Name: How a Managed EDR Analyst Hunts, Investigates, and Remediates an Incident
Start: 2019-07-30T19:45:00Z
End: 2019-07-30T19:53:51.000Z
Location: BrightTALK
Rating: 0

Symantec protects information wherever it’s stored or accessed. from your company’s most important information to your family photos.Everything we do begins with what we’ve learned about keeping people’s information secure. 

We operate a worldwide cyberintelligence threat network that positions us to proactively address where you’re most vulnerable. This network captures worldwide security intelligence data that gives Symantec analysts unparalleled sources of data to identify and analyse, to deliver protection and provide informed commentary on emerging trends in attacks, malicious code activity, phishing and spam.

In this week’s Cyber Security Brief podcast, we mark the one-year anniversary of the introduction of the General Data Protection Regulation – more commonly known as GDPR. To mark the introduction of GDPR, Brigid O’Gorman talks to Zoltan Precsenyi, Symantec’s director of GDPR strategy. We discuss the impact of the introduction of GDPR on companies and members of the public, whether or not the regulation is fulfilling its stated purpose, and the new data protection and privacy challenges that are likely to face companies in the future.

Cyber Security Brief: GDPR Special: The Impact of the Regulation One Year On

Failure is an essential component of success. Ask any “successful” person and, assuming they’re being honest, they’ll tell you it’s what they learned when things went wrong that proved most valuable of all. That and the grit to pick themselves up – and press on, year after year.

Whilst there are many lessons we have to learn ourselves, in an ideal world we’d be able to learn from someone else’s mistakes. This is especially useful in cyber security, where there’s millions, or even billions, at stake and breaches  can have serious implications for national security.

The majority of the 3,000 security decision makers surveyed as part of this research, across three countries, would agree. More than half (51%) say failure is a critically important part of the process of improving cyber security measures.

Join Darren Thomson, EMEA CTO, Symantec, Dr Chris Brauer Goldsmiths University and Richard Brinson, CEO Savanti to find out how to turn disaster into success.

After the Breach: How to Turn Disaster into Success

On this week’s Cyber Security Brief podcast, we chat about our report looking into the Internet Research Agency's disinformation campaign targeting the 2016 US presidential election. We also talk about the apparent retirement of the operators behind GandCrab, and red faces in both the New Zealand government and the Dutch Data Protection Authority.

Cyber Security Brief: Twitterbots, ransomware retirements, and email mishaps

On this week’s Cyber Security Brief podcast, it's episode 50! We discuss the EU’s bug bounty program, bad password security practice, and why “secure” websites are becomingly increasingly untrustworthy. We also chat about the start-up that hacked its own customers’ cryptocurrency wallets – in order to safeguard their funds, a further update on the RDP vulnerability we’ve discussed previously, and how the Spanish soccer league La Liga was misusing its mobile app. Finally, the story of how Radiohead called the bluff of a ransomware criminal.

Cyber Security Brief: Bug bounties, bad passwords, and Radiohead

Plagued by sophisticated threats, increasing workloads, and an ever-expanding attack surface, security teams are turning to Endpoint Detection & Response (EDR) tools and Managed Endpoint Detection and Response (MEDR) services.

Join ESG and Symantec as we discuss how organizations are using solutions to improve their threat detection and response efforts.

We'll cover:

- Trends impacting threat detection efforts

- How organizations are using EDR and MEDR solutions

- The benefits of using an MEDR service

Explore the Benefits EDR tools and Services

In this week’s Cyber Security Brief podcast, we discuss the drama that ensued when Samsung tweeted about scanning their smart TVs for malware, a city in Canada lost CA$500,000 to a BEC scam, and three universities in the U.S. revealed in the same week that they were hit by data breaches. Also, we discuss new research just published by Symantec into the Waterbug/Turla group, and two different Android threats that were in the news this week.

Cyber Security Brief: Waterbug, “Smart” TVs, and BEC Scam Hits Canadian City

As enterprises begin to recognize the need for greater visibility into mobile threats and are increasingly pressed to protect their organizations from such threats, primary concerns still seem to be focused around what threats a solution can identify – malware, phishing, network attacks and much more.

While this is a starting point, there are other elements, characteristics, and abilities that have a far greater impact on the protection of an organization’s sensitive assets, information, and data that are not discussed often enough.

Join Brian Duckering c and Jeff Louisma as they explore the less-discussed topics of a mobile security strategy that everyone should understand – before it’s too late.

• Focus on high user acceptance rates - poor adoption rates can make a good solution worthless.

• Provide security on managed & unmanaged devices - equally effective security should be available for mobile devices and use cases.

• Protection of sensitive data and systems should take place in real time - relying on third-party solutions or human intervention could be too late.

• Resource demand should be minimal - maintaining and updating the solution should be efficient and require minimal resources.

Mobile Security Strategy Best Practices

On this week’s Cyber Security Brief podcast, Candid Wueest and Dick O’Brien discuss Transport for London’s plans to start collecting data about the customers using its Wi-Fi, and what that might mean for people’s privacy. Also, the ongoing repercussions of the ransomware attack that hit the U.S. city of Baltimore, including revelations about the use of the EternalBlue tool by the attackers, plus an update on activity surrounding the BlueKeep RDP vulnerability that was patched by Microsoft a few weeks ago. Also this week, the teen who appeared in court in Australia charged with hacking Apple, and the latest Bitcoin scams doing the rounds online.

Cyber Security Brief: Tube data collected, Baltimore ransomware & BlueKeep

In this week’s Cyber Security Brief podcast, we discuss the government employee who was charged with using his work IT systems to mine cryptocurrency, how Google is scanning your emails to collect information about your purchases, and the proof of concept exploits that have been created for the BlueKeep bug. We also chat about ransomware “recovery” services that are just paying the ransom, the dismantling of the GozNym network, and how Intel CPUs have been impacted by new MDS side-channel attacks.

