Hunting for Advanced Threats - Tips and Tricks

As the nation attempts one of the largest logistical feats in its history, max vaccination against COVID-19, federal agencies are at the forefront of collecting, managing, and analyzing critical information about this initiative - from personal information to vaccine efficacy.
Gain key insights from government experts, Jennifer Franks, Director of Cybersecurity at the GAO, and former NSA CISO, Chris Kubic, on how agencies are protecting this sensitive data from cyber attackers in an environment where data is in disparate sources across the country and at various levels of government?
Join this webinar to learn the proactive approach to data protection and how all organizations can apply these strategies to the current fight to protect sensitive data from cyber adversaries.

The Enterprise DevOps Skills Report of 2019 found that the top three attributes needed in the DevOps space are automation, process skills - and most importantly, soft skills. While new technology and processes are always evolving and improving the way developers and IT operations teams work, one thing is for certain - it is the people that ensure success.

In episode 12 of Day-to-Day DevOps, we’re exploring how DevOps teams can bridge the gap between humans and machines to create truly best-in-class collaboration and problem solving, and ensure happiness at work.

Join us live as we cover:
- What humans can do that machines can’t in DevOps
- How to harness your soft skills to achieve success
- The SKIL framework and what it can bring to your operations
- And more

Guests:
Zack Wood - Sr. Cloud Systems Architect at Fidelis
Judy Ryan - CEO, Lifework Systems
Don White - CEO - Agility Science

Everything you wanted to know about Deception Technology but were afraid to ask. Deception is a proactive cyber defense strategy. Deception provides an additional layer of defense by using decoys and breadcrumbs to lure and detect attackers that have breached your environment.

In this presentation, you'll learn:
• What deception technologies are all about
• How deception technologies can assist with common attack types, including account hijacking, human error, vulnerable applications, and insider threats
• How organizations can implement and automate deception technologies through a SOAR or SIEM
• What open source tools are available to assist organizations in their implementation initiatives

This month's episode of The (Security) Balancing Act will look at how the CISO role has evolved in the last few years, what today's expectations are and what it takes to succeed as a CISO.

Some of the topics to be covered during this roundtable discussion with security and tech leaders include:
- How has the CISO role evolved over the last few years and what is expected of CISOs in 2021?
- CISO vs BISO
- How to see ROI on your cybersecurity investment?
- How to get the business to understand risk and care about security?
- How to keep cyber employees happy. The churn is exhausting and costly for companies, and it’s exacerbated by employee burnout and a “grass is greener” approach.

Panelists
- Patricia Titus, Chief Privacy and Information Security Officer, Markel Corporation
- Jonathan Nguyen-Duy, Vice President, Global Field CISO Team at Fortinet
- Gerald Mancini, Chief Operating Officer of Fidelis Security

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Today’s sophisticated attack campaigns use a combination of automated techniques, along with human-led tactics to perpetuate targeted attacks against an organization. To combat these adversaries, we must arm cybersecurity professionals with the knowledge necessary to detect, hunt and remediate advanced persistent threats.
In this presentation, COO Jerry Mancini, will explain each element of a cyber threat defense plan and how you execute a defense plan to hunt for advanced threats. Improve your cyber defense skills by learning which cyber defense techniques you can implement at your organization!

Witnessing the scale and sophistication of recent attacks disrupting our security world, what can CISOs and security operations teams do to level the playing field and defend their enterprise environments against threats originating from cybercriminals, sophisticated and stealthy nation-state attackers, insiders, 3rd party partners, and supply chains - the full spectrum of threats.

In his presentation, Chris will explain:
- Tips for patching business critical and exposed systems
- Breakdown the known and unknown exploits that threat actors deploy
- Offer strategies for defending an expanding attack surface

As attackers continue to make their way past existing security defenses and SOC teams are constantly challenged to outpace well-organized threat actors, augmenting threat hunting along with detection and response functions is becoming a need. Additionally, SOC teams are already widely difficult to staff, from both cost and qualification barriers. Because of these factors, interest in MDR (Managed Detection and Response) has surged, and SOC teams may find themselves wondering if their organizations should consider supplementing their security posture with MDR.

Join Fidelis Cybersecurity’s CTO, Anubhav Arora, and VP, Marketing and Products, Tim Roddy, as they guide attendees to an understanding of how these various security technologies come together to provide coverage against advanced threats. During the discussion, which will be moderated by SecureWorld’s Director of Media and Content, Bruce Sussman, Anubhav and Tim will discuss various aspects of MDR considerations.

You can’t protect your data without understanding your cyber terrain. Attackers conduct recon on environments to understand breaks in the attack surface. In order to effectively defend the enterprise, security teams must have holistic, correlative insight into the environment.

With this visibility of the cyber terrain and understanding of attacker movements and methods, organizations can anticipate threats and shift their security posture to a more proactive strategy and shorten time to detect and uncover threats.

Join Ken Donze, Senior Security Engineer for a demo of Fidelis Elevate and find out how to:

*Why knowing Terrain matters
*Assess and Identify High-Risk assets within your terrain
*Leveraging Deception Technologies to continuously alter that terrain

Continuously Collect and (Re)assess Metadata from Past Incidents to Help Prevent Future Breaches

In order to find attackers who are working hard to stay out of sight, you need to collect the right data to find them. Fidelis Elevate captures and breaks down sessions into rich metadata at the content and context level. The richer the metadata you have indexed, the richer the set of questions you can query and search as part of your threat hunting efforts, and the faster you can interact with high speed iteration.

