Name: Red Team v.s. Blue Team: How does Incident Response work?
Start: 2021-07-21T17:00:00Z
End: 2021-07-21T17:00:29.000Z
Location: BrightTALK
Rating: 0

Ransomware attacks and threats are growing exponentially. While many security companies are trying to prevent ransomware from breaching the perimeter of your network, Airgap's Zero Trust Isolation Platform protects your organization from the inside out. Additionally, Airgap’s Ransomware Kill Switch is the most potent ransomware response for an IT organization. The solution can be deployed in minutes without any endpoint agents, forklift upgrades, or design changes. Airgap was founded by highly experienced cybersecurity experts and the solution is trusted by large enterprises and service providers. For more details, check out https://airgap.io or email media@airgap.io

New strains of ransomware are leaving organizations vulnerable and show no sign of slowing down, security teams lack the ability to respond proportionately to an attack, leading to cyber disruption across the organization. This can affect all industries including manufacturing, critical infrastructure, healthcare, or any organization like yours and mine. Join this session to unpack some of 2022 most advanced ransomware threats and their behavior. Also, you can learn how to deploy Agentless Zero Trust Segmentation can fix network flaws from the core for connected OT/IT/IoT and stop lateral threat movement in every stage of the Cyber Kill Chain. If you have concerns about Zero-Day ransomware exploits or are assigned with Zero Trust initiatives, don’t miss this opportunity to learn how you can take autonomous action with 24/7 availability to stop the threat on its track. 

This presentation will discuss:
• Recent ransomware threat trends, including double extortion and RDP attacks in OT and ICS 
• How Autonomous Response takes DEFCON action to contain an emerging zero-day attack in rea time with Zero Trust policy enforcement 
• Fortune 500 manufacturing and ODM subcontractor case studies on how to segment IT and OT networks with Zero Trust agentless segmentation



About Airgap Networks
Airgap is the only vendor that offers an agentless segmentation solution that protects your organization against ransomware threats. Airgap's "Ransomware Kill Switch" is the most potent ransomware response for the IT organization. And Airgap’s Zero Trust access controls protect enterprise’s high value assets against cyber threats. Proven and specially designed to protect Manufacturing, Healthcare, and Critical Infrastructure, Airgap Security Platform is the easiest to implement and manage. https://airgap.io

Protecting Critical Assets Against Ransomware Attacks

Secure access to cloud is broken. By now, you must already know that the traditional VPNs are the weakest links when it comes to secure access into your mission critical infrastructure. This is due to two fundamental flaws. 

VPN aka virtual private network, as it suggests, provides a virtual network extension over a secure link. That means, if the endpoint that is connecting over the VPN, is compromised, an attacker can gain secure access your infrastructure.

Once insider your network, the intruder now has the license to roam within the subnet/VLAN and, unless you have an error free setup, perhaps the intruder has the license to roam across the enterprise.
 
Time and again, we have witnessed VPNs being exploited by the adversaries and, if you want to stay protected, please ensure that you get off the traditional VPN train first.

The modern-day alternative to VPNs is called Zero Trust Network Access (ZTNA). However, the ZTNA solutions lack end to end segmentation. That means, if the attacker somehow gains access to one of your hosts over ZTNA, the attacker will then be able to roam laterally withing your organization. This is the predominant way for Ransomware to spread and compromise most of your assets.

What you need is a combination of modern Secure Access technology coupled with an agentless micro-segmentation solution and a potent incident response tool.
 
This will be the focus of our session. In this session, you’d learn how to
• Provision agentless segmentation at scale across your organization for all your assets – TV, Toaster, Laptops, VMs, Servers, and even containers
• Gain end-to-end visibility and control for all traffic
• Secure high value assets distributed across your organization
• Deploy a Ransomware Kill Switch™ that prevents ransomware spread

The correct way to “Cloud-Access”

Ransomware attacks have been on a constant rise for a number of years now. The number of ransomware attacks skyrocketed in 2020 - an increase of about 715% in 2020, according to the Mid-Year Threat Landscape Report 2020. There’s no reason to believe that this onslaught is going to stop anytime soon. Cybercriminals are coming up with more sophisticated and creative ways to penetrate corporate and home networks. This eBook highlights the Top 5 Ransomware observations and trends provided by Dr. Chase Cunningham and Cybersecurity expert Mike Davis. For more information on how Airgap can help stop Ransomware propagation with Zero Trust Isolation, contact us at info@airgap.io
https://airgap.io/resources/top-5-ransomware-trends-2021

Top 5 Ransomware Behavior Trends in 2021 with Chase and Mike

The growing interconnectedness with increasing application of smart technology and devices means the risk of cyberattacks is rapidly growing.

