Name: Network Traffic Analysis and the ATT&CK Framework
Start: 2020-08-20T12:00:00Z
End: 2020-08-20T12:01:00.000Z
Location: BrightTALK
Rating: 4.8

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

In the rapidly evolving landscape of cybersecurity, the ability to effectively detect and respond to threats is paramount for organizations across the globe. Traditional threat intelligence mechanisms have often been reactive, focused on addressing vulnerabilities after they have been exploited. However, with the increasing sophistication of cyber threats and the expanding digital footprint of modern enterprises, there is a critical need to pivot towards more proactive and dynamic strategies.

This presentation delves into the latest methodologies and technologies driving the future of threat intelligence. We will explore cutting-edge approaches to data collection and analysis, including artificial intelligence (AI) and machine learning (ML) algorithms, which enable predictive threat modeling and real-time anomaly detection.

We will discuss the importance of expanding threat intelligence sources beyond traditional feeds, incorporating open source intelligence (OSINT), social media analysis, and dark web monitoring to gain a more comprehensive view of potential threats. The role of collaborative intelligence-sharing platforms will also be highlighted, emphasizing how they enhance collective defense mechanisms by fostering an ecosystem of shared knowledge and resources.

Beyond the Horizon: Use AI to Expand Threat Intelligence for Proactive Security

Tune into this talk to learn about the integration of Artificial Intelligence (AI) into endpoint detection and response (EDR) systems, focusing on the application of AI-driven behavioral profiling to identify malicious activities. Industry thought leader John Bambenek will delve into the mechanisms by which AI models discern typical from atypical user behaviors, thus enhancing threat detection capabilities. The discussion also will cover the benefits of this holistic approach, including improved detection accuracy and faster response times. Practical case studies will demonstrate the effectiveness of AI behavioral profiling in real-world scenarios, underscoring its significance in the development of robust cybersecurity frameworks.

Enhancing EDR: A Holistic AI-Based Behavioral Profiling Approach

Tune into this talk presented by the University of Washington's Deveeshree Nayak as she discusses the importance of advancing application security practices into our technology use. As technology continues to integrate more into our lives, it becomes increasingly important to secure educational applications and platforms. 

During the session, we will explore various topics such as the current threat landscape, the significance of secure development, case studies, best practices, the role of education in advancing security practices, future trends, and how to form a team to address security vulnerabilities, manage risks and fortify against cyber attacks. Please join to gain insights into advancing application security practices tailored to various sectors' unique challenges and opportunities. Whether you are an educator, IT professional, or administrator, this talk aims to equip all types of attendees with the knowledge and tools needed to strengthen your institution's security posture.

An Educational Perspective and Mitigation Strategy for Application Security

In an age where artificial intelligence (AI) not only powers innovations but also underpins cybersecurity threats, this session aims to inform and help you prepare against the next wave of digital assaults. This talk will delve into the burgeoning domain where lax API security meets sophisticated AI-driven exploit bots, marking a paradigm shift in how cyber threats are generated and how they must be mitigated.

As smaller entities become increasingly attractive targets due to the reduced cost and effort required for attacks, the session underscores the imperative of adopting secure development practices. It posits that the foundation of robust AppSec in this new era lies not in the procurement of cutting-edge tools, but in the diligent application of well-established security principles. Attendees will leave with the following takeaways:
- Cost-effective strategies that can fortify applications against the onslaught of AI-powered threats.
- Proactive cybersecurity frameworks, with a particular focus on how threat modeling can evolve to address AI-specific vulnerabilities. 
- Actionable insights into applying frameworks like the NIST AI RMF to AI app development. 

The session seeks to equip participants with the knowledge and tools necessary to anticipate and defend against not just the threats of today but those of a rapidly approaching future. Designed for security professionals, application developers, and business leaders alike, this talk will offer a blend of humor, real-world scenarios, and practical solutions to navigate the complexities of securing applications in an AI-driven world. Join us to explore how we can turn "advanced threat guesswork" into a strategic advantage, ensuring our digital defenses are not just reactive but predictively aligned with the cybersecurity landscape's evolution.

