Activated Charcoal - Making Sense of Endpoint Data

•

0 recomendaciones•467 vistas

Recorded Webcast: https://logrhythm.com/resources/webcasts/activated-charcoal-making-sense-of-endpoint-data/ Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you can highlight trends, find flaws and resolve issues. This Presentation was given at Black Hat 2016 and, recently, an SC Magazine Webcast, covering the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.

Tecnología

Company Confidential
Powered by
Activated Charcoal
Making Sense of Endpoint Data

Company Confidential
Greg Foss
Head of Global Security Operations
OSCP, GAWN, GPEN, GWAPT, GCIH, CEH, Cyber APT

Company Confidential
The easiest path into any network…

Company Confidential
Social Engineering
Nothing like a
little pretext to
get people to click
on your links…

Company Confidential
• Phishing
• 91% of ‘advanced’ attacks began with a phishing email
or similar social engineering tactics.
• http://www.infosecurity-magazine.com/view/29562/91-of-
apt-attacks-start-with-a-spearphishing-email/
• 2014 Metrics
• Average cost per breach => $3.5 million
• 15% Higher than the previous year
• http://www.ponemon.org/blog/ponemon-institute-
releases-2014-cost-of-data-breach-global-analysis

Company Confidential
Drive By Downloads, Malvertizing, and Watering Hole Attacks
Image Source:
https://blog.kaspersky.com/what-is-malvertising/5928/

Company Confidential
Key Focus Areas:
• Employees
Image Source:
http://www.cloudpro.co.uk/hr/5803/gov-offers-hr-workers-free-cyber-security-training

Company Confidential
End User Tips - Phishing

Company Confidential
Shortened
URL
Tracking

Company Confidential
Rogue Wi-Fi Network – Threat Simulation

Company Confidential
USB Drop – Training Exercise : Case Study

Company Confidential
Building a Believable Campaign
Use realistic files with somewhat realistic data
Staged approach to track file access and exploitation

Company Confidential
Profit
Send an email when the Macro is run…
Use a bogus email (unlike I did here) – I know, I know. Bad OpSec.

Company Confidential
Toolscalculator.exe

Company Confidential
“Nobody’s going to an an exe from some random USB” - Greg
Yep… They ran it...

Company Confidential
Now we have our foothold…
Fortunately they didn’t run this as an admin

Company Confidential
Key Focus Areas:
• Employees
• IT Staff
• Roles and Responsibilities
• Incident Response Duties
• Configuration Monitoring
• Malware Removal
• Security Infrastructure

Company Confidential
Key Focus Areas:
• Employees
• IT Staff
• Security Staff
• Table Top and Red vs Blue Exercises
• Threat Simulation Leads to Process Improvement
• Announced vs Unannounced Simulations or Penetration Testing

Company Confidential
Purple Team FTW!
• Employees
• IT Staff
• Security Staff
• Table Top and Red vs Blue Exercises
• Threat Simulation Leads to Process Improvement
• Announced vs Unannounced Simulations or Penetration Testing

Company Confidential
Key Focus Areas:
• Employees
• IT Staff
• Security Staff
• Leadership

Company Confidential
Key Focus Areas:
• Employees
• IT Staff
• Security Staff
• Leadership
• Processes and Procedures

Company Confidential
Automating OSINT and Response
Domain Tools
Passive Total
VirusTotal
Cisco AMP ThreatGRID
Netflow / IDS
Firewalls
Proxy / DNS
Endpoint
SIEM
API Integration SecOps Infrastructure

Company Confidential
Correlate Network / Log Activity with Endpoint Data

Company Confidential
Macro Phishing Attacks
• Common
• Bypasses Most AV
• Heavily Obfuscated
• Newer attacks
targeting Office 365

Company Confidential
Macro Attack Detection

Company Confidential
Full Command Line Details

Company Confidential
Be Careful – Don’t Jump To Conclusions…

Centralized Logging and Event Management

Company Confidential
Threat Feed Configuration

Company Confidential
Full Event Alerting

Company Confidential
Watchlist Configuration

Company Confidential
Carbon Black Event Forwarder
LogRhythm => Use LEEF Format
https://github.com/carbonblack/cb-event-forwarder

Company Confidential
Long Tail Analysis
Strange activity can bubble to the surface when viewing the whole picture

