Name: Living Off The Land on a Private Island: An Overview of UNC1945
Start: 2020-11-12T16:00:00Z
End: 2020-11-12T16:00:46.000Z
Location: BrightTALK
Rating: 5

Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.

Attack surface data is the ever-increasing amount of information that attackers can use to exploit vulnerabilities in an organization's systems and networks. One of the biggest challenges in parsing through attack surface data is its sheer volume and complexity. Attackers are constantly developing new techniques and tools to exploit vulnerabilities, and organizations need to be able to keep up. 
This means that security teams need to be able to quickly and accurately identify and prioritize vulnerabilities, even if they are buried in a sea of data.

Join the Mandiant team for a live discussion on outcome-based asset discovery, an easy-to-use method of understanding attack surface exposures. The team will discuss and demo:
- How to define the outcomes or success criteria of asset discovery 
- The various use cases external attack surface management can solve for
- The different ways to operationalize attack surface findings across the organization

Register Now!

Attack Surface Discovery at Scale

Join Mandiant Intelligence Capability Development experts who will outline the characteristics of top-performing cyber threat intelligence (CTI) teams and how to build them. We will provide actionable advice on how intelligence teams can improve their efficiency and effectiveness by adopting a requirements-driven approach. This represents a commitment across the threat intelligence lifecycle to explicitly meet the specified needs of relevant stakeholders. Following this approach enables a CTI team to deliver tangible value and improve security outcomes. 

Attendees will learn:
- How to capture effective intelligence requirements. 
- The importance of a threat profile within a CTI strategy
- How intelligence teams can gather more effective feedback from stakeholders

Building an Effective Cyber Threat Intelligence Function

Join Ryan Roobian and Alexa Rzasa for a live discussion on how to better understand your unique threat landscape and attack surface to proactively identify and mitigate your organization's cyber exposure. Ryan and Alexa will discuss the essentials to building a proactive strategy; including how to achieve:
 - Expanded and centralized visibility
 - Intelligence-led prioritization
 - Validated preparedness
 - Faster remediation and optimization 
 - Incident response readiness

Building a Proactive Strategy to Exposure Management

Threat intelligence provides security teams with insights into the kinds of attacks that may target their organizations and prioritize their security activities. But what if the risk is coming from third-party partners and systems? In this webinar, experts discuss how security teams can use available threat intelligence to identify third-party risk and work with partners to mitigate them. Learn how to decide what to collect and how to correlate the information with internal data sources and those belonging to partners and suppliers to get the proper view of the threats. Walk away with practical tips on how to use threat intelligence to work with suppliers as part of an overall security strategy.

During this webinar you will:

- Pinpoint data streams most valuable for threat intelligence gathering.
- Identify data that can help identify potential third-party exposure.
- Get professional tips on how to work with suppliers to mitigate cybersecurity risk.

How to Use Threat Intelligence to Mitigate Third Party Risk

For cybersecurity, artificial intelligence (AI) has the potential to benefit both the defenders and their adversaries. 

Threat actors are using AI to instantly generate sophisticated and evasive attacks, while security teams are now using AI-powered security tools to better protect against them. Today, Mandiant consultants are leveraging AI to help defenders reduce the amount of time needed to detect, respond, and remediate these attacks. 
 
Tune into this webinar to learn how Mandiant consultants use AI on the front lines to improve engagement efficiency and effectiveness—alongside their hands-on expertise and embedded threat intelligence.
 
Attendees will learn from Mandiant speakers Trisha Alexander, Ron Craft, and Jennifer Guzzetta how to use AI as a starting point to:
• Accelerate the investigation process of incident response events
• Streamline the generation of baseline threat detections
• Apply diverse query languages for navigation across multiple security platforms

AI & Cybersecurity: How Mandiant Consultants Accelerate Detection & Response

Threat intelligence is foundational to all aspects of a security program, from SecOps to vulnerability management to risk management and leadership. However, many organizations struggle to operationalize threat intelligence across functions to reduce risk faster. Additionally, the volume can be unmanageable if you don’t know what threats are most critical to your organization.  

Mandiant (now part of Google Cloud) is leveraging AI to help security teams of all abilities see the threats that matter to them and use natural language to produce AI-driven search summarization.  

