right data to find them. Fidelis Elevate captures and breaks down sessions into rich metadata at the content and context level. The richer the metadata you have indexed, the richer the set of questions you can query and search as part of your threat hunting efforts, and the faster you can interact with high speed iteration.

    Join Sal Sanshez, Security Engineer for a demo of Fidelis Network and find out how to:

    *Understand the value of Metadata
    *Leverage Metadata to uncover how a breach occurred
    *Threat hunting in Metadata
  • Live Demo: Predictive Capabilities of Fidelis Elevate XDR Recorded: Dec 2 2020 26 mins
    Martha Goodwin, Security Engineer
    Using ML/AI and Metadata to Detect Anomalous Activity and Produce Actionable Alerts for Known/Unknown Threats

    Collecting hundreds of log types and analyzing them has shown to be an ineffective approach to threat detection, even when applying behavior analysis and machine learning. The converse entails capturing the raw data and facing delays to decode and reassemble, plus high storage expenses. Logs lack content and context, and the raw data itself is too slow to analyze and expensive if you require a time span of months or a year. And while most security tools focus on specific detection techniques, Fidelis leverages more than 20 different detection methods… including endpoint and asset terrain, deep session and deep packet inspection, sandboxing, malware detection, metadata analytics, threat intelligence and more… making it that much harder for attackers to evade.

    Join Martha Goodwin, Security Engineer for a demo of Fidelis Network and find out how to:

    *Use ML and Anomaly Detection
    *Use Metadata Analysis to search for Known/Unknowns
    *Create Analytical rules to predict possible incidents
  • Live Demo: Reactive Capabilities of Fidelis Elevate XDR Recorded: Nov 18 2020 25 mins
    Chuck Burley, Security Engineer
    Breaches Happen, What You Need to Automate Post Breach Detection & Response

    Threat actors are constantly adapting their tactics, techniques and procedures to evade preventive defenses and as a result, consideration of detection and response capabilities has never been more vital.

    Reactive countermeasures include techniques to prevent attacks from succeeding in real time, including signature detection to quarantine known-bad files at the endpoint; behavior analysis to kill a process at the endpoint; network session disruption upon detection of files and network behaviors; and email quarantine

    Join Chuck Burley, Security Engineer, Fidelis Cybersecurity for a demo of Fidelis Endpoint and find out how to:

    Using Playbooks to automate post-breach detection and response
    Leverage behavioral indicators to isolate an infected endpoint
    Kill Processes that will spread the infection
  • Live Demo: Protective Capabilities of Fidelis Elevate XDR Recorded: Nov 11 2020 22 mins
    Jamie Lertora, Security Engineer
    Adversaries are going undetected for months on their victim’s network because most detection solutions do not provide deep enough visibility and are blind to where the attackers are operating.

    What visibility do you need in order to ensure that your data is not lost, misused or accessed by unapproved individuals?

    Join Jamie Lertora, Security Engineer for a demo of Fidelis Network and Endpoint and find out how to:

    *Extend threat insights to encrypted traffic with Fidelis Decryption
    *See deeper into applications and content with Deep Session Inspection
    *Gain greater visibility into all threat activity at the endpoint and automate response with EDR
  • How Machine Learning Can Be Applied in Network Traffic Analysis Recorded: Oct 28 2020 59 mins
    Alissa Torres, SANS Analyst & Abhishek Sharma, Data Scientist
    In the new security landscape, blind spots in network traffic can not solely be monitored by security tools designed for simple, on-premise traditional architectures.

    Modern organizations are implementing a combination of machine learning, advanced analytics, and rule-based detection to detect suspicious activities on enterprise networks.