According to Forbes, in related sectors like automobiles, manufacturing, and tech farming (or AgriTech) awareness of cyber risk is growing and many automakers now court the attentions of cybersecurity professionals with private and public bug bounty programs. In recent years, manufacturers like GM and Ford have had CVEs issued for connected vehicle systems, though not all carmakers have CVEs to their name. 

In this episode of Ransomware Battleground, Higgs and Syya will dive right into the source of the discovery and share with Airgap’s audience on the recent TechFarming exploits. Also explain how a solution like Ransomware Kill Switch™ can service as your first responders when your organization is compromised. Join Us. 

Airgap provides an agentless Anti-Ransomware platform to stop the spread of malware in the enterprise network. Our industry’s first Ransomware Kill Switch™ locks down your most critical network assets at the first indication of compromise with complete control and policy enforcement over the device-to-device and device-to-application communication.

Protect Against Catastrophic OT ICS Cyber Attacks

We all know it is not enough to manage your enterprise network by legacy firewall rules and packet analysis. For an education session, we will have Dr. Chase Cunningham provides updates on what we all observe in zero trust security and share his view on: 
- What is Zero Trust Security?
- Challenges of Zero Trust?
- What is in NIST 800-207? How do you use in the Cloud-First architecture?
- Core Principles in Zero Trust Model 
- Leverage preventive security solutions and tips for achieving Zero Trust  
- Zero Trust and Anywhere (Hybrid) Workforce
- How Airgap Zero Trust Isolation can help (Zero Trust Isolation and Secure App Access)

Airgap provides an agentless Anti-Ransomware platform to stop the spread of malware in the enterprise network. Our industry’s first Ransomware Kill Switch™ locks down your most critical network assets at the first indication of compromise with complete control and policy enforcement over the device-to-device and device-to-application communication.

Zero Trust Security Explained by Dr. Chase Cunningham

"Industry 4.0" operational technology (OT) aims to increase automation, add “smart” devices, make data analytics more efficient and available, and interconnect networks for convenience. Cyber criminal’s latest target is on your operational technology (OT) and the attack incidents can be more destructive as well. 

Can your team stay ahead of today’s advanced hackers by strengthening your cyber risk incident response and management against OT cybersecurity threats?

In this BrightTALK, we will be sharing the challenges the manufacturing vertical faces for IT/OT network segmentation to avoid a catastrophic shutdown when under attack.

To get a copy of NIST / CMMC guideline, please contact info@airgap.io or visit airgap.io website.

From NIST to CMMC: Stay Ahead of OT Cybersecurity Threats

On-premises software's delivery model that is installed and operated from the in-house server and computing infrastructure. On average, government agencies have hundreds of private line of business applications running on-premises via either web-based or non-web protocols. In this BrightTALK session, we will be sharing the Secure Application Access (SAA) use cases from a public sector customer. 

Airgap Secure Application Access (SAA) provides a single source of secure connectivity to private applications hosted in hybrid-cloud environments and multi-cloud IaaS such as AWS, Azure, and GCP.

Your remote and on-premises workforce needs access to business applications and company resources to work effectively. SAA helps IT security teams balance just the right amount of access yet maintain a high level of security and visibility into user activity. In addition to the obvious security benefits, the SAA offers detailed session logs, session recording, and audit control capabilities to ensure that you meet necessary compliance requirements.

SAA integrations with popular identity providers (Okta, Azure AD, GSuite, others) enable IT security to apply zero-trust principles to remote user access, enforcing continuous user identity verification and access authorization for every request made. While adopting a zero-trust framework closes the security gaps of too much network exposure enabled by legacy VPN solutions.

Securing On Premises Private Apps From Anywhere Without VPN

Typical enterprise attack surface has dramatically increased post COVID19. Employees, contractors, and vendors have access to enterprise crown jewels over legacy and insecure VPN  technology for their respective home environments. It is no wonder that we are witnessing a rapid increase in cyber crimes in the last 18 months. Is protecting your application and data your top priority? If so, please join us in the session to understand the threat landscape and various technology options to safeguard your assets. 
 
We believe the fundamental issues faced by the organizations relate to excessive trust relationships over VLANs and VPNs. For better security, we must ensure that every transaction is authorized and authenticated and we must make this happen without the need for a bunch of legwork. 
 
Join us and learn more about our point of view on how you can protect your assets without the forklift upgrades. Ritesh Agrawal, Co-Founder and CEO of Airgap Networks will be discussing industry leadership and technology overview including the following - 
How does the modern Application Access approach compare to the traditional remote access VPN?
What’s the best method to deploy and operate Universal Secure Access Solution?
How to apply zero trust principles, specially for legacy protocols such as SSH, SMB, WMI, RDP etc. ?
What’s the importance of SSO/MFA authentication coupled with intent check?
Walkthrough (Demo) real-world use cases across private and public sectors.