Company Confidential
Additional Integration
Alarming
Trigger on Specific Watch List Hits

Company Confidential
Additional Integration
Alarming
Admin Tracking

Company Confidential
Additional Integration
Alarming
Admin Tracking
Reporting

Company Confidential
Additional Integration
Alarming
Admin Tracking
Reporting
Automation
Perform Actions Based on Alarms Observed

Company Confidential
LogRhythmChallenge . com
Booth #600 #logrhythmchallenge

Company Confidential
Mini
Network
Monitor
Booth #600

Company Confidential
Thank You!
QUESTIONS?
Greg Foss
Greg . Foss [at] LogRhythm . com
@heinzarelli

Más contenido relacionado

La actualidad más candente

Advanced Threats and Lateral Movement Detection

Greg Foss

Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it. Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)

No Easy Breach DerbyCon 2016

Matthew Dunwoody

Advanced Persistent Threat (APT) is a term given to attacks that specifically and persistently target an entity. The security community views this type of attack as a complex, sophisticated cyber-attack that can last months or even years. However, new research indicates that these attacks are actually being achieved by much simpler methods. Imperva's Application Defense Center (ADC) has discovered that data breaches commonly associated with APT require only basic technical skills. As a result, security teams need to fundamentally shift their focus from absolute prevention of intrusion to protecting critical data assets once intruders have gained access to their infrastructure. This presentation will: - Expose some powerful, yet extremely simple techniques that allow attackers to efficiently expand their reach within an infected organization - Show how attackers achieve their goals without resorting to zero-day vulnerabilities and sophisticated exploits - Discuss how organizations can protect themselves against the advance of such attacks

The Non-Advanced Persistent Threat

Imperva

Are you prepared for a data breach? Are you confident you will find a breach in a timely manner? Facts are over 70% of businesses report a security breach and 75% of breaches are undetected for days or even months. Once discovered, incident response teams are under extreme pressure to close the breach, figure out what happened, what was lost, and calculate the risk. Organizations need a sophisticated incident response plan. View this presentation and learn how to: - Discover sensitive data, risk, and vulnerabilities - Detect and block cyber security events - Investigate incidents and automate remediation - Demonstrate consistent policy application across all sensitive data

Sophisticated Incident Response Requires Sophisticated Activity Monitoring

Imperva

Comment spammers are most often motivated by search engine optimization for the purposes of advertisement, click fraud, and malware distribution. By spamming multiple targets over a long period of time, spammers are able to gain profit, and do harm. Comment spam attacks can cripple a website, impacting uptime, and compromise the user experience. Quickly identifying the source of an attack can greatly limit the attack’s effectiveness and minimize its impact on your website. This presentation will: - Present an attack from both points of views – the attacker's and the victim’s - Identify tools utilized by comment spam attackers - Discuss mitigation techniques to stop comment spam in its early stages

The Anatomy of Comment Spam

Imperva

The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software. For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.

Open Source Malware Lab

ThreatConnect

Putting MITRE ATT&CK into Action with What You Have, Where You Are

Katie Nickels

Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare

Cybereason

Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. ThreatConnect’s Playbooks feature can automate these things along with almost any cybersecurity task using an easy drag-and-drop interface - no coding needed. You’ll learn how to: - Build Playbooks that automatically run based on events in your network. - Easily send indicators to any of ThreatConnect’s 100+ integration partners including firewalls and SIEMS. - Ingest and send data from any tool (including tools not yet integrated with ThreatConnect). - Use Playbooks to get disconnected tools to all talk to each other. We build a Playbook live on the webinar and also show you where to find ThreatConnect-provided Playbook templates.

Save Time and Act Faster with Playbooks

ThreatConnect

On July of 2015, Italian cybersecurity solutions vendor "HackingTeam" was breached and more than 400 gigabytes of HackingTeam's most sensitive data leaked to the internet. Security researchers Amit Serper and Alex Frazer from Cybereason were one of the first to study the datadump and to publish information about. The research was quoted in several tech news sites such as Ars Technica. The research was also published in Hebrew in the DigitalWhisper e-zine, On the cybereason blog as an e-book (in english) and on public free lectures in Tel-aviv by the researchers themselves. The following slide deck is from that lecture.