Watch this upcoming webinar as Mandiant Threat Intelligence experts— Josh Bass, Megan DeBlois, and TJ Alldridge—demonstrate the new AI capabilities in Mandiant Threat Intelligence and share best practices. Attendees will learn:
• Why a personalized threat profile is important to quickly understand your threats today
• How to leverage natural language search prompts for easy to action results
• How AI can help you quickly understand and reduce risk from emerging threats

AI & Cybersecurity: Leveraging AI to Create Outcome-oriented Security Teams

This session is the fourth in our multipart virtual series that will provide helpful insights and best practices surrounding the six critical functions of cyber defense that make up The Defender’s Advantage.  

In this webinar, join Mandiant experts for a discussion on how to properly Respond to resume normal business operations and effectively remove threats from the environment. Also learn how to proactively Hunt for evidence from a previous or existing compromise to enhance future response capabilities and realize new methods of threat detection.

Respond to Resume Operations & Hunt to Prevent Compromise- Webinar Series Part 4

This session is the third in our multipart virtual series that will provide helpful insights and best practices surrounding  the six critical functions of cyber defense that make up The Defender’s Advantage.  

In this webinar, join Mandiant experts for a discussion on how to effectively contextualize, categorize, and prioritize cyber security incidents to rapidly Detect malicious activity and identify significant business risks. Also learn how to Validate your security control ecosystem to ensure the optimization and success of the detection process to ultimately protect your critical assets.

Detect Risks & Validate Security Controls - Webinar Series Part 3

This session is the second in our multipart virtual series that will provide helpful insights and best practices surrounding the six critical functions of cyber defense that make up The Defender’s Advantage.  

In this webinar, join Mandiant experts for a discussion on how to understand and effectively implement your collective Threat Intelligence to make the right security decisions. We will also dive into the establishment of Command and Control to orchestrate the prioritization of activities performed by all six cyber defense functions to achieve security resilience and reduce the overall impact of cyber attacks.

Who should attend:
CISOs
Cyber defense directors
SOC managers
Seasoned and new cybersecurity practitioners

Utilize Threat Intelligence, Establish Command & Control - Webinar Series Part 2

Learn how to activate the six critical functions of Cyber Defense to optimize your security program in the face of harmful adversaries. Building a best-in-class cyber defense organization will provide confidence in your ability to protect, defend and respond to sophisticated [and inevitable] threats that can cripple business operations. 

As outlined in Mandiant’s award-winning book,“The Defender’s Advantage” organizations are defending against adversaries within their very own environment. Because the defender owns the environment in which they go head-to-head with these ruthless attackers, it’s important to remember that the defender has a fundamental advantage–however many  organizations struggle to capitalize on it.

This multipart webinar series will provide helpful insights and best practices surrounding the six critical functions of cyber defense that make up The Defender’s Advantage.  

Register for this first session to receive an executive overview of The Defender’s Advantage and its six critical functions of cyber defense—Threat Intelligence, Command and Control, Detect, Validate, Respond and Hunt. Each of these functions represents different responsibilities focused on distinctive goals, while collectively working together to rapidly identify and effectively respond to threats. 

Who should attend:
CISOs
Cyber Defense Directors
SOC Managers
Seasoned and new Cybersecurity Practitioners

Take Control of Your Cyber Defense with The Defender’s Advantage Series, Part 1

An organization's attack surface is constantly expanding and evolving.  Cloud resources, unmanaged assets, code repositories — all internet-facing assets have the potential to be exploited if there is an unmitigated vulnerability, misconfiguration, or exposure. This is where threat intelligence provides a valuable role to help you and your teams prioritize what needs attention and why.

During this webinar, we will cover the following topics:

- The importance of threat intelligence for Attack Surface Management
- How to collect and analyze current state data
- How to use threat intelligence to prioritize your efforts

We will also share some real-world examples of how organizations have used threat intelligence to improve their security posture.

Who should attend:

This webinar is ideal for security professionals who are responsible for attack surface management, threat intelligence, or vulnerability management.

ASM and Threat Intelligence: A Winning Combination for Cyber Defense

From compliance to security operations, every organization must test and measure security effectiveness to help identify and mitigate cyber risks.  Although the ‘how’ and ‘when’ to test that effectiveness varies from org to org. 