Protect Your Applications and Data from Ransomware Threats

Ransomware Battleground: Tractorloads of Vulnerabilities

How do you reduce the blast radius in real-time? Looking for the easy button to stop ransomware spread? Is Ransomware KIll Switch too good to be true? Join Jeff and Chuck on this replay of our BlackHat USA 2021 Live. Jeff will go over how Ransomware Kill Switch can control Ransomware attack surfaces with DEFCON-like risk control.

Ransomware Kill Switch Demo with Jeff McDaniel

Zero Trust adheres to the principle, "Never trust, always verify." The modern enterprise has an incredible diversity of endpoints accessing data. Not all endpoints are managed or even owned by the organization, leading to different device configurations and software patch levels. This creates a massive attack surface and, if left unresolved, accessing work data from untrusted endpoints can easily become the weakest link in your Zero Trust security strategy. In this BrightTALK, Vinay Adavi (CPO of Airgap Networks) will walk through the key ingredients you should consider to secure your endpoint with identity based segmentation. Also he will be explaining to the audience how the EDR solution partnership can provide the fork-lift free transformation into the Zero Trust Endpoint deployment.

3 Key Ingredients for Endpoint Resilience

Cybersecurity insurance is not a cybersecurity strategy. While there is no way to 100% protect a company’s business operations, data, and IP from cyber threats, there are ways to mitigate risk through a cybersecurity initiative focused on people, processes, and technology. Start with Zero Trust and security-first design principle with Airgap.

At the heart of this initiative are three basic fundamentals: an understanding of what needs to be protected, the value associated with these assets, and the company’s overall risk tolerance.  These drive the rightsizing of company’s cybersecurity strategy to safeguard its assets and reputation. 

In this session, Airgap CEO Ritesh Agrawal and our partner in cyber insurance will discuss how you can strike the balance to secure your enterprise networks with Airgap Ransomware Kill Switch. 

Airgap provides an agentless Anti-Ransomware platform to stop the spread of malware in the enterprise network. Our industry’s first Ransomware Kill Switch™ locks down your most critical network assets at the first indication of compromise with complete control and policy enforcement over the device-to-device and device-to-application communication.

Finding the Balance: Cyber Insurance and Ransomware Incident Mitigation

IT/OT convergence in manufacturing drives Industry 4.0 and uses the data from IT to inform or influence the actions of OT, the technology used in physical operations such as robots, industrial control systems and sensors. How do you cut the interdependencies and isolate the networks in the wake of Cyber Attacks? In this BrightTALK, we will focus on Ransomware defense and Ransomware Kill Switch use cases to minimize the attack surface for manufacturing going through Industry 4.0 and digital transformation. Join Us. 

Ransomware threat is growing rapidly. While there are a whole bunch of security companies that are trying to prevent ransomware from getting into your network, Airgap's "Zero Trust Isolation Platform" protects your organization even if your perimeter is breached or if you have unpatched vulnerable servers inside your data center. Additionally, Airgap’s “Ransomware Kill Switch” is the most potent ransomware response for the IT organization. Airgap can be deployed in minutes without any agents, forklift upgrades, or design changes. The company is founded by highly experienced cybersecurity experts and the solution is trusted by large enterprises and service providers. For more details, check out https://airgap.io

Ransomware in Manufacturing: IT, OT, and IOT Convergence

Kaseya Ltd. is a Miami-based company that provides software to help other businesses manage their networks. The hackers targeted Kaseya’s virtual systems/server administrator (VSA), a type of software that large companies and technology-service providers use to manage and send out software updates to systems on computer networks. The hacks are caused by cybercriminals who acquired and used zero-day vulnerabilities. What do we know about REvil's behavior pattern in this incident? What can you do when your detection solution failed? 

In this BrightTALK, we will demonstrate the post-ransomware incident use cases and how you can automate in-network detection and Ransomware incident response to isolate inside the enterprise network.

The integrated Zero Trust enterprise access solution provides organizations an advanced level of visibility and turns every connected endpoint into a Zero Trust endpoint to stop Ransomware lateral movement before they spread. 

Hear how our joint solution can provide your organization: 
* Advanced Ransomware detection and incident response with of Ransomware Kill Switch™
* Consolidated SOC threat intelligence and analytics
* End to end visibility and intelligence into malware behaviors 

Airgap provides an agent-less Anti-Ransomware platform to stop the spread of malware in the enterprise network. Our industry’s first Ransomware Kill Switch™ locks down your most critical network assets at the first indication of compromise with complete control and policy enforcement over the device--device-application communication. Visit us at Black Hat 2021 USA in Vegas or Virtual. For expo passes, contact info@airgap.io.