Cybereason - behind the HackingTeam infection server

Amit Serper

Internal network traffic in an organization can be as nefarious as an outside hacker trying to gain access to sensitive information. Every organization needs visibility into their network, both internal and external, in order to detect and respond to threats. Recently, we had an organization that needed a way to detect and block suspicious internal network traffic using SmartResponse from LogRhythm to block shady activity. View the presentation to see how SmartResponse was enabled to quickly detect suspicious internal network activity against a Web server.

Detecting and Blocking Suspicious Internal Network Traffic

LogRhythm

Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.

Robert Hurlbut - Threat Modeling for Secure Software Design

centralohioissa

Ransomware ist nicht mehr nur ein auf Privatanwender ausgerichtetes Ärgernis, sondern hat sich zu einer ernstzunehmenden Bedrohung für Unternehmen und Regierungseinrichtungen entwickelt. In unserem Webinar können Sie mehr darüber herausfinden, was Ransomware genau ist und wie es funktioniert. Anschliessend zeigen wir Ihnen das Ganze in einer Live Demo mit Daten aus einer Windows Ransomware Infektion. Detailliert zeigen wir Ihnen: - wie Sie mit Splunk Enterprise Ransomware IOCs "jagen" - wie Sie Malicious Endpoint Verhalten aufdecken - Abwehrstrategien

Wie Sie Ransomware aufspüren und was Sie dagegen machen können

Splunk

The rise in high-profile breaches demonstrates that traditional security defenses are no longer enough. Endpoint and network security cannot defend against sophisticated attacks or compromised insiders. View this presentation and learn: - Why traditional security measures fail to stop web attacks and data breaches - How modernized best practices safeguard against web application attacks - What strategies enable scalable data protection and simplified audits

Why Network and Endpoint Security Isn’t Enough

Imperva

In this report, we demonstrate a new type of attack we call “Man in the Cloud” (MITC). These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, we show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures. Since most organizations either allow their users to use file synchronization services, or even rely on these services as part of their business toolbox, we think that MITC attacks will become prevalent in the wild. As a result, we encourage enterprises to shift the focus of their security effort from preventing infections and endpoint protection to securing their business data and applications at the source.

Man in the Cloud Attacks

Imperva

Building Security Controls around Attack Models

SeniorStoryteller

What Happens Before the Kill Chain

OpenDNS

The Hacking Team breach resulted in more than 400GBs of sensitive information being publicly released, including the source code for the offensive security programs the company sold and details on zero-day exploits. The leak had significant repercussions in the security world and caused major technology vendors (including Adobe and Microsoft) to issue emergency patches. In this presentation, you’ll hear about the results of Cybereason’s investigation into the Hacking Team’s operation as well as the writeup by Phineas Phisher, who claims credit for the hack. We’ll discuss what we learned and what we think it means for defenders moving forward.

Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green

North Texas Chapter of the ISSA

Many threat intelligence teams are small and must make limited resources work in the most efficient way possible. The data these teams rely on may be quite high volume and potentially low signal to noise ratio. The tools used to collect and exploit this data have finite resources and must be leveraged at the highest utilization possible. Additionally, these tools must be applied to the most valuable data first. This talk presents a process that your team can implement to make your threat and malware hunting more efficient. The core of this process uses YARA rules to process files from an arbitrary source in volume. From that core, it covers methods of prioritizing the output of the rules based on the team’s priority and the confidence in the quality of the rules. Using this process, files are submitted to sandboxes for automated analysis. The output of each of these systems is then parsed for certain qualities that would increase or decrease the value of the information to the team. Attendees will take away not only a solid process that they can implement in their own organizations, but also a list of gotchas and problems that they should avoid. Robert Simmons is Director of Research Innovation at ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years. Robert has spoken on malware analysis at many of the top security conferences including DEFCON, HOPE, and DerbyCon among others. Robert, also known as Utkonos, has a background in biology, linguistics, and Russian area studies. He has lived extensively in Russia and Ukraine and has been known to swear profusely and constantly in Russian.