Predictive Shenanigans: The New Wave of Application Threats

In the digital age, APIs are the backbone of digital transformation, powering everything from mobile apps to microservices. However, as the complexity and connectivity of systems increase, so does the attack surface and their vulnerability to cyber attacks. The key to securing these systems lies not just in the application of security measures post-development but in embedding security considerations throughout the Software Development LifeCycle (SDLC). This session, sheds light on the process of threat modeling and showcases its critical role in designing secure and resilient APIs.

During this session, we will be covering
- The fundamentals of threat modeling.
- Integrating threat modeling to API lifecycle. 
- Case studies and real-world applications. 
- Tools and techniques for effective threat modeling. 
- Overcoming common challenges. 

This session is designed for developers, security professionals, and IT leaders seeking to enrich their API security strategy through the power of threat modeling. By the end of this session, attendees will be equipped with the knowledge and tools needed to implement a robust threat modeling process, transforming their API design process.

About the speaker:
Elango is CISSP certified and accomplished technology leader with 20+ years of experience building high-performance engineering organizations for high-tech and financial services businesses across multiple geographies. He oversaw several cloud implementations that meet the highest standards of security and compliance for top-tier banks across Singapore, Thailand and the United States.

The Blueprint to Secure API Design Through Effective Threat Modeling

Do you have all the parts of zero trust in place to control risk to your crown jewels? 

If you don't know where to start, you probably need to assess your situation.

Using a zero trust readiness assessment you can see what parts of the people, process, and technology triad you already have in place and what you don't. With a readiness assessment you can figure out what to focus on first in order to tackle the remaining parts of the zero trust jigsaw.

Zero trust is a model or philosophy of how users and devices access applications and data. Zero trust is not a SKU or a single product, rather it is a more secure way to provide access to data by checking the identity of the user, or application, on a continual basis before allowing the user or application to access sensitive or confidential data, limiting access by network segmentation and dynamic access mechanisms. 

Remember, the goal is to protect the data and make sure that it remains confidential, maintains integrity and availability.

CBTS used the NIST Special Publication 800-207 as the foundation for an assessment to help customers know where they stand with their zero trust journey. The assessment is standards based and does not reference or promote vendor solutions, rather the people, processes, and technologies in place are assessed against 800-207. In this presentation we will review the general components of a zero trust readiness assessment so that you know where you are and how to complete your journey.

How Do You Know Where to Start Your Zero Trust Journey?

Zero Trust Architecture (ZTA) incorporates many aspects of effective cyber security…but not all of them.  There are many elements of information security that are implied in ZTA but are not explicitly stated.  These include role-based access control (RBAC), identity management, key management and threat intelligence.  Together, constitute the zero trust environment, which must be in place for the architecture to be implemented.  ZTA plus these environmental elements are the basis for secure use of information resources, today and as a foundation for future growth.  This session presents each of these elements as products to be evaluated, acquired and implemented in order to achieve full zero trust.

Learning objectives:
- The various security methods that support ZTA but are not included in it. 
- The value proposition for a fully supported zero trust environment.
- The vendor landscape of these supportive methods.
- Determining the need for supplemental products and tools.

What's NOT Included in Zero Trust Architecture

APIs have become essential in today's digital ecosystem, enabling seamless data exchange, connecting applications, and driving innovation. However, as they contain valuable data, APIs can also serve as enticing targets for cyber attacks such as DDoS attacks, SQL injections, and cross-site scripting (XSS). A single API breach can jeopardize sensitive information and affect an organization's reputation, financial stability, and compliance. Therefore, it's crucial to have a robust API security program in place. 

In this webinar, we will explore the multifaceted landscape of API security and emphasize its pivotal role in modern enterprises' overall cybersecurity posture. We will delve into the foundational components of API security, explain how each relates to the evolving threat landscape, and discuss practical, actionable ways they can prevent cyber criminals from exploiting vulnerabilities in APIs. We will also provide insight into the capabilities of a mature, end-to-end API security program and define practical milestones to empower you to elevate your API security to the next level.

Key takeaways from this webinar include understanding how attackers' tools, techniques, and procedures are evolving, learning the components of API security and their respective roles, and taking actionable steps to assess and enhance your organization's API security posture. In addition, we will highlight forward-thinking strategies and how web application firewalls (WAFs) can help detect and block malicious traffic, and how API security solutions can provide comprehensive protection for your APIs and work with WAFs to ultimately protect applications and their data.