Kaseya Ransomware Attack and  Incident Response with Ransomware Kill Switch

Lateral movement is a key tactic that distinguishes today’s advanced persistent threats (APTs) from simplistic cyberattacks of the past. The attack on JBS was part of a wave of incursions using ransomware, in which companies are hit with demands for multimillion-dollar payments to regain control of their operating systems. And yet, there is no guarantee that the hackers wouldn’t find another way to strike. (WSJ)

Lateral movement refers to the techniques that a cyber attacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. After entering the network, the attacker maintains ongoing access by moving through the compromised environment and obtaining increased privileges using various tools. How do you see the vulnerabilities in advance? In this talk, we will introduce the Ransomware Vulnerability Scanner, a free network scanner at https://airgap.io, and help you stay ahead of adversaries. See it and fix it today!

Ransomeware Vulnerability Scanner Explained: What and How?

Organizations of all sizes can be the target of ransomware. Cyberattacks continue to be one of the biggest threats to global businesses and there is no sign of this slowing down. Attack frequency has reached unprecedented levels. The FBI does not support paying a ransom in response to a ransomware attack. So, the question is - How do you get ahead of Ransomware Attacks?

Data intelligence drives decisions. In this solution directed talk, we will elaborate on how Airgap's Ransomware Kill Switch can help:

- Integrate with cyberattack incident report flow and endpoint telemetry to automate your ransomware defense
- Exchange security intelligence data across leading SIEM and SOAR platforms
- Integrates with leading endpoint management for autonomous and adaptive policies from endpoint to enterprise

When you are on Ransomware incident response, you are competing with time. Join us before RSAC 2021 for the live streaming session with Airgap. Schedule a demo on Ransomware Kill Switch at https://airgap.io/events/

About Airgap Networks
Ransomware threat is growing rapidly. While there are a whole bunch of security companies that are trying to prevent ransomware from getting into your network, Airgap's "Zero Trust Isolation Platform" protects your organization even if your perimeter is breached or if you have unpatched vulnerable servers inside your data center. Additionally, Airgap’s “Ransomware Kill Switch” is the most potent ransomware response for the IT organization. Airgap can be deployed in minutes without any agents, forklift upgrades, or design changes. The company is founded by highly experienced cybersecurity experts and the solution is trusted by large enterprises and service providers. For more details, check out https://airgap.io

Power-Boost Ransomware Incident Response with Ransomware Kill Switch

Hackers are outpacing healthcare in the overall cybersecurity race. With the recent OT/IoT/IoMT device hacks gaining access to live feeds of 150,000 surveillance cameras inside hospitals, companies, police departments, prisons, and schools, Zero Trust design, and implementation in healthcare stands out to help stop attack proliferation. Zero Trust can be practiced in phased implementation. Ransomware can be stopped with the Ransomware Kill Switch, particularly so when it's automated with APIs. In this segment, Kris Kistler, CISO of Cognizant Healthcare, will discuss how Zero Trust transformation as a journey for healthcare facilities and share the view to defend device cybersecurity. Furthermore, we will be asking him on the view of Ransomware Kill Switch in Healthcare. Join us!

Ransomware in Healthcare: Got Ransomware Kill Switch for Device Cybersecurity

Red team and blue team play an important role in defending against advanced cyber attacks that threaten business communications. In this special episode of Ransomware Battleground, we talk through the flow in incident response per cyber kill chain. 

Ransomware Kill Switch™ can be used by the incident response to control/contain the blast radius in real time using the preventive and proactive zero trust approach. However, when the detections failed on zero day exploits, how can you use Ransomware Kill Switch™ in the post exfiltration mitigation phase? 

Airgap provides an agentless Anti-Ransomware platform to stop the spread of malware in the enterprise network. Our industry’s first Ransomware Kill Switch™ locks down your most critical network assets at the first indication of compromise with complete control and policy enforcement over the device-to-device and device-to-application communication.

To schedule a demo, please visit https://airgap.io

Red Team v.s. Blue Team: How does Incident Response work?

Incident Response

Ransomware

post exfiltration

cyber kill chain

Cyber Incident Response

Cyber Insurance

Information Security

red team

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Get powerful end user computing insights from influential EUC experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on effective approaches to get non-programmers to create working applications.

End User Computing

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

Healthcare

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Get powerful insights to run your business. CEOs, CFOs, CMOs, COOs, CTOs and CIOs are among the leaders in this community who connect with peers and experts to grow their businesses.

CxO Strategy

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

Red Team v.s. Blue Team: How does Incident Response work?

Presented by

About this talk

More from this channel