Advanced Threat Hunting - Botconf 2017

Kevin Finley

Learn to identify, manage, and block threats faster with intelligence. The ThreatConnect Platform was specifically designed to help you understand adversaries, automate workflows, and mitigate threats faster using threat intelligence. But we know security operations and threat intelligence are not one size fits all. That’s why we have options. You'll See: The products: Whether your security team is large or small, advanced or just getting started with threat intelligence, there is a ThreatConnect product that fits your specific needs. Innovative features in the platform: Collective Analytics Layer, which offers immediate insight into how widespread and relevant a threat is. Playbooks: automate nearly any security operation or task - sending alerts, enriching data, or assigning tasks to a teammate; all done with an easy drag-and-drop interface - no coding needed. How ThreatConnect will adapt with your organization as it grows and changes.

Intelligence driven defense webinar

ThreatConnect

La actualidad más candente (20)

Advanced Threats and Lateral Movement Detection

No Easy Breach DerbyCon 2016

The Non-Advanced Persistent Threat

Sophisticated Incident Response Requires Sophisticated Activity Monitoring

The Anatomy of Comment Spam

Open Source Malware Lab

Putting MITRE ATT&CK into Action with What You Have, Where You Are

Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare

Save Time and Act Faster with Playbooks

Cybereason - behind the HackingTeam infection server

Detecting and Blocking Suspicious Internal Network Traffic

Robert Hurlbut - Threat Modeling for Secure Software Design

Wie Sie Ransomware aufspüren und was Sie dagegen machen können

Why Network and Endpoint Security Isn’t Enough

Man in the Cloud Attacks

Building Security Controls around Attack Models

What Happens Before the Kill Chain

Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green

Advanced Threat Hunting - Botconf 2017

Intelligence driven defense webinar

Destacado

Wi-Fi Hotspot Attacks

Greg Foss

Tracey Rancifer: The Health Benefits Of Activated Charcoal

Tracey Rancifer

LogRhythm Web Rhythm Data Sheet

jordagro

What's New Logrhythm 5.1 Data Sheet

jordagro

LogRhythm Advanced Agent Data Sheet

jordagro

Securityanalytics

Kumar Gaurav

LogRhythm Training Syllabus Data Sheet

jordagro

Drupal is a very popular content management system that has been widely adopted by government agencies, major businesses, social networks, and more. This talk focuses on the penetration tester's perspective of Drupal and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists. Download the associated scripts, movies, and checklist here: https://github.com/gfoss/attacking-drupal

Attacking Drupal

Greg Foss

By now you've probably heard about new ransomware threats like CryptoWall, which encrypts your data and demands payment to unlock it. These threats are delivered via malicious email attachments or websites, and once CryptoWall executes and connects to an external command and control server, it starts to encrypt files throughout your network. Therefore, spotting infections quickly can limit the damage. Don’t fall victim to ransomware! AlienVault USM uses several built-in security controls working in unison to detect ransomware like CryptoWall, usually as soon as it attempts to connect to the hackers’ command and control server. How does it all work? Join us for a live demo that will show how AlienVault USM detects these threats quickly, saving you valuable clean up time by limiting the damage from the attack. You'll learn: How AlienVault USM detects communications with the command and control server How the behavior is correlated with other signs of trouble to alert you of the threat Immediate steps you need to take to stop the threat and limit the damage

Demo how to detect ransomware with alien vault usm_gg

AlienVault

8 Reasons to Choose Logrhythm

LogRhythm

Detox activated-charcoal

Manuel Díaz

Join us to hear about a new Oracle product that monitors Oracle and non-Oracle database traffic, detects unauthorized activity including SQL injection attacks, and blocks internal and external threats from reaching the database. In addition this new product collects and consolidates audit data from databases, operating systems, directories, and any custom template-defined source into a centralized, secure warehouse. This new enterprise security monitoring and auditing platform allows organizations to quickly detect and respond to threats with powerful real-time policy analysis, alerting and reporting capabilities. Based on proven SQL grammar analysis that ensures accuracy, performance, and scalability, organizations can deploy with confidence in any mode. You will also hear how organizations such as TransUnion Interactive and SquareTwo Financial rely on Oracle today to monitor and secure their Oracle and non-Oracle database environments.

Introducing Oracle Audit Vault and Database Firewall

Troy Kitch

Drupal, WordPress, and Joomla are very popular Content Management Systems (CMS) that have been widely adopted by government agencies, major businesses, social networks, and more — underscoring why understanding how these systems work and properly securing these applications is of the utmost importance. This talk focuses on the penetration tester’s perspective of CMS’ and dives into streamlining the assessment and remediation of commonly observed application and configuration flaws by way of custom exploit code and security checklists- all of which are open-source and can be downloaded and implemented following the presentation.

