Ever wonder what threat hunting is all about? Join Infosec Principal Security Researcher Keatron Evans as he breaks down the basics of what it’s like to have a career hunting down potential cyber threats.
Join us on for an inside look at a day in the life of a threat hunter, including:
Why threat hunters are more critical today than ever before
Knowledge and skills needed to drive threat hunting success
Live demos of essential threat hunting skills and tools used to detect and mitigate adversarial behavior
One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat!
P.S. Want to go even deeper into threat hunting? Don’t miss our advanced threat hunting session on June 28, Join the hunt: Threat hunting for proactive cyber defense.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Join the hunt: Threat hunting for proactive cyber defense.pptxInfosec
As threat hunters, you already know staying ahead of the adversary demands a proactive approach to threat detection and response. Don your virtual threat hunting gear and join Infosec Principal Security Researcher Keatron Evans as he goes sleuthing for cyber threats.
Join us for practical threat hunting insights and career recommendations, including:
Threat hunting knowledge and skills to accelerate your career
How to help clients navigate the threat hunting toolbox and prioritize technology investments
Live demos of notoriously hard-to-detect adversarial behavior like memory-only malware and living-off-the-land techniques
One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat!
P.S. Don’t miss our novice-level threat hunting session: Threat hunting foundations: People, process and technology.
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
How to set up a Threat Hunting Team for Active Defense utilizing Cyber Threat Intelligence and how CTI can help a company grow and improve its security posture.
Join the hunt: Threat hunting for proactive cyber defense.pptxInfosec
As threat hunters, you already know staying ahead of the adversary demands a proactive approach to threat detection and response. Don your virtual threat hunting gear and join Infosec Principal Security Researcher Keatron Evans as he goes sleuthing for cyber threats.
Join us for practical threat hunting insights and career recommendations, including:
Threat hunting knowledge and skills to accelerate your career
How to help clients navigate the threat hunting toolbox and prioritize technology investments
Live demos of notoriously hard-to-detect adversarial behavior like memory-only malware and living-off-the-land techniques
One lucky attendee will win a free year of Infosec Skills. Complete the form to save your seat!
P.S. Don’t miss our novice-level threat hunting session: Threat hunting foundations: People, process and technology.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points:
1. What Threat hunting is.
2. Why it is becoming so popular and what kinds of attacks are making it necessary.
3. What the challenges are.
4. Threat Hunting and Investigation services for attacks.
5. Case studies.
Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
This is about what is threat hunting and how to perform it in cyberworld. Our traditional detection systems are being bypassed and we need modern approach to detect & respond to modern day threats.
Entire demo of the same is available on youtube - https://www.youtube.com/playlist?list=PL2iM-fIRjbTCQVI4tR7U2I5IdwLb2QSi_
6 Steps for Operationalizing Threat IntelligenceSirius
The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.
Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making.
View to learn:
--The difference between threat information and threat intelligence.
--Available sources of intelligence and how to determine if they apply to your business.
--Key steps for preparing to ingest threat information and turn it into intelligence.
--How to derive useful data that helps you achieve your business goals.
--Tools that are available to make collaboration easier.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Tools" gives an introduction to the various tools used in the industry for the purpose of cybersecurity. You get to know different kinds of security tools in today's IT world and how they protect us against cyber threats/attacks. The following tools are discussed in this tutorial:
- BluVector
- Bricata
- Cloud Defender
- Contrast Security
- Digital Guardian
- Intellicta
- Mantix4
- SecBI
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Building a Threat Hunting Practice in the CloudProtectWise
Building a Threat Hunting Practice Using the Cloud
James Condon, Director of Threat Research and Analysis ProtectWise and Tom Hegel, Senior Threat Researcher ProtectWise
Topics:
Threat Hunting 101
Requirements for Effective Threat Hunting
How the Cloud Can Help
Threat Hunting Best Practices
Questions
Next Steps
Threat hunters are security professionals who proactively search for threats and vulnerabilities in an organization's systems and networks. They use a variety of tools and techniques to identify potential threats, investigate suspicious activity, and respond to security incidents.
