Taking Down the World's Largest Botnets: An Inside Look at Grum
Botnets are controlled by sophisticated cybercriminals. Grum, the world's third-largest botnet, included a network of hundreds of thousands of infected computers perpetrating cybercrime and online fraud, impacting consumers and organizations worldwide.
Hear directly from a FireEye malware expert who led the effort to take down Grum, including:
• Distinct strategies for botnet takedowns
• Evolution of Grum
• Role of the research community in finding Grum master CnC servers
• A blow-by-blow account of how the criminals tried to salvage Grum and what's next
Learn how botnets operate and how research and technology from FireEye played a key role in dismantling four of the world's largest botnets since 2008, including Grum, Rustock, Ozdok/Mega-D, and Srizbi.
RecordedAug 14 201249 mins
Your place is confirmed, we'll send you email reminders
Bill Cantrell, Vice President of Network Product Management, FireEye
Many modern cyber attacks routinely bypass firewalls and other perimeter defenses, leaving security professionals to play “whack-a-mole,” beating down threats as quickly and efficiently as they can. A network forensics strategy can give security professionals visibility into network traffic, and allow them to quickly find the threats hiding in their network.
Join Bill Cantrell, Vice President of Network Product Management at FireEye, to get insight that will help you:
• Understand the benefits of a network forensics strategy
• Leverage network forensics to improve security and increase traffic visibility
• Gain insights into how network forensics improves incident response times and reduces risk of loss
• See how network forensics enables retrospective threat hunting
Date and Time: Thursday, June 28, 2018 at 8:00 a.m. PT/ 11:00 a.m. ET
Ken Bagnall, VP, Email Security, FireEye and Levi Lloyd, Sr. Manager, Detection Services, FireEye
The email threat landscape is changing. Impersonation attacks and malicious URLs are becoming more popular.
This FireEye webinar features Ken Bagnall, VP Email Security, FireEye and Levi Lloyd, Senior Manager, Detection Services, FireEye who will address changes in email attack tactics:
• How phishing and impersonation attacks are evolving.
• How online/email scams develop.
• What the future of impersonation is.
• What has the best chance of winning against these attacks.
• What techniques are used to detect and stop phishing and impersonation attacks.
Attendees will receive the new FireEye report Changes in Email Attack
Tactics: Based on Data from July to December of 2017.
Andrew Del Rosario, Principal Consultant, Mandiant Services & featured speaker, Ron Bushar, VP & Global Government CTO
How Government Agencies are Facing Cyber Security Challenges, Presented by FireEye
Cyber threats continue to have an outsized impact on government agency operations, which can erode public trust and reduces the ability to deliver critical mission functions. But things are about to change.
Join Andrew Del Rosario, Principal Consultant and featured speaker, Ron Bushar, VP and Government CTO, as they share what common cyber security challenges government agencies face, and how they are moving forward to secure sensitive information and protect vital infrastructure with:
• Proactive cyber threat hunting and analytics
• Increased use and sharing of cyber intelligence data
• Automation and orchestration of security operations
Adversarial use of artificial intelligence (AI) in cyberspace will lead to attacks that are more targeted, affect more people, and inflict more damage. It’s imperative that security professionals understand what this means for the future of conflict.
Additionally as more companies integrate AI applications into their businesses, they must understand the risks associated with this technology.
Join Michelle Cantos, Strategic Intelligence Analyst, for the final episode of our three-part series on AI as we discuss the:
• Changing geopolitical landscape as threat actors develop and implement AI capabilities
• Use of AI applications in businesses and associated vulnerabilities
Chris Nutt, Managing Director, Mandiant Consulting; Russell Teague, Vice President, Mandiant Consulting
Every year consultants from Mandiant, a FireEye company, respond to a wide variety of cyber incidents by threat groups around the world. This experience is summarized in the annual M-Trends report, which explores changes in the cyber threat landscape.