Elevating API Security

In the ever-evolving landscape of DevSecOps, the paradigm is shifting towards a proactive approach known as Zero Trust, redefining how security is integrated into the CICD pipeline. This transformation doesn't simply entail developers assuming more security responsibilities but rather involves a holistic restructuring, where security teams engage in early-stage development.

Our presentation delves into the evolution from traditional DevSecOps to the advanced realm of Zero Trust. We explore the principles of "Simple DevSecOps" and "Trust but verify," leading up to the pinnacle of security sophistication: "Zero Trust." In a zero trust environment, every element of the DevOps pipeline undergoes rigorous authentication and authorization, ensuring heightened security at every step.

In this session, join Jyotirmayee Pradeep Kumar (Vice President of Cloud DevOps at a well-known global bank) as she unravels the concepts of "Security as Code" and "Policy as Code" as instrumental tools in implementing zero trust. 

Topics for discussion include:
- The foundational principles of DevOps and its evolving landscape.
- The pivotal role of security within the DevOps framework.
- The benefits and challenges of zero trust in DevOps environments.
- Practical strategies for implementing zero trust in the CICD pipeline.
- Diverse approaches to integrating zero trust seamlessly into your DevOps practices.

Elevating DevSecOps Security: The Journey to Zero Trust

The rapid adoption of cloud technology by organizations has led to a shift towards both single and multi-cloud environments. Unfortunately, this shift has also resulted in cloud misconfigurations, which are one of the top risks associated in the cloud. Cloud misconfiguration refers to any errors or gaps in the security measures of a cloud environment. 

We will begin by discussing the root causes of cloud misconfigurations. We will then review case studies of organizations that have suffered data breaches due to cloud misconfigurations, such as Capital One in 2019, eBay in 2014, and World Wrestling Entertainment (WWE) in 2017. Finally, we will then walk through built-in tools provided by AWS, Microsoft Azure, and Google Cloud, that cyber professionals can leverage to mitigate security risks in the cloud. These tools are also known as Cloud Security Posture Management (CSPM) tools.

Cloud Security Posture Management tools are automated solutions designed to identify misconfiguration issues and compliance risks in the cloud so that they can be remediated, reducing the risk of successful breaches. We will explore AWS Security Hub, Microsoft Defender for Cloud, and Google Security Command Center, and review how each tool can be used to gain visibility into the current security posture of each respective cloud.  Furthermore, we will emphasize how these tools can be applied to determine alignment with relevant regulatory compliance standards and industry-standard benchmarks, as well as identify threats and potential security weaknesses. 

The key takeaways from this session are:
- Most cloud breaches are due to misconfigurations or human errors.
- Do not rely on your cloud service provider to secure your data (understand the shared responsibility model).
- You cannot protect what you do not have visibility into (CSPM solutions can help).
- Cloud security should begin with implementation of cloud governance.

Using Cloud Security Posture Management Solutions to Mitigate Misconfigurations

Organizations are striving for IT sustainability, but having the right foundation in place is imperative to be able to work towards the sustainability goal. Tune into this session presented by industry thought leader Vincent Amanyi as he highlights the fundamentals to establish and  jump start the IT sustainability program in your organization. 

Attendees will learn:
- Strategies to design a comprehensive program.
- How to identify core factors that drives decision points.
- How to develop a benchmarking to manage the program.

Enabling the Foundation of IT Sustainability

Several cyber insurers have turned the noncompliance tables on their clients with the covenants of their cyber insurance policies. Ironically, these covenants are nothing more than IT security requirements which, with some board and C-suite support and focus, can be fulfilled by the CIO and his team. 

In this presentation, industry thought leader Ralph Villanueva will draw on his IT security, compliance and cyber security insurance experiences (he is a licensed P & C insurance agent and broker, which includes cyber security insurance) to help the audience avoid these five cyber insurance pitfalls and ensure that if an insurable event occurs, their employers will receive the full benefits of their cyber insurance policy.

Secure your Company by Avoiding These Five Cyber Insurance Pitfalls

Cyber insurance is a must in today's IT threat landscape, but how do you make the right choice among the vast market of providers? This session, presented by industry thought leader Vincent Amanyi, will detail a comprehensive model of how to to better align your organization assets with the right cyber insurance mix. 

Key takeaways
- Develop strategy to perform health check across your enterprise. 
- Establish a clear cost-monitoring model across your enterprise.
- Develop a mechanism towards a targeted insurance mix for your assets.