    In this presentation we'll go through three uses cases where machine learning can be applied in network traffic analysis:

    *Detecting Credential Misuse using Lateral Movement
    *Identify Credential Stuffing Attack using Behavioral Modeling
    *C2 (Command & Control) Detection using Relationship Based Modeling
  • How to Regain Control of Your Cybersecurity Tech Stack Recorded: Oct 14 2020 40 mins
    Craig Harber, COO
    It all starts so simple; you acquire a tool to solve a security concern. Then another problem arises, so you need to purchase another security tool. Next thing you know you have 60+ different products in your security stack and more problems than ever.

    To make matters worse, most cybersecurity stacks are not well integrated or properly configured. When security stacks lack integration and automation, it means a good deal of human intervention is required to address and triage alerts, which results in slower response times.

    In this presentation, we’ll show you how to regain control of an unruly security stack. We’ll do a thorough demonstration of how to use the MITRE ATT&CK Cyber Threat Framework to help you develop your approach to rationalizing your cybersecurity stack.
  • Threat Hunting 101: Educational Workshop Recorded: Sep 30 2020 91 mins
    Nick Copeland, Sr. Security Engineer
    The future of cybersecurity will require a new set of skills as we move to cloud and hybrid security environments. Today’s security teams need continued professional development to maintain the adequate skills and knowledge required to tackle the various types of advanced threats.

    One such skill is proactive Threat Hunting. Threat hunting is the process of identifying unknown threats in your environment.

    In this workshop, we’ll teach you each key element of the threat hunting process and then we’ll demonstrate how to apply threat hunting techniques. By the end of this workshop, you’ll be able to generate a hypothesis-based threat hunt and develop a threat hunting template.
  • How to Use Deception Technology to Defend Against Various Cyber Attacks Recorded: Sep 16 2020 62 mins
    Kyle Dickinson & Rami Mizrahi
    The security landscape that’s been in place for the last 20 years is no longer valid. Security professionals need to plan for the hybrid security model of the future. Utilizing deception technology can help security teams do just that.
    A key goal of deception is to alter the attack surface to confuse and misdirect the adversary. In this presentation, we'll demonstrate how deception technology can help cybersecurity professionals defend against various attack scenarios.
  • You’re Under Attack – How to Expedite Incident Response Recorded: Sep 9 2020 27 mins
    Tony Allegrati, Security Engineer
    When it comes to cyber attacks, it’s no longer a matter of if, it’s a matter of when. How quickly you can contain and remediate the issue is critical. The key to quick response is visibility – you can’t find what you can’t see. Having visibility from the network and cloud traffic to endpoint activity is a must to understand the who, what, when, where, and how of an attack.

    In this presentation, we’ll review how to write scripts on the fly and how use automated playbooks for rapid incident response.
  • How to Stop the Spread of a Ransomware Attack Recorded: Sep 2 2020 31 mins
    David Braun, Security Engineer
    There is no such thing as 100% prevention from cyber attacks. The question is how long the attacker will be in your network before they can exfiltrate your data. Ransomware attacks surged during the first half of this year, as cyber criminals looked to spread their malware while many people are working from home.

    In this presentation, we’ll review a ransomware case example. Using a real life attack, we’ll cover how to identify the attack and how to stop if from spreading.
  • Hunting for Advanced Threats - Tips and Tricks Recorded: Aug 26 2020 31 mins
    Ken Donze, Security Engineer
    The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for attackers. In a rare occurrence, security professionals know cyber attacks are coming, they just don’t know when. Preventative defenses are not enough, security professionals must proactively hunt for the advanced cyber threats. Threat hunting is more than just searching for threats, threat hunting involves researching unusual activity, correlating suspicious activity, and attempting to find the unknown in the known.

    In this presentation, we’ll review the steps today’s security professionals must take to proactively hunting for sophisticated threats.
by Threat Hunters for Threat Hunters
Security tactics for elite security professionals. We help security teams actively defend their organizations with best practices and expert knowledge on threat hunting, threat intelligence and detection & response.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Hunting for Advanced Threats - Tips and Tricks
  • Live at: Aug 26 2020 4:00 pm
  • Presented by: Ken Donze, Security Engineer
  • From:
Your email has been sent.
or close