Join Sal Sanshez, Security Engineer for a demo of Fidelis Network and find out how to:

*Understand the value of Metadata
*Leverage Metadata to uncover how a breach occurred
*Threat hunting in Metadata

Using ML/AI and Metadata to Detect Anomalous Activity and Produce Actionable Alerts for Known/Unknown Threats

Collecting hundreds of log types and analyzing them has shown to be an ineffective approach to threat detection, even when applying behavior analysis and machine learning. The converse entails capturing the raw data and facing delays to decode and reassemble, plus high storage expenses. Logs lack content and context, and the raw data itself is too slow to analyze and expensive if you require a time span of months or a year. And while most security tools focus on specific detection techniques, Fidelis leverages more than 20 different detection methods… including endpoint and asset terrain, deep session and deep packet inspection, sandboxing, malware detection, metadata analytics, threat intelligence and more… making it that much harder for attackers to evade.

Join Martha Goodwin, Security Engineer for a demo of Fidelis Network and find out how to:

*Use ML and Anomaly Detection
*Use Metadata Analysis to search for Known/Unknowns
*Create Analytical rules to predict possible incidents

Breaches Happen, What You Need to Automate Post Breach Detection & Response

Threat actors are constantly adapting their tactics, techniques and procedures to evade preventive defenses and as a result, consideration of detection and response capabilities has never been more vital.

Reactive countermeasures include techniques to prevent attacks from succeeding in real time, including signature detection to quarantine known-bad files at the endpoint; behavior analysis to kill a process at the endpoint; network session disruption upon detection of files and network behaviors; and email quarantine

Join Chuck Burley, Security Engineer, Fidelis Cybersecurity for a demo of Fidelis Endpoint and find out how to:

Using Playbooks to automate post-breach detection and response
Leverage behavioral indicators to isolate an infected endpoint
Kill Processes that will spread the infection

Adversaries are going undetected for months on their victim’s network because most detection solutions do not provide deep enough visibility and are blind to where the attackers are operating.

What visibility do you need in order to ensure that your data is not lost, misused or accessed by unapproved individuals?

Join Jamie Lertora, Security Engineer for a demo of Fidelis Network and Endpoint and find out how to:

*Extend threat insights to encrypted traffic with Fidelis Decryption
*See deeper into applications and content with Deep Session Inspection
*Gain greater visibility into all threat activity at the endpoint and automate response with EDR

In the new security landscape, blind spots in network traffic can not solely be monitored by security tools designed for simple, on-premise traditional architectures.

Modern organizations are implementing a combination of machine learning, advanced analytics, and rule-based detection to detect suspicious activities on enterprise networks.

In this presentation we'll go through three uses cases where machine learning can be applied in network traffic analysis:

*Detecting Credential Misuse using Lateral Movement
*Identify Credential Stuffing Attack using Behavioral Modeling
*C2 (Command & Control) Detection using Relationship Based Modeling

It all starts so simple; you acquire a tool to solve a security concern. Then another problem arises, so you need to purchase another security tool. Next thing you know you have 60+ different products in your security stack and more problems than ever.

To make matters worse, most cybersecurity stacks are not well integrated or properly configured. When security stacks lack integration and automation, it means a good deal of human intervention is required to address and triage alerts, which results in slower response times.

In this presentation, we’ll show you how to regain control of an unruly security stack. We’ll do a thorough demonstration of how to use the MITRE ATT&CK Cyber Threat Framework to help you develop your approach to rationalizing your cybersecurity stack.

The future of cybersecurity will require a new set of skills as we move to cloud and hybrid security environments. Today’s security teams need continued professional development to maintain the adequate skills and knowledge required to tackle the various types of advanced threats.

One such skill is proactive Threat Hunting. Threat hunting is the process of identifying unknown threats in your environment.

In this workshop, we’ll teach you each key element of the threat hunting process and then we’ll demonstrate how to apply threat hunting techniques. By the end of this workshop, you’ll be able to generate a hypothesis-based threat hunt and develop a threat hunting template.

The security landscape that’s been in place for the last 20 years is no longer valid. Security professionals need to plan for the hybrid security model of the future. Utilizing deception technology can help security teams do just that.
A key goal of deception is to alter the attack surface to confuse and misdirect the adversary. In this presentation, we'll demonstrate how deception technology can help cybersecurity professionals defend against various attack scenarios.

When it comes to cyber attacks, it’s no longer a matter of if, it’s a matter of when. How quickly you can contain and remediate the issue is critical. The key to quick response is visibility – you can’t find what you can’t see. Having visibility from the network and cloud traffic to endpoint activity is a must to understand the who, what, when, where, and how of an attack.

In this presentation, we’ll review how to write scripts on the fly and how use automated playbooks for rapid incident response.

There is no such thing as 100% prevention from cyber attacks. The question is how long the attacker will be in your network before they can exfiltrate your data. Ransomware attacks surged during the first half of this year, as cyber criminals looked to spread their malware while many people are working from home.

In this presentation, we’ll review a ransomware case example. Using a real life attack, we’ll cover how to identify the attack and how to stop if from spreading.

The COVID-19 pandemic has presented a once-in-a-lifetime opportunity for attackers. In a rare occurrence, security professionals know cyber attacks are coming, they just don’t know when. Preventative defenses are not enough, security professionals must proactively hunt for the advanced cyber threats. Threat hunting is more than just searching for threats, threat hunting involves researching unusual activity, correlating suspicious activity, and attempting to find the unknown in the known.

In this presentation, we’ll review the steps today’s security professionals must take to proactively hunting for sophisticated threats.