Cyber threat intelligence: maturity and metricsMark Arena
From SANS Cyber Threat Intelligence Summit 2016. What are the characteristics of a mature cyber threat intelligence program, and how do you develop meaningful metrics? Traditionally, intelligence has been about providing decision
support to executives whilst the field of cyber threat intelligence supports this customer, and network defenders, who have different requirements. By using the intelligence cycle, this talk will
seek to help attendees understand how they can identify what a mature intelligence program looks like and the steps to take their program to the next level.
In our webinar “What is Threat Hunting and why do you need it?" we discussed the folowing key points:
1. What Threat hunting is.
2. Why it is becoming so popular and what kinds of attacks are making it necessary.
3. What the challenges are.
4. Threat Hunting and Investigation services for attacks.
5. Case studies.
Find out more on https://www.pandasecurity.com/business/adaptive-defense/?utm_source=slideshare&utm_medium=social&utm_content=SM_EN_WEB_adaptive_defense&track=180715
SOC Architecture - Building the NextGen SOCPriyanka Aash
Why are APTs difficult to detect
Revisit the cyber kill chain
Process orient detection
NextGen SOC Process
Building your threat mind map
Implement and measure your SOC
Insight is one of the best security operation center that influences all the necessary things that reduce the advanced threats and security risk all over your company and protects your network infrastructure across the organization. https://insightmsp.co.in/soc-as-service.php
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Delivered 1 - day Practical Threat Hunting workshop at sacon.io in Bangalore,India balancing on developing the threat hunting program in organization, how and where to start from as well threat hunting demos as it would look on the ground with hands on labs for 100+ participants.
Cyber Security Trends
Business Concerns
Cyber Threats
The Solutions
Security Operation Center
requirement
SOC Architecture model
SOC Implementation
SOC & NOC
SOC & CSIRT
SIEM & Correlation
-----------------------------------------------------------
Definition
Gartner defines a SOC as both a team, often operating in shifts around the clock, and a facility dedicated to and organized to prevent, detect, assess and respond to cybersecurity threats and incidents, and to fulfill and assess regulatory compliance. The term "cybersecurity operation center "is often used synonymously for SOC.
A network operations center (NOC) is not a SOC, which focuses on network device management rather than detecting and responding to cybersecurity incidents. Coordination between the two is common, however.
A managed security service is not the same as having a SOC — although a service provider may offer services from a SOC. A managed service is a shared resource and not solely dedicated to a single organization or entity. Similarly, there is no such thing as a managed SOC.
Most of the technologies, processes and best practices that are used in a SOC are not specific to a SOC. Incident response or vulnerability management remain the same, whether delivered from a SOC or not. It is a meta-topic, involving many security domains and disciplines, and depending on the services and functions that are delivered by the SOC.
Services that often reside in a SOC are:
• Cyber security incident response
• Malware analysis
• Forensic analysis
• Threat intelligence analysis
• Risk analytics and attack path modeling
• Countermeasure implementation
• Vulnerability assessment
• Vulnerability analysis
• Penetration testing
• Remediation prioritization and coordination
• Security intelligence collection and fusion
• Security architecture design
• Security consulting
• Security awareness training
• Security audit data collection and distribution
Alternative names for SOC :
Security defense center (SDC)
Security intelligence center
Cyber security center
Threat defense center
security intelligence and operations center (SIOC)
Infrastructure Protection Centre (IPC)
مرکز عملیات امنیت
This is about what is threat hunting and how to perform it in cyberworld. Our traditional detection systems are being bypassed and we need modern approach to detect & respond to modern day threats.
Entire demo of the same is available on youtube - https://www.youtube.com/playlist?list=PL2iM-fIRjbTCQVI4tR7U2I5IdwLb2QSi_
6 Steps for Operationalizing Threat IntelligenceSirius
The best form of defense against cyber attacks and those who perpetrate them is to know about them. Collaborative defense has become critical to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by.
Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
Threat intelligence sources have varying levels of relevance and context, and there are concerns about data quality and redundancy, shelf life, public/private data sharing, and threat intelligence standards. However, if processed and applied properly, threat intelligence provides a way for organizations to get the insight they need into attackers’ plans, prioritize and respond to threats, shorten the time between attack and detection, and focus staff efforts and decision-making.
View to learn:
--The difference between threat information and threat intelligence.
--Available sources of intelligence and how to determine if they apply to your business.
--Key steps for preparing to ingest threat information and turn it into intelligence.
--How to derive useful data that helps you achieve your business goals.
--Tools that are available to make collaboration easier.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Check out the accompanying webinar: http://www.hosting.com/resources/webinars/?commid=228353
MITRE ATT&CKcon 2018: Hunters ATT&CKing with the Data, Roberto Rodriguez, Spe...MITRE - ATT&CKcon
With the development of the MITRE ATT&CK framework and its categorization of adversary activity during the attack cycle, understanding what to hunt for has become easier and more efficient than ever. However, organizations are still struggling to understand how they can prioritize the development of hunt hypothesis, assess their current security posture, and develop the right analytics with the help of ATT&CK. Even though there are several ways to utilize ATT&CK to accomplish those goals, there are only a few that are focusing primarily on the data that is currently being collected to drive the success of a hunt program.
This presentation shows how organizations can benefit from mapping their current visibility from a data perspective to the ATT&CK framework. It focuses on how to identify, document, standardize and model current available data to enhance a hunt program. It presents an updated ThreatHunter-Playbook, a Kibana ATT&CK dashboard, a new project named Open Source Security Events Metadata known as OSSEM and expands on the “data sources” section already provided by ATT&CK on most of the documented adversarial techniques.
Cybersecurity Tools | Popular Tools for Cybersecurity Threats | Cybersecurity...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Tools" gives an introduction to the various tools used in the industry for the purpose of cybersecurity. You get to know different kinds of security tools in today's IT world and how they protect us against cyber threats/attacks. The following tools are discussed in this tutorial:
- BluVector
- Bricata
- Cloud Defender
- Contrast Security
- Digital Guardian
- Intellicta
- Mantix4
- SecBI
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Building a Threat Hunting Practice in the CloudProtectWise
Building a Threat Hunting Practice Using the Cloud
James Condon, Director of Threat Research and Analysis ProtectWise and Tom Hegel, Senior Threat Researcher ProtectWise
Topics:
Threat Hunting 101
Requirements for Effective Threat Hunting
How the Cloud Can Help
Threat Hunting Best Practices
Questions
Next Steps
Threat hunters are security professionals who proactively search for threats and vulnerabilities in an organization's systems and networks. They use a variety of tools and techniques to identify potential threats, investigate suspicious activity, and respond to security incidents.
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
View webinar: "Cyber Threat Hunting: Identify and Hunt Down Intruders": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gwfd
View companion webinar:
"Red Team Operations: Attack and Think Like a Criminal": https://www2.infosecinstitute.com/l/12882/2018-11-29/b9gw5q
Are you red team, blue team — or both? Get an inside look at the offensive and defensive sides of information security in our webinar series.
Senior Security Researcher and InfoSec Instructor Jeremy Martin discusses what it takes to be modern-day threat hunter during our webinar, Cyber Threat Hunting: Identify and Hunt Down Intruders.
The webinar covers:
- The job duties of a Cyber Threat Hunting professional
- Frameworks and strategies for Cyber Threat Hunting
- How to get started and progress your defensive security career
- And questions from live viewers!
Learn about InfoSec Institute's Cyber Threat Hunting couse here: https://www.infosecinstitute.com/courses/cyber-threat-hunting/
In this brief presentation, Chris Gerritz (co-founder and CPO of Infocyte) shares insights on finding and responding to hidden attackers within your network.