During this webinar, Managing Director Chris Nutt and Vice President Russell Teague will discuss:
- Longer-term trends in today's threat landscape
- Sophisticated and harmful APT groups to look out for
- Which organizations are most likely to be retargeted by attackers
- The difficulty of finding skilled personnel and how it affects the security function
- How weaknesses in security fundamentals contributed to successful compromises
- Best practice red teaming tactics for improved security defense
Artificial intelligence (AI) offers businesses better ways to defend their systems, but it also offers hackers better ways to compromise those systems. Companies need to understand how AI will impact cyber security before they rely on it for network defense.
On April 19, join Michelle Cantos, Strategic Intelligence Analyst and Awalin N. Sopan, Engineer, Analysis Platform, for the second installation of our three-part webinar series on AI that covers:
• How AI technology can enhance a businesses’ defensive capabilities
• How cyber threats can use AI to improve the sophistication and scope of their attacks
• How FireEye uses machine learning to bolster its internal defenses and tools
Don’t miss part one of the three-part series “Artificial Intelligence in Cyber Warfare: A Primer” - https://www.brighttalk.com/webcast/7451/305191 and part three, "AI and the Future of Cyber Conflict" - https://www.brighttalk.com/webcast/7451/313149
Artificial intelligence (AI) is a transformative dual-use technology that can provide organizations with better cyber defense tools and help adversaries improve methods of attack. A better understanding of the current and potential future capabilities of AI will help users see how related emerging technologies can affect their business.
Join Michelle Cantos, Strategic Intelligence Analyst, for the first installation of our three-part webinar series to:
• Understand the fundamentals of AI, the differences between various techniques used to process data and the drawbacks to each approach.
• Discuss how AI tools can be used for offensive and defensive purposes in the cyber domain.
• Survey the future threat landscape and provide geopolitical context regarding how nations (U.S., Canada, Russia, China) will use AI tools given their current levels of technological development and AI integration in civilian applications.
Be sure to register for part two of the three-part series “The Role of Artificial Intelligence in the Cyber Domain” - https://www.brighttalk.com/webcast/7451/307729
"It’s no longer a case of ‘if you will be breached’, but instead how you’ll respond to and remediate the situation ‘once you are breached." – Kevin Mandia, CEO, FireEye
The FireEye 2017 M-Trends report indicates the average global dwell time of an attacker within a targeted environment is 99 days. This gives adversaries over three months to roam your network and steal sensitive data—before a breach is even detected.
Cyber security and incident response (IR) readiness is an evolving responsibility that has become a strategic priority for enterprises worldwide.
Given today’s cyber landscape, all C-suite leaders have an important role to play in their organization’s cyber security posture and IR plan. Their individual and departmental contributions must help protect vital assets, safeguard privacy and ensure uninterrupted operations.
Join the conversation as Troy Scavella, Principal Consultant of Mandiant, a FireEye company, talk to executives about:
• The current state of C-suite IR involvement, and how and why their status is evolving
• A best practice phased approach of executive contributions to be made before, during and after a breach
• Actionable tips for executives to apply and enforce across each phase of the IR process
• Protection of critical assets with IR preparation and improvement
Zeina Zakhour, Denise Bedell, Vasu Jakkal, Roxy Dee, Emma Hunwick
Aside from breaches, ransomware attacks, and insider threats, another large issue faced by the cyber security industry is diversity, or lack thereof.
Making the industry more appealing to women and then eventually retaining female talent are both challenges that are still affecting the cyber workforce.
Join this panel where we'll hear from experts who have made successful careers out of their time in the cyber security sector. They will discuss:
-How did they make their first break?
-Why does the industry have such a hard time retaining talent?
-What are some of their favourite parts about their job?
-Their advice to women in the industry
-Their advice to cyber security execs looking to create more diverse teams
Moderator: Denise Bedell (Content Innovo)
Zeina Zakhour (Atos), Vasu Jakkal (FireEye), Roxy Dee (Hurricane Labs), Emma Hunwick (PwC)
Repeated high-profile breaches, disruptive attacks and global crime with indicators of sponsorship by North Korea demonstrate an increasing threat and underscore the necessity of tracking the activity of their hackers.