Join Mandiant experts for a live discussion on the best practice methodologies and technologies your security team can use to accomplish this. During the session, our experts will cover:

- The difference between breach and attack simulation, red teaming and penetration testing
- When to choose between automation or partnering with a trusted third-party
- How to prioritize specific gaps in your security posture identified by proactive testing
- Mobilizing your security team to improve the overall security program

How to Effectively Test and Measure Your Cyber Defense Program

O novo relatório M-Trends 2023 da Mandiant revela que apesar de as organizações  melhorarem as suas defesas cibernéticas, a Mandiant continua observando técnicas sofisticadas e novos grupos de ameça emergindo em um ritmo acelerado.”

Nesta sessão, a Mandiant revisará alguns dos dados mais relevantes do relatório M-Trends 2023, além de dados adicionais que refletem o ambiente atual de ameaças para a América Latina e que são extraídos de investigações de respostas a incidentes e análises de inteligência de ameaças.

M-Trends 2023 – Relatório de tendências atuais de cibersegurança

El nuevo informe M-Trends 2023 de Mandiant revela que mientras las organizaciones mejoran sus ciberdefensas, Mandiant continúa observando técnicas sofisticadas y nuevos grupos de amenazas emergiendo a un ritmo acelerado.

 En esta plática, Mandiant revisará algunos de los datos más relevantes del informe M-Trends 2023, así como algunos datos adicionales que reflejan el entorno actual de amenaza para Latinoamérica y que son extraídos de investigaciones de respuesta a incidentes y análisis de inteligencia de amenazas

M-Trends 2023 – Reporte de tendencias actuales de ciberseguridad

We can’t predict when the next major zero-day vulnerability will hit, but we can do our best to be prepared for when it does.  

On May 31, 2023 the MOVEit Transfer vulnerability was announced and assigned CVE-2023-34362.  Mandiant saw evidence of exploitation as early as May 27, 2023.  UNC4857, recently merged with FIN11, has been very active in exploiting this vulnerability.

Not all CVEs and exploits send security teams into rapid response mode, but all security teams need to know when to move it into gear. Join us as we share updates on recent threat actor exploitation, and best practices in building a rapid response function in your organization. 
- Learn why UNC4857 was merged with FIN11 and how they exploited the MOVEit vulnerability.
- Discover the 3 steps to ensuring successful rapid response.
- Gain insights into how organizations responded to MOVEit.
- See how Mandiant quickly updated products to keep customers protected.

Rapid Response Case Study: MOVEit as fast as you can.

The M-Trends 2023 report is packed with timely data from Mandiant’s frontline incident response investigations and unparalleled threat intelligence, offering an inside look into trending response metrics and attacker operations from some of the most impactful breaches around the world.

Join Alirezah Arasteh, VP of Mandiant Consulting, Canada, on June 21st, 2023 at 2.00 pm EST as he walks you through what these findings mean and how they can significantly affect your security approach.

Topics for discussion will include:
- Global and Regional Dwell Times
- Detection by Source Trends
- Industry Targeting Metrics
- New and Notable Threat Groups
- Top Infection Vectors and Malware Families
- Most Prevalent Attacker Techniques
- And more!

Cyber Threat Brief - Insights into today’s top cyber security trends and attacks

Through Mandiant investigation of intrusions between February 2018 through September 2020, the FLARE Advanced Practices Team observed a group Mandiant tracks as “UNC1945” compromise and operate against a tailored set of targets within the financial and professional consulting industries by leveraging access to third-party networks. 

Please join Mandiant’s Justin Moore and Jacob Thompson,  for a look at UNC1945, including the group’s:

• Demonstrated access to exploits, tools, and malware for multiple operating systems
• Exploitation of an Oracle Zero-day
• Disciplined interest in covering or manipulating their activity
• Advanced technical abilities during interactive operations

Register Now!

Living Off The Land on a Private Island: An Overview of UNC1945

FireEye

Mandiant

Threat Analysis

Threat Horizon

Cyber Security

Cyber Attacks

Cyber Crime

Threat Intelligence

Cyber Intelligence

Threat Detection

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Living Off The Land on a Private Island: An Overview of UNC1945

Presented by

About this talk

More from this channel