CMS Hacking Tricks - DerbyCon 4 - 2014

Greg Foss

InfoSec analysts are all somewhat familiar with Honeypots. When they are given the proper attention, care and feeding, they produce invaluable information and can be a critical asset when it comes to defending the network. This intel has been primarily used by security researchers and organizations with advanced defensive capabilities to study their adversaries and learn from their actions. But what about the rest of us? Honeypots are a lot of work to configure, maintain, and monitor, right? Not exactly; when deployed and monitored properly, Honeypots and Honey Tokens are a simple way to alert on anomalous activity inside the network. But how can an organization that is not focused on research gain valuable threat intelligence using Honeypots and actively defend their network using indicators generated from an internal Honeynet? The answer is Honeypots for Active Defense. There are currently many open source security tool distributions that come pre-loaded with Honeypots among other useful tools, however the Honeypot software is often not deployed in an effective manner. This session will discuss techniques to leverage Honeypots in ways that will not overburden the security team with massive logs to sift through and focuses efforts on correlating active threat data observed in the Honeypots with the production environment. When deploying Honeypots effectively, this can give security analysts one additional mechanism to tip them off to nefarious activity within their network before they become the next headline.

Honeypots for Active Defense

Greg Foss

USES AND MODE OF ACTION AC

Francis Onasanya

How real-time network sleuthing can help you lock down IT. Everyone in IT knows that security is a big deal, but did you know that SIEM (security information and event management) can help protect your network from data breaches, even when traditional defenses fail? If SIEM a mystery to you, lets grab Colonel Mustard, the candlestick and head to the library because this mystery is about to be solved. We'll be giving out more than just clues in this webinar: you'll discover explanations of security concepts, tools, tips and tricks as we unravel the mystery of how to better protect your network. Bring your magnifying glass, because you’ll also learn about event correlation, EPS, normalization and other things that will surely impress your friends. Sign up now to learn from our chief gumshoe and noted SIEM Enthusiast Joe Schreiber. He’ll explain the reasons that SIEM exists, how it works, and most importantly - what you can do with it. IT WAS MR. BODDY ALL ALONG!!!

SIEM 101: Get a Clue About IT Security Analysis

AlienVault

Malware detection how to spot infections early with alien vault usm

AlienVault

Destacado (17)

Wi-Fi Hotspot Attacks

Tracey Rancifer: The Health Benefits Of Activated Charcoal

LogRhythm Web Rhythm Data Sheet

What's New Logrhythm 5.1 Data Sheet

LogRhythm Advanced Agent Data Sheet

Securityanalytics

LogRhythm Training Syllabus Data Sheet

Attacking Drupal

Demo how to detect ransomware with alien vault usm_gg

8 Reasons to Choose Logrhythm

Detox activated-charcoal

Introducing Oracle Audit Vault and Database Firewall

CMS Hacking Tricks - DerbyCon 4 - 2014

Honeypots for Active Defense

USES AND MODE OF ACTION AC

SIEM 101: Get a Clue About IT Security Analysis

Malware detection how to spot infections early with alien vault usm

Similar a Activated Charcoal - Making Sense of Endpoint Data

Secure Iowa Oct 2016

Larry Slobodzian

The Businees Benefits of Threat Intelligence Take 30 minutes of your time to hear Cyber Squared Inc. CEO Adam Vincent review the need for businesses to evaluate the cost of a sophisticated threat intelligence program. Learn more about the ROI calculator that evaluates cost/benefits of threat intelligence investments and offers quantifiable financial benefits and use-cases to demonstrate the overall costs associated with data breaches, and how using threat intelligence can decrease those costs and make existing staff more efficient. Watch the full webinar here: https://attendee.gotowebinar.com/recording/7218699913172089858

The Business Benefits of Threat Intelligence Webinar

ThreatConnect

Cybersecurity threats and data breaches cost companies millions of dollars in lost intellectual property, trade secrets and fines from mishandled privacy information. Even worse, hackers increasingly see law firms as an easy target to acquire valuable data on clients. And yet, many security folks still need the expertise gained from the legal/ediscovery world. Heureka and special guest Donald A. Wochna, Esq. discuss the shift from eDiscovery to Security and back again!

Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals

Heureka Software

Top Security Challenges Facing Credit Unions Today

Chris Gates

Enterprise under attack dealing with security threats and compliance

SPAN Infotech (India) Pvt Ltd

The Avid Life Media hack is a striking example of everything that can go wrong when a company is completely breached followed by a total disclosure of the stolen information. This attack resulted in an estimated $200 million in costs, firing of the CEO, and countless lives ruined. This presentation will review the data exposed and what can be learned to prevent this from happening to your organization.

Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis

North Texas Chapter of the ISSA

The traditional office has now morphed into a hybrid model where most employees work remotely. The shift to remote work isn't entirely new. Between 2005 and 2018, there was a 173% increase in the US remote workforce. This trend spiked significantly in 2020 when roughly 88% of organizations worldwide encouraged remote work to flatten the COVID-19 spread. Join Dr. Christine Izuakor and Veriato's Head of Marketing, Pete Nourse In this free webinar as they discuss: How corporate office perimeters continue to evolve in real-time as the world changes Latest threats to organizations in and out of the office in the new year Keeping your data and systems safe while they sit in your employees' house A user-centric approach to extending security beyond the traditional office perimeter

Extending CyberSecurity Beyond The Office Perimeter

Veriato

On this AppSense webinar, guest speaker Chris Sherman, Forrester Research analyst, shared five principles for an effective endpoint security strategy. Anti-virus software isn't enough anymore. Dan O'Farrell, Sr. Director of Product Marketing for Cloud Computing at Dell, shared how highly-regulated industries have embraced VDI to increase security and reduce costs. And Bassam Khan discussed how AppSense offers privilege management with just-in-time self-elevation and application control through trusted ownership. This allows you to manage and secure your endpoints while providing a great user experience. And our latest product, AppSense Insight, offers endpoint analytics. Contact us to request a demo at iwanttoknowmore@appsense.com.

Protecting endpoints from targeted attacks

AppSense

ComResource - NW Agent Cybersecurity

Anthony Dials

MID_SIEM_Boubker_EN

Vladyslav Radetsky

The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.

The state of web applications (in)security @ ITDays 2016

Tudor Damian

InDefend-Integrated Data Privacy Offerings

Data Resolve Technologies Pvt. Ltd.

Operationalizing Security Intelligence

Splunk

Security Breakout Session

Splunk

Scalar Security Roadshow April 2015

Scalar Decisions

Securing The Reality of Multiple Cloud Apps: Pandora's Story

CloudLock

Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...

Enterprise Management Associates

BREACHED: Data Centric Security for SAP

UL Transaction Security

HP Protect 2015 Presentation with Denim Group's John Dickson and HP's Bruce Jenkins - Software security historically has been a bolt-on afterthought, frequently a "nice to do" and not a "must do" activity in many organizations. Despite the obvious need to build security in from the outset, organizations continue to struggle to gain momentum and focus resources in support of a structured and measurable software security assurance program. How can organizations determine the best-fit activities and appropriate resource allocation levels to adequately address software risk? How can security leaders know what other organizations are doing to produce more secure software? This session provides an overview of the Open Software Assurance Maturity Model (OpenSAMM) framework and illustrates how organizations can use it to give their security program the edge necessary to stay competitive in today's DevOps world and need-for-speed go-to-market strategies. The session includes case studies on how organizations are using comparative data and OpenSAMM benchmarking to realize measurable software security improvement. Originally shared here - https://sessioncatalog.hpglobalevents.com/go/agendabuilder.sessions/?l=19&sid=4026_2744&locale=en_US

Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...

Denim Group

Finding Security a Home in a DevOps World

Shannon Lietz

Similar a Activated Charcoal - Making Sense of Endpoint Data (20)

Secure Iowa Oct 2016

The Business Benefits of Threat Intelligence Webinar

Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals

Top Security Challenges Facing Credit Unions Today

Enterprise under attack dealing with security threats and compliance

Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis

Extending CyberSecurity Beyond The Office Perimeter

Protecting endpoints from targeted attacks

ComResource - NW Agent Cybersecurity

MID_SIEM_Boubker_EN

The state of web applications (in)security @ ITDays 2016

InDefend-Integrated Data Privacy Offerings

Operationalizing Security Intelligence

Security Breakout Session

Scalar Security Roadshow April 2015

Securing The Reality of Multiple Cloud Apps: Pandora's Story

Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...