Learn about cybersecurity incident response, forensic triage, and the differences between telemetry and protection.
This presentation originally took place at Check Point Software's 2019 CPX 360 conference in Las Vegas.
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement.
According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident.
This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline.
Our presenters will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from the cyber threat intelligence experts at iSIGHT Partners.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Tim Armstrong, Security Incident Response Specialist, Co3 Systems
- Matt Hartley, VP of Product Management, iSIGHT Partners
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
APT attacks originate from people, against a specific target, for an explicit malicious purpose. Attempting to protect all assets from every type of attack is not reasonable or sustainable. Understanding the archetypes of Threat Agents is key to an effective defense. Knowing the capabilities, objectives, and most likely methods of APTs targeting your organization provides predictive insights to where prevention, detection, and response tools and processes will have maximum impact. Such analysis complements the traditional vulnerability management structures which look generically for weaknesses.
Matthew Rosenquist's Understanding APT Threat Agent Characteristics is Key to Prioritizing Risks presentation at the 2015 Global APT Defense Summit in Los Angeles. Prioritizing risks is critical for any sustainable security capability. Understanding the abilities, methods, and objectives of advanced attackers is key in identifying the most critical vulnerabilities and the proper allocation of resources to manage risks.
Enhancing Cyber threat hunting for your team | 2021KharimMchatta
At the ISACA annual meeting, our presentation delved into diverse strategies aimed at empowering cybersecurity teams to elevate their cyber threat hunting capabilities within their organizational systems. Through a comprehensive exploration of innovative techniques, best practices, and emerging trends, we aimed to equip attendees with actionable insights to proactively identify and mitigate potential threats. By highlighting the significance of continuous improvement in threat hunting methodologies, we sought to contribute to the advancement of effective cybersecurity practices in a rapidly evolving digital landscape.
The 3 Generations of Security Operations Centres
Follow the Bank of England’s journey with Splunk and discover how the UK’s central bank is transitioning its security operations centre towards a more automated future
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement. According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident.
This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline. Finally, it will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from industry-leader iSIGHT Partners.
Cyber Threat Intelligence is a process in which information from different sources is collected, then analyzed to identify and detect threats against any environment. The information collected could be evidence-based knowledge that could support the context, mechanism, indicators, or implications about an already existing threat against an environment, and/or the knowledge about an upcoming threat that could potentially affect the environment. Credit: Marlabs Inc
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
Companies have AI projects. Security products use AI to keep attackers out and insiders at bay. But what is this "AI" that everyone talks about? In this talk we will explore what artificial intelligence in cyber security is, where the limitations and dangers are, and in what areas we should invest more in AI. We will talk about some of the recent failures of AI in security and invite a conversation about how we verify artificially intelligent systems to understand how much trust we can place in them.
Alongside the AI conversation, we will discover that we need to make a shift in our traditional approach to cyber security. We need to augment our reactive approaches of studying adversary behaviors to understanding behaviors of users and machines to inform a risk-driven approach to security that prevents even zero day attacks.
AWS Certified DevOps Engineer: What it is and how to get certifiedInfosec
Watch the full webinar here: https://www.infosecinstitute.com/webinar/aws-certified-devops-engineer-what-it-is-and-how-to-get-certified/
Cloud infrastructure is the backbone of many organizations and services, and DevOps engineers are the professionals tasked with ensuring those systems are responsive, available, scalable and secure. The AWS Certified DevOps Engineer – Professional certification validates your skills in provisioning, operating and managing distributed AWS cloud systems.
