Name: Applying YARA to Uncover Hidden Phishing Threats
Start: 2020-11-03T17:00:00Z
End: 2020-11-03T17:00:40.000Z
Location: BrightTALK
Rating: 5

ReversingLabs empowers modern software development & SOC teams to protect their software releases & organizations from sophisticated threats. 

Secure by Design is the biggest single thrust in the federal government's efforts to change the game on software risk, with the clear goal of shifting liability to software producers for supply chain security. 

But there's a big problem: Even if best practices are used, the application security tools gap, as noted in the ReversingLabs Software Supply Chain Risk Report, is leaving organizations exposed to supply chain attacks. And cybercriminals and nation state groups, which are embracing supply chain attacks as a preferred means, are evolving their methods to exploit these gaps.

What is needed for development organizations to make Secure by Design a reality? How can you trust your releases are secure? First, software producers must be able to verify the integrity of their releases. That requires modern tools that go beyond legacy application security testing (AST) and software composition analysis (SCA).

In this webinar, you will learn:

✓ About the benefits of Secure by Design — and the broader shift to making software producers liable for the security of their software.
 
✓ The real-world problem of realizing Secure by Design. The app sec tools gap is real, and companies know it’s leaving them exposed.
 
✓ What you need to be able to verify the integrity of your software releases — and to deliver the trust that Secure by Design demands.

Secure by Design: Why Trust Matters for Software Risk Management

In this episode, ReversingLabs Field CISO Matt Rose explains why it's key for teams to understand the process by which supply chain attacks happen — and the results of those attacks.

Software Supply Chain Attacks: How vs. What

Traditional software analysis tools exclusively detect vulnerabilities, leaving users unaware of active, severe threats hidden in their third-party, open source and proprietary components. The first step in reducing the risks of releasing or deploying untrustworthy code is finding and fixing those threats before software is released, acquired or deployed.

ReversingLabs Software Supply Chain Security solution leverages the world’s largest threat repository of malware to locate urgent issues that legacy tools miss.  

Join us for a quick, 20-minute demo to see how we are solving the complex risks that supply chain attacks are bringing to our enterprise customers today.

In this demo, we will demonstrate the benefits of having:

✓ A final exam for software releases and updates - capable of scanning complex, multi-GB binaries in minutes

✓ Identification of multiple types of threats and exposures (malware, tampering, vulnerabilities, mitigations, and secrets) from one platform

✓ A detailed inventory of open source, third-party and proprietary software components and the threats and exposures hidden in each component

✓ Security posture analysis to know your software’s security level and how to improve it

Know When Your Software Is Malware | Software Supply Chain Security DEMO

In the modern enterprise, the tools used to evaluate complex software packages, identifying risks and threats, are more critical than ever. 

In this webinar, we will discuss the evolution of static analysis to binary analysis, highlighting this technology’s significance in threat analysis of complex software packages. 

This webinar aims to provide an understanding of the difference in the analysis technology, illustrating how static binary analysis is leveraged to bolster a software security posture and understand the security risks prior to deployment into organizations.

Key Learnings: 
✓ Introduction to software analysis techniques and their role in the software development lifecycle.
✓ The benefits of early software risk and threat detection, reduced remediation costs, and improved compliance.
✓ How legacy tools like SAST and SCA leave gaps in the software security posturing that require this level of analysis
✓ How ReversingLabs applies the technique to gain unparalleled visibility into complex software packages

Static vs Static Binary Analysis: The Future of Complex Code Deconstruction

In this episode, Matt gives an overview of the National Institute for Standards and Technology (NIST)’s newest version of their Cybersecurity Framework (CSF). He points out what’s new in CSF 2.0, such as the addition of governance as a discipline, plus a greater focus on software supply chain security.

NIST CSF 2.0 is near: A lot has changed in 5 years

In this episode, Matt explains what the newest version of the Exploit Prediction Scoring System (EPSS) is, and how it compares to the Common Vulnerability Scoring System (CVSS) when it comes to minimizing alert fatigue — and prioritizing the highest-risk vulnerabilities.