APT37 is less well-recognized than other threat actors sponsored by North Korea, but their increasing global activity and recent use of a zero-day exploit can no longer be ignored by network defenders.
FireEye has tracked APT37 since 2015 as TEMP.Reaper and shared details on its activities with our intelligence customers. Over time we have come to better understand APT37. On Thursday, February 28, join Ben Read, Senior Manager, Cyber Espionage at FireEye for our unique insights into APT37:
• A history of APT37 support for North Korean interests
• Details on the malware suite employed by APT37
• How APT37 has been influencing the world beyond the Korean peninsula
Luke McNamara, Senior Analyst, Strategic Team, FireEye iSIGHT Intelligence
As the sun sets on 2017, the major trends, biggest breaches and latest innovations provide us with a sense for what the future will bring. Not many things are absolute in the security industry, but we know for certain that threat actors will continue to attack and defenders will be tasked with stopping them.
Join Luke McNamara, Senior Analyst at FireEye, as he shares a glimpse into cyber security in 2018, with insights drawn from our senior leaders, Mandiant incident responders, FireEye iSIGHT Intelligence and FireEye Labs. Several timely topics will be covered in detail:
•What types of nation-state activity we will be seeing
•What new regulations such as GDPR mean for organizations
•How to ensure a secure environment as more organizations migrate to the cloud
Register today to learn what lies ahead, and stay one step ahead of cyber security threats.
Jeff Groman, Mandiant Senior Manager & Chris Porter, Chief Intelligence Strategist
Cyber security attackers become more innovative each year with threat activities progressing on a global scale. Coverage of cyber attacks by major media outlets continues to rise year after year, and 2017 seems to have done nothing to buck that trend.
In the last 12 months, we’ve seen reports of compromises at government entities, cable companies, automobile manufacturers, law firms, insurers, delivery companies, and more. Looking back at these headlines leaves us asking two questions above all: What didn’t work in cyber defense in 2017 and what can be done to be better prepared for future attacks?
We will address those questions and many others during our webinar, “Cyber Defense Lessons Learned in 2017 for a More Secure 2018,” presented by Jeff Groman, Mandiant Senior Manager and Chris Porter, Chief Intelligence Strategist. Tune in to learn about:
• The more disruptive opportunistic attacks in 2017
• More advanced and increasingly frequent attacks being carried out by nation-states
It wouldn’t be a proper discussion if we didn’t also cover the lessons learned from these successful attacks so that organizations will be better prepared in the future.
John Hultquist, Director, Analysis, GSI, FireEye, Inc.
To properly establish your cyber defenses, you must know your opponent.
Cyber attackers are constantly innovating; their threat activities continue to grow on a global scale. Regimes use advanced cyber capabilities to harass their foes, boost their finances and even subvert democracy.
Cyber crime that affects businesses can be directly connected to geopolitical drivers such as the nuclear deal with Iran and sanctions for North Korean proliferation. Your organization needs to ensure that it adapts to the realities of the evolving threat landscape and business risks.
Attend this webinar to see John Hultquist, Director of Intelligence Analysis at FireEye, offer:
• An overview of emerging threats from around the world
• Insights into the most impactful threats affecting your cyber security operations
• Expert assessments and implications your organization should consider, provided by the FireEye Threat Intelligence Team
Part two of a two-part series.
Don’t miss part one: Cyber Threat Intelligence: Learn How It Drives World-Class Security
Dan Reis, FireEye Director of Product Marketing, Endpoint Security
High-profile data breaches of corporate giants make the headlines, but 77% of cyber-crime targets small and mid-size enterprises (SMEs). Experts predict this trend will only continue to rise. Regardless of limited budgets and resources, you need to stay one step ahead of advanced attacks.
FireEye Endpoint Security offers such a solution for the mid-enterprise. It combines investigation, threat intelligence and antivirus and anti-spam technologies in a single, affordable lightweight agent.
Join us on November 1st to learn more about:
• What legacy AV technologies miss and how you might be at risk today
• Why real-time, integrated threat intelligence is a critical component of any cyber strategy
• How to streamline your approach and extend visibility into every endpoint that matters
• Why you need to detect known and unknown threats targeting your business
Freud Alexandre, Enterprise Architect Security & Manager – City of New Orleans
Bridging the Gap Between the SOC and the Boardroom: How to talk in a language your Chief Executive can understand.
