Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As defenders, we deploy or develop a number of policies, procedures, tools and technologies to support our risk management strategy while struggling to maintain situational awareness. The regular outputs of detection and response activities rarely cross functional boundaries and result in missed opportunities to translate learnings into institutional memory. With an ever-evolving threat landscape including the transformation to a hybrid work model; the power of decision and ultimately Decision Advantage is the most valuable tool in cyber-defense. In this webcast, Bernard Brantley CISO Corelight will discuss the exploitation of data-centric NDR as the coalescence point for tactical and operational outputs and as a pathway to cultivating strategic decision advantage.

Security has always been one of the prime concerns for any growing business. In a world where technology is continually evolving, companies are constantly stumbling onto new vulnerabilities. One wrong move in the data management space and companies leave themselves vulnerable to shattering attacks. The increasingly multifaceted landscape means that more groups are turning towards a zero-trust security framework. This approach asks companies to take their security enforcement strategy to the next level and recognize that existing approaches don't offer enough defense.

Ransomware attacks have become some of the most prolific and public intrusions over recent years. Within a matter of hours, organizations can go from normal operations to having an inoperable network and being extorted for tens of millions of dollars. On this webcast, SANS instructor and author Matt Bromiley, as well as sponsor representatives, will share their thoughts on modern detection and response techniques for ransomware breaches

Unmanaged endpoints like IoT devices represent a significant and growing risk surface. Network Detection and Response (NDR) solutions monitor network traffic to generate rich security evidence that enables asset inventory, vulnerability assessment and threat monitoring. In this presentation, experts from Corelight and Microsoft will walk you through how it works and how it can improve your security posture.

This bone-chilling webinar will cover: A spine-tingling hands-on-keyboard scenario of a motivated and capable insider threat working with the ghoulish adversary. Use of realistic and terrifying exploits and offensive security tools to simulate adversary TTPs, and how organizations are able to hunt for them. A practical threat hunting session demonstrating true behavioral hunting that walks participants through not only how the attack was carried out, but also how they can hunt for this insidious behavior in their own environments.

With increases in remote work, VPN and RDP services are prime targets for gaining unauthorized access to organizations. RDP services secured by passwords are subject to brute-force guessing and credential stuffing attacks, not to mention remote exploitation. Advisories are using RDP to gain initial access to organizations and then pivot to distribute and spread ransomware. In this technical training, we will take a deep dive look at threats to RDP services, adversarial TTP involving RDP, and explore how artifacts from encrypted RDP sessions are leveraged to build detections.

With the rise in distributed workforces both SSH and RDP connections have proliferated as remote employees connect to sensitive internal environments and machines to do their job. Unfortunately, these remote-friendly protocols are also prime attack targets and once compromised give adversaries a clear path to move laterally, deploy ransomware, and more.

Many organizations find that today’s security tools are not built for petabyte scale, long-term telemetry retention and are often cost prohibitive. Ingestion based pricing forces customers to limit what data is collected and retained, resulting in both more false positives and missed valid threats. Learn how enterprises can leverage all of their high-fidelity network data to gain a comprehensive, accurate and real-time understanding of your environment at any scale, on-prem or in the cloud.

Organizations are experiencing an increase in both threat volumes and complexity, leaving corporate security teams with the ongoing challenge of balancing workloads across a broader attack surface. IT and security teams struggle to identify all their endpoints and are often unable to install Endpoint Detection and Response (EDR) software on every known endpoint device, leaving security gaps that increase business risk. Network visibility is crucial for multi-layer defense and provides critical data to fill endpoint visibility gaps.