EPSS 3.0 + CVSS: Why Prioritizing Software Risk is Key

See ReversingLabs’ latest features and get a sneak peek of what's coming next for customers.

Watch our host and Sr Dir., Product Marketing, Richard Melick, and VP of Product, Eirk Thoen, as they showcase our latest releases, take you through our platform improvements and new features, and highlight recent advancements to ReversingLabs complete product lineup.

In this quarterly webinar, you will learn:

✓  Exciting updates to our software supply chain security and malware analysis offerings

✓  Use cases on the best ways to use these features

✓  A sneak peak at some coming updates

Malware Analysis,Threat Hunting & Software Supply Chain Security Product Updates

Security teams struggle with alert fatigue caused by a variety of factors, which impacts the overall security posture of an enterprise. Too much time is wasted chasing false positives and investigating anomalies that turn out to be normal application behaviors. 

The information provided by software supply chain security during the normal application review process can aid security teams long term by helping tune alerts before software is deployed, or address specific concerns or risks with extra layers of detections as needed. 

This addition to the application review process can lead to significant resource savings, and increased network security.

Key episode takeaways: 

✓ Enterprise security team pain points related to detections and false positives

✓ Identifying behaviors likely to trigger host based security alerts

✓ Reviewing network traffic elements for inclusion in relevant allow lists across security applications and appliances

Reducing False Positives in the SOC with Software Anlaysis

Watch as ReversingLabs Software Threat Researcher Lucija Valentić digs into the recent string of software supply chain attacks targeting developers on PyPI and npm. 

Valentić will unpack the details of Brainleeches, VMConnect and Luna Grabber campaigns including the methods and malicious deliverables used by both sophisticated and unsophisticated actors to compromise development organizations. 

You won't want to miss these insights.

Threats Uncovered: Unpack the Latest PyPI and npm Supply Chain Attacks

Enterprise applications performing similar functions can vary greatly from one vendor to another. Understanding those differences can help when choosing one to purchase or support, and enable an informed risk assessment. 

In this episode we will look at a few popular cloud storage applications, including OneDrive and Dropbox to see how they behave, how much bloat and risk they bring with them, and some interesting easter eggs hidden within the packages.

Key episode takeaway: 

✓ How to perform rapid repeatable comparison and risk assessment using the ReversingLabs Software Supply Chain Security platform

Deconstructing OneDrive & Dropbox: A Cloud Storage App Throwdown

In this episode, Matt explains why CISA's Secure by Design, Secure by Default policy is great in concept, but is actually difficult to execute in the real-world. This is because the policy can really only be applied to new software that hasn't been released yet to the market.

CISA Secure by Design/Secure by Default is HARD

From Black Hat to BSides to DEF CON, ReversingLabs gathered 3 top notch experts who were there and ready to share their perspectives. 

Watch this special post-Black Hat event for a post-mortem on the highs and lows of one of the biggest weeks in cybersecurity. Presenters will talk about takeaways from sessions attended, input on key trends at the shows and predictions for what’s next in cybersecurity. 

✓ Key findings at Black Hat about what’s next for our industry
✓ Insight into the biggest security revelations from the talks
✓ How enterprises can apply these lessons to stay safe
 
About the presenters: 

Derek Fisher is the author of Application Security Program Handbook: A guide for software engineers and team leaders and Head of Security at Envestnet. He is also an External Advisor on the Cyber DIA Advisory Board and Adjunct Professor Secure Software Development Temple University.

Freakyclown is the author How I Rob Banks: And Other Such Places and Co-Founder and Co-CEO of Cygenta. Additionally he is a well-known ethical hacker and social engineer. He has been working in the infosec field for over 20 years and excels at circumventing access controls.

Chris Hughes is the author of Software Transparency: Supply Chain Security in an Era of a Software-Driven Society and Co-Founder and CISO at Aquia. He has spent his career building a reputation as a proven Cloud/Cybersecurity leader with nearly 20 years of experience in Federal and commercial industries.

Black Hat...Now What? Tips & Takeaways From the Biggest Week In Cybersecurity.

In this episode of ReversingGlass, Matt makes the essential point that trust in your software supply chain is all or nothing. He explains that trusting anything less than 100% of the components in your software package will set your organization up for major risk. This is why trust in software supply chains needs to be complete, so that the risk of a software supply chain attack to your organization can be minimized.