BREACHED: Data Centric Security for SAP

Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...

Finding Security a Home in a DevOps World

Último

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Zilliz

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Architecting Cloud Native Applications

WSO2

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Activated Charcoal - Making Sense of Endpoint Data

1. Company Confidential Powered by Activated Charcoal Making Sense of Endpoint Data

2. Company Confidential Greg Foss Head of Global Security Operations OSCP, GAWN, GPEN, GWAPT, GCIH, CEH, Cyber APT

3. The Endpoint is the new Perimeter

4. Company Confidential The easiest path into any network…

5. Company Confidential Social Engineering Nothing like a little pretext to get people to click on your links…

6. Company Confidential • Phishing • 91% of ‘advanced’ attacks began with a phishing email or similar social engineering tactics. • http://www.infosecurity-magazine.com/view/29562/91-of- apt-attacks-start-with-a-spearphishing-email/ • 2014 Metrics • Average cost per breach => $3.5 million • 15% Higher than the previous year • http://www.ponemon.org/blog/ponemon-institute- releases-2014-cost-of-data-breach-global-analysis

7. Company Confidential Drive By Downloads, Malvertizing, and Watering Hole Attacks Image Source: https://blog.kaspersky.com/what-is-malvertising/5928/

8. Company Confidential

9. Company Confidential

10. Training is Critical to Success

11. Company Confidential Key Focus Areas: • Employees Image Source: http://www.cloudpro.co.uk/hr/5803/gov-offers-hr-workers-free-cyber-security-training

12. Company Confidential End User Tips - Phishing

13. Company Confidential All You Need is +

14. Company Confidential Shortened URL Tracking

15. Testing and Validation

16. Company Confidential Rogue Wi-Fi Network – Threat Simulation

17. Company Confidential USB Drop – Training Exercise : Case Study

18. Company Confidential Building a Believable Campaign Use realistic files with somewhat realistic data Staged approach to track file access and exploitation

19. Company Confidential Profit Send an email when the Macro is run… Use a bogus email (unlike I did here) – I know, I know. Bad OpSec.

20. Company Confidential Toolscalculator.exe

21. Company Confidential “Nobody’s going to an an exe from some random USB” - Greg Yep… They ran it...

22. Company Confidential Now we have our foothold… Fortunately they didn’t run this as an admin

23. Company Confidential

24. Company Confidential Key Focus Areas: • Employees • IT Staff • Roles and Responsibilities • Incident Response Duties • Configuration Monitoring • Malware Removal • Security Infrastructure

25. Company Confidential Key Focus Areas: • Employees • IT Staff • Security Staff • Table Top and Red vs Blue Exercises • Threat Simulation Leads to Process Improvement • Announced vs Unannounced Simulations or Penetration Testing

26. Company Confidential Purple Team FTW! • Employees • IT Staff • Security Staff • Table Top and Red vs Blue Exercises • Threat Simulation Leads to Process Improvement • Announced vs Unannounced Simulations or Penetration Testing

27. Company Confidential Key Focus Areas: • Employees • IT Staff • Security Staff • Leadership

28. Company Confidential Key Focus Areas: • Employees • IT Staff • Security Staff • Leadership • Processes and Procedures

29. Continuous Monitoring and Detection

30. Company Confidential Automating OSINT and Response Domain Tools Passive Total VirusTotal Cisco AMP ThreatGRID Netflow / IDS Firewalls Proxy / DNS Endpoint SIEM API Integration SecOps Infrastructure

31. Company Confidential

32. Company Confidential Malware Beaconing

33. Company Confidential

34. Company Confidential Malware Beaconing

35. Company Confidential Correlate Network / Log Activity with Endpoint Data

36. Company Confidential Macro Phishing Attacks • Common • Bypasses Most AV • Heavily Obfuscated • Newer attacks targeting Office 365

37. Company Confidential Macro Attack Detection

38. Company Confidential Full Command Line Details

39. Company Confidential Full Command Line Details

40. Company Confidential Be Careful – Don’t Jump To Conclusions…

41. Company Confidential Be Careful – Don’t Jump To Conclusions…

42. Centralized Logging and Event Management