Evaluating Options for Cyber Insurance

In an era where "cloud-first’ is often mistaken for “cloud-only,”' let’s explore a few often-neglected aspects of ransomware incident preparedness, highlighting the ironic shift in readiness from things we used to do well (or at least often) in the pre-cloud era, but that have been left behind in the present day. This presentation will focus specifically on three critically underappreciated practices that are still useful, and increasingly pivotal, for effective response to ransomware attacks.

1.) The significance of "go-to-paper" processes, you know, good old-fashioned manual business continuity (BC) procedures we used to follow when our digital world went dark. We'll explore how these archaic yet surprisingly resilient manual tactics are more than just a trip down memory lane, but necessary steps in ensuring your business keeps running even when screens don’t.

2.) Infrastructure backups. We're not just talking about your important data, but the increasingly software-defined and abstracted infrastructure components you rely on. This discussion will strip away the veil of complacency that often shrouds cloud-based systems, revealing the stark realities of shared responsibilities and the need for a more holistic approach to disaster recovery.

3.) The practicality of meeting recovery point objectives (RPO) and recovery time objectives (RTO) when relying on offline or internet-based backups. This involves an in-depth analysis of current practices; measuring their actual effectiveness and whether regaining access to data and systems is possible within acceptable time and data loss thresholds.

By revisiting these "old" strategies, we propose a renewed, hybrid approach to ransomware preparedness, blending traditional wisdom with modern technological capabilities. This presentation aims to equip organizations with a more holistic and resilient strategy in the face of evolving cyber threats.

Old School Lessons for Handling Ransomware in the Digital Age

While ransomware prevention is always the goal, what happens when it occurs anyways?  Backups or disaster recovery solutions are not enough. Companies need an actual plan on what to do, key steps to take as well as additional options for when primary solutions do not work as expected or simply fail.  

Key takeaways:
- Initial assessment.
- Team communication.
- What to expect if you do or don’t pay the ransom.
- Bringing in third party help.
- Recovery process

Viewers will also learn pivotal prevention steps such as:
- Recovery points / Clusters.
- Infrastructure safe guards.
= Documentation.

Join instructor and architect Brian Kirsch as he explores ransomware recovery plans and how they can help brace your company for impact. Because it’s not a question of if, it’s a question of how to bounce back when it does happen.

About the speaker
Brian Kirsch is an IT Architect and Instructor at Milwaukee Area Technical College, focusing primarily on the virtualization and cloud environments. He has been in information technology for over 25 years and has worked with VMware products for more than 15 years. Kirsch holds multiple certifications from VMware, CommVault, AWS, Brocade, Microsoft and Dell EMC, he also sat on the VMUG Board of Directors for five years helping to guide and shape the user community. Kirsch also provides a direct line of communication from customers to the VMware product architects through the VMware Customer Council and the VMware Inner Circle.

Key Steps to Planning Recovery from Ransomware Attacks

In the ever-evolving world of cybersecurity, where traditional defenses are becoming less effective against sophisticated threats such as ransomware, CISOs face the challenge of transforming security from a cost center to a business enabler. Tune into hear CEO and industry thought leader Sandra Estok teach how to equip organizations with strategies to combat rising cybersecurity threats , specifically spear phishing and QR code scams & phishing.

This session will explore the latest phishing trends and how CISOs can adapt to these evolving threats. We will delve into innovative approaches that go beyond traditional security awareness, focusing on building a strong security culture and mindset where every employee is an integral part of the Cyber-Self-Defense mechanism. Key takeaways will include:
- Adapting to New Threats: Understanding the shift in phishing attacks and the necessity of evolving defenses.
- Cultural Mindset Shift in Cybersecurity: Moving from mere awareness to ingraining security as part of the organizational culture.
- Practical Cyber-Self Defense Steps: Implementing effective, actionable measures to empower employees against cyber threats.

This session is designed for CISOs, IT directors, and technical professionals aiming to equip organizations with tools and strategies to not only counteract sophisticated cyber threats but to also leverage cybersecurity as a strategic business asset fortifying defenses against the ever-changing ransomware threat landscape.