Cyber Security Brief: BlueKeep bug, ransomware “recovery” &  GozNym network

On this week’s Cyber Security Brief podcast, we discuss our newly-released research into the Buckeye espionage group, and its use of Equation group tools prior to the Shadow Brokers leak. Dick O’Brien is joined by Symantec analyst Sylvester Segura to discuss the findings and to share more details about Symantec’s investigation into this activity. Also this week, we chat about the growing threat of targeted ransomware, and look at what the UK government is planning to do to improve the security of IoT devices.

Cyber Security Brief: Buckeye pre Shadow Brokers leak, IoT security & ransomware

Misconfigurations of cloud services can lead to gaping holes in your cloud environment and present low hanging fruit for attackers. Cloud users need a proactive, automated approach to monitoring and securing the cloud control plane.

In this webinar, you’ll learn:

• How as a user you can tackle the most pressing problems that face some companies during their cloud journey

• Configuration Errors: Monitor changes happening to cloud services in real-time and maintain your “gold standard” security posture.

• Painstaking Triage: Automate the remediation process to handle any security issues for both inline as well as offline workflows. 

Please Join Us, Register Today

Cloud Workload Assurance: A Journey from visibility to compliance

On this week’s Cyber Security Brief podcast, we discuss our recently published research into the Beapy cryptojacking worm, which is using the EternalBlue exploit to spread, and is primarily impacting enterprises in China. We also talk about data breaches, the dangers your set-top box might pose, why some GPS apps need to upgrade their security, and what the Emotet criminals are up to now.

Cyber Security Brief: Beapy worm, Emotet’s hiding skill & set-top box dangers

As companies move their applications and operations from on-prem data centers to the cloud, a variety of security concerns become more complex. 

Applying security controls to servers outside of the physical control of IT means depending on web services and remote management. And since your data might not be in a single cloud – one benefit of cloud computing is spreading your data among multiple physical servers – data management can be difficult. 

This webcast will look at how data is managed, performance is monitored and analytics are collected and normalized across the cloud infrastructure. It will also look at how security operations are managed and executed in this ever-changing environment.

Integrating Security Across Your Cloud

The number of security vulnerabilities discovered over the last few years has rapidly increased. 2018 was a record setting year with a total of 14,760 – more than double the amount from just 2 years earlier. In addition, many of the recent breaches have been due to known software vulnerabilities that had a patch available but had not yet been applied by the organization leaving them dangerously exposed. Identifying vulnerabilities, knowing which ones pose the greatest risk, and performing remediation is a major challenge for many organizations.

Please join us for a special webcast where we will discuss and demo how to quickly and efficiently identify, prioritize, and remediate vulnerabilities using Symantec Control Compliance Suite Vulnerability Manager.

Register today!

Identify, Prioritize, and Remediate Vulnerabilities

On this week’s Cyber Security Brief podcast, we discuss the conviction of two members of the Bayrob gang – and the role Symantec played in their capture and conviction. Also, the founder of Silk Road 2.0 is sentenced to jail time in the UK, the personal data of thousands of law enforcement personnel is reportedly published online by a hacking group, and we discuss the Windows Tiles sub-domain takeover. Finally, when you’re talking to your smart speaker, who hears what you say?

Cyber Security Brief: Bayrob convictions, Silk Road 2.0, Alexa listening

Are you storing sensitive data and running business-critical operations in AWS? The news is full of stories about data exposure or loss involving misconfigurations, misuse, or compromised accounts in AWS. Analysts are urgently advising organizations to get automated controls and centralized management in place to secure their IaaS operations. 

As a result, IT organizations are increasingly looking for security providers for solutions to provide visibility, behavior monitoring, access controls, data security, and threat protection for AWS.

Get security in place fast! Join us to learn how Symantec CloudSOC CASB can help you:

- Monitor activity and security configurations
- Control access and prevent risky changes or privileged misuse
- Detect malicious insiders and compromised accounts
- Keep S3 buckets private and secure confidential data with DLP
- Defend S3 buckets from advanced malware threats

How to Ensure Your Data is Secure in AWS

On this week’s Cyber Security Brief podcast, we discuss our new research into the privacy of your hotel booking details, and how we found that two in three hotel websites leak guest booking details and allow access to personal data. We also have an update on the case of the Chinese national who tried to gain access to President Trump’s Mar-a-Lago resort while carrying a malware-laden thumb drive. We also discuss a complaint against audio equipment maker Sonos in the UK alleging it is coercing customers into surrendering an excessive amount of personal information, and the discovery of a dark marketplace called Genesis that is selling the digital fingerprints of thousands of people.

Cyber Security Brief: Hotel booking privacy, dark marketplace & Mar-a-Lago

Demo Video (8 mins)

In this demo, a Symantec Managed Endpoint Detection and Response (MEDR) analyst walks through an end-to-end example of how he:

-  Creates an automated investigation playbook and hunts for a threat

-  Demonstrates how he investigates suspicious detections from the managed threat hunt

-  Remediates the incident to quickly stop the spread of the attack, and
Shares what is communicated to the customer within the incident assessment summary.

To learn more visit: https://go.symantec.com/MEDR

How a Managed EDR Analyst Hunts, Investigates, and Remediates an Incident

Endpoint

Security

Detection

Response

Advanced

Protection

Threat

Hunting

Managed

MITRE

Att&CK

Incident

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How a Managed EDR Analyst Hunts, Investigates, and Remediates an Incident

Presented by

About this talk

More from this channel