Most C-Suite occupants don’t speak security: Real-world examples will be used to demonstrate how to communicate in a manner that even the most technology averse executive can understand.
Use of a common vocabulary helps executives fully comprehend the impact of risk, and the correlation between investment and risk mitigation (and to understand the implications of underfunding a security program).
By paying close attention to the details, there are frequently key warning signs and patterns that can identified prior to a breach occurring – By addressing common disconnects, this presentation offers a guide to help bridge the gap between the SOC and the boardroom.
Cyber threats continue to escalate in volume and sophistication – being able to eloquently articulate the risks and the necessary mitigation strategy is a critical skill for every security professional.
The signs are all there but if you can’t deliver the message you might as well leave the front door open!
Antivirus (AV) protection has been the foundation for endpoint security for decades despite its known gaps. To address evolving threats, organizations need an integrated endpoint solution that can fortify their defenses.
Join Jim Waggoner, Sr. Director, Product Management for FireEye, as he details:
•Why endpoint security products have not provided complete protection
•Capabilities required for a comprehensive endpoint protection solution
oAV with threat intelligence
oDetection and response
oBehavior and exploit analysis
oVisibility and automation
•How the latest FireEye Endpoint Security solution enables you to go from detection to investigation and remediation quickly, all with a single agent
Attend this webinar as the first step toward a smarter, more adaptive approach to endpoint security.
Mandiant has done thousands of IR investigations across multiple industry types and networks. In each case, the customer was either altered by a third party about the breach or discovered something “not quite right” in the network. In several cases the alerts the customer discovered led to discovery of a targeted attacker in the environment - and a subsequent incident response investigation.
In this presentation, we will use international case examples Mandiant investigated to take a closer look at how the breach was discovered and what security lessons can be learned from the alerts - for example how a performance monitor on a domain controller spiked, which led to discovery of credential harvesting. The take away will be actionable in many environments.
Jeff Berg, Sr. Manager, Cyber Threat Intelligence & Brad Bell, Mandiant Principal Consultant
Join Jeff Berg, Sr. Manager of Cyber Threat Intelligence, and Brad Bell, Mandiant Principal Consultant, as they share the role of cyber threat intelligence in strategic security consulting services and why services based on compliance-based best practices and industry standards may not be an effective way to protect your organization against a rapidly evolving threat landscape.
• The role cyber threat intelligence plays in strategic security consulting services
• Why services rooted in compliance-based best practices and industry standards aren’t effective
• Case studies where different types of intelligence added value to service portfolio
Stuart McKenzie, Vice President, Mandiant Consulting & Dan Wire, Sr. Director, Marketing Communications
The new European Global Data Protection Regulation (GDPR) requires businesses to report data breaches within 72 hours – how will you manage the process?
This regulation applies to all organizations with employees and/or customers in the European Union.
In a crisis, being organized and informed enough to provide an accurate notification to affected customers (or indeed regulators) is a difficult task on its own. When combined with a mandatory incident response processes – identifying the cause, containing and remediating the vulnerability, and determining the extent of the damage, it makes the situation a lot more difficult and time sensitive.
In this webinar we will tackle the importance of having an effective and actionable incident response plan, and how to develop a crisis communications strategy that minimizes the impact of a data breach.
Andrew Ginter, Vice President, Industrial Security, Waterfall Security Solutions & Gary Fisk, Solutions Architect, FireEye
The first generation of Industrial Control System (ICS) cyber security advice looked to IT security best practices as their "gold standard," even though parts of IT security best practices were acknowledged as poor fits for the needs of ICS networks. The most recent ICS security standards and advice embrace the differences between IT and ICS networks, and document a gold standard for ICS cyber security that differs from IT best practices in important ways. This presentation reviews the evolution of ICS security best practices and explores how the new FireEye and Waterfall Security Solutions partnership is supporting and extending this evolution.