Trust in Your Software Must be Complete

87% of companies have detected software issues in their software supply chain in the last 12 months, according to a recent survey.  A majority of respondents also said their organization’s software supply chain security was not as mature as it should be.[1] 

CI/CD environments are appealing targets for malicious actors intent on using your software delivery processes as their attack pipeline.  

Join Daniel Gallo, Solution Engineer, JetBrains -TeamCity and Igor Lasic, SVP Engineering, ReversingLabs, as they discuss approaches to overcome the challenges that DevSecOps teams face in defending their CI/CD environments against multiple attack vectors and threats.

Learn tips & tricks for delivering trustworthy software, including:

✓ Securing CI/CD infrastructure
✓ Creating secure software
✓ Validating security levels before shipping

TIPS FOR OVERCOMING THE TOP CHALLENGES IN DELIVERING TRUSTWORTHY SOFTWARE

In this episode, Matt explains why organizations need to strengthen their software supply chain security efforts immediately, given the increase in both the speed and complexity of development environments.

Why the time is NOW for Software Supply Chain Security

In this episode of ReversingGlass, Matt explains the key differences behind two major threats to software supply chains: vulnerabilities and malware. He demonstrates how vulnerabilities are unintentional risks, while malware is an intentionally nefarious action.

The Differences Between Vulnerabilities and Malware

In this episode, we will focus on code signing certificates, the role they play in software, and the many ways they can be abused. Understanding these elements will help us define and tune our baselines in that area.

Key episode takeaways: 

✓ The function of code signing certificates and how they work

✓ The risks of file tampering and how can it be detected

✓ Evaluating the risks of different certificate policies and adjusting the baseline to support specific needs or use cases.

Fine Tuning Your Risk Baseline With Code Signing Certificates

SolarWinds and the more recent 3CX attack put software supply chain security front and center for organizations. While they recognize risk is enterprise-wide, traditional app sec tools are not up to the job. Learn why modern tooling and a mature supply chain security program are now a requirement for managing software risk.

In ReversingLabs’ new Software Supply Chain Security Risk Report, Chris Wilder, Research Director at TAG Cyber and author of the report, will analyze the key findings from a Dimensional Research survey of more than 300 IT pros and Matt Rose, Field CISO at ReversingLabs, co-author of the report, will discuss the evolution of application security — and how a mature software supply chain security approach is now a requirement for managing risk. 

Key Webinar Learnings:

✓ The software supply chain pain points for modern development organizations
 
✓ How gaps in existing application security tooling leave development organizations and security teams exposed to supply chain attacks. 
 
✓ The limitations of narrowly scoped software supply chain initiatives and the need for comprehensive approaches to securing supply chains. 
 
✓ How organizations can operationalize software supply chain security and move beyond “checkbox” compliance, including using Software Bills of Materials (SBOMs) to provide a comprehensive overview of software risk and dependencies.

Why Modern Tooling is Now a Requirement for Full Software Supply Chain Security

Phishing continues to be a primary attack vector, preying on unsuspecting yet targeted end users who unintentionally infect their systems. Often these attacks introduce new or updated malware which can go undetected for months. And to exacerbate the security challenge, EDR systems don’t often retain histories of the binaries executed on local endpoints. So organizations are faced with the dilemma- how do I uncover phishing payloads across my endpoints months after their IOCs are known?  

In this webinar, we’ll discuss: 
 
● How to leverage an Email AbuseBox or “local repository” for suspicious Phishing attachments, and have this available for retro-hunting 

● How to create a custom YARA rule to search for a particular byte sequence indicative of new IOCs 

● How to apply these YARA rules across local repositories

● How to automate the retro-hunting process and alert on detections for action.

Applying YARA to Uncover Hidden Phishing Threats

Threat Hunting

Malware

Threat Intelligence

Threat Detection

Cyber Threats

Threat Assessment

Threat Analysis

Phishing

Cyber Attacks

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Applying YARA to Uncover Hidden Phishing Threats

Presented by

About this talk

More from this channel