About the speaker
Sandra Estok, MBA, GIAC-GSLC, CIPM, international bestselling author, and Founder of Way2Protect®, utilizes her 25-plus years of experience in the Cybersecurity, IT, and Data Privacy industries and her nightmare story to inspire her audience to overcome their fears of the cyber world and protect what matters most against hackers, scammers and Cybermonsters®.

Outsmarting Phishers: Turning Employees Into Cyber-Self Defenders

Let's face it -- cyber attacks such as ransomware are becoming more common and complex. The coming twelve months will bring increasingly aggressive cybercrime activities as malicious actors continue to pivot their ransomware attacks from data encryption to data exfiltration.

The question to you is this -- are you doing everything you can to protect your organization from a ransomware outbreak?

Join this presentation from TD Bank's Leen Bongale to learn how to ensure your organization is prepared and ready to respond to any ransomware scenario.

Preventing Ransomware Attacks in the Cloud

Zero trust is a strategy that defines how to architect your computer network and systems to protect and defend your data from attacks. It operates by assuming that computers, user accounts, software, and applications can be compromised at any time and implements continuous assessment of device posture, user credentials, and application integrity before granting access. 

Zero trust is not a SKU or a single product, rather it is a more secure way to provide access to data by implementing security controls on the end point, on the network, and in the cloud to ensure only authorized users and applications can access your data. 

Remember, the goal is to protect the data and make sure that it remains confidential, maintains integrity, and is available when needed.  

Tune into this this talk from industry thought leader John Bruggeman as he reviews zero trust at a high level and discuss what solutions you can implement to take advantage of this ransomware resistant strategy. 

Key takeaways regarding solutions for 
- End point protection. 
- End user authentication.
- Network access controls.
- Cloud posture management.

Using a Zero Trust Architecture to Help Prevent Ransomware

Reduce Security Risk with EDR and IR Automation

Did threat actors get in when you went remote? Time to hunt.

Auth, Audit and Action

Breach Detection: Becoming as Agile as The Attackers

First steps to regain control on a compromised infrastructure

Securing DevOps - Should We Start Shifting-Center?

The Importance of App Security in the Securitization of DevOps

AST for Securing DevOps

Shining a Light on Shadow Code

Shift Left with Security into the Development WorkFlows

DevOps & Security in 2020

DevSecOps - Protecting CI/CD and the last line of defence of your organisation

Cost Optimization for Security & Risk

Rapid Moves to the Cloud: Securing the New Normal

Threat Analysis and Breach Protection

Leaky Buckets: Effective Encryption Techniques to Secure AWS S3 Buckets

Police insight – How to protect your business from cyber threats

Securing the Cloud in 2020: Threats, Visibility & Privileged Access

Power Your Security Ecosystem to Prevent Against Data Breaches

Securing remote workers: The critical role of strong authentication

Humans are the Weakest Link – Corona Edition

Business is still good for cyber criminals. How about yours?

DDoS Attacks in 2020 & Best Practices in Defense

Effective Anti-Phishing Requires 100% User Adoption. Here's How to Do It.

Cybersecurity Threat Detection and Prevention

Caught in the Wild: Threats in Focus

THREAT INTEL IN THE REAL WORLD: An Expert Roundtable

Addressing Today’s Cyber Threats

Cybersecurity in the New World

Cyber Threats and Enterprise Security 2020

The internet has enabled the perpetration of crimes at huge distances with impunity. But defenders can inspect network traffic for signs of malicious activity and where it originates. 

This session examines how we can use the MITRE ATT&CK framework to codify and share intelligence on attacker behaviors derived from network traffic analysis. We will look at how traffic is collected, stored and analyzed. We provide an overview of tools for analysis of network packets and flows, and explain how these tools can help us identify the malicious use of non-standard protocols, protocol abuse, tunneling, port scanning, lateral movement, command and control, and data ex-filtration. We will also discuss automated detection of suspicious traffic using signature-based, behavior-based, rule-based, and anomaly-based algorithms. Finally, we will introduce Security Onion, a Linux distro similar to Kali Linux, but for defenders.

Network Traffic Analysis and the ATT&CK Framework

IT Security

Network Security

Breach Detection

Security Analysis

Security Analytics

Breach Prevention

Cyber Threats

Enterprise Security

Cyber Attacks

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Network Traffic Analysis and the ATT&CK Framework

Presented by

About this talk

More from this channel