Join us on March 27 at 11 a.m. Central to learn how this AWS certification can benefit your career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn:
- What’s on the AWS Certified DevOps Engineer exam (DOP-C02)
- Career paths AWS certification holders
- Ways you can train and get certified
- Plus Q&A from live attendees
AWS Cloud Operations Administrator: What it is and how to get certifiedInfosec
Watch the webinar here: https://www.infosecinstitute.com/webinar/aws-certified-sysops-administrator/
As the AWS cloud market continues to expand, professionals are needed to administer those systems. AWS Certified Cloud Operations Administrator training prepares you to earn your AWS Certified SysOps Administrator certification — and validates your skills in deploying, managing and operating AWS workloads.
Join us to learn how this AWS certification can benefit your IT and cybersecurity career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn:
- What’s on the AWS Certified Cloud Operations/SysOps Administrator exam (SOA-C02)
- Career paths AWS certification holders
- Ways you can train and get certified
AWS Certified Security - Specialty: What it is and how to get certifiedInfosec
Watch the webinar: https://www.infosecinstitute.com/webinar/aws-certified-security---specialty-what-it-is-and-how-to-get-certified/
Cloud security skills are among the most in-demand in 2024, and if you work in the cloud, there’s a good chance it involves AWS. The AWS Certified Security - Specialty certification validates your skills in creating and implementing AWS cloud security solutions.
Join us on March 13 at 11 a.m. Central to learn how this AWS certification can benefit your cybersecurity career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn:
- What’s on the AWS Certified Security exam (SCS-C02)
- Career paths AWS certification holders
- Ways you can train and get certified
- Plus Q&A from live attendees
Watch the webinar here: https://www.infosecinstitute.com/webinar/aws-certified-solutions-architect-what-it-is-and-how-to-get-certified/
Amazon Web Services (AWS) is the market leader for cloud infrastructure, and the AWS Certified Solutions Architect – Associate certification validates your knowledge and skills in designing secure, resilient, high-performing and cost-optimized architectures.
Join us to learn how this AWS certification can benefit your career — and what to expect in the first-ever live AWS boot camps from Infosec. In less than 30 minutes, you’ll learn:
What’s on the AWS Certified Solutions Architect exam (SOA-C02)
Career paths AWS certification holders
Ways you can train and get certified
This webcast is part of the Infosec AWS Training Series: https://www.infosecinstitute.com/resources/?q=aws&Type=Webcast+and+video
Infosec and AWS - A new way to train for your AWS certification (1).pptxInfosec
Watch the webinar: https://www.infosecinstitute.com/webinar/infosec-and-aws-a-new-way-to-train-for-your-aws-certification/
Amazon Web Services (AWS) certifications are some of the most pursued in the IT and cybersecurity industry, by both employers and professionals. And now, there’s a new way to train for them with Infosec.
Join us to learn about the new partnership between AWS and Infosec, making Infosec an authorized live boot camp training provider for AWS certifications. You’ll learn:
- How AWS certification can boost your career
- Which AWS certification is right for you
- How the new AWS live boot camps will work
- Plus Q&A from live attendees
This webcast is part of the Infosec AWS Training Series: https://www.infosecinstitute.com/resources/?q=aws&Type=Webcast+and+video
How AI and ChatGPT are changing cybersecurity forever.pptxInfosec
Watch the full webinar (and demo) here: https://www.infosecinstitute.com/webinar/how-chatgpt-and-ai-are-changing-cybersecurity-forever/
Artificial intelligence (AI) technologies are reshaping both how cybersecurity is done and how people learn cybersecurity. In this live demonstration, Infosec’s Keatron Evans will demonstrate how you can use ChatGPT to perform cybersecurity functions and teach yourself new skills — right now.
Join us on February 23 at 11 a.m. Central to get a practical, hands-on approach around how to use AI for your cybersecurity needs. You’ll learn:
- How malicious actors use AI tools like ChatGPT
- Ways for cybersecurity professionals to get started with AI
- How AI tools can help you learn quicker and better
- Plus Q&A from live attendees
2023.06 - CompTIA Security+ Everything you need to know about the new exam .pptxInfosec
Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-security-everything-you-need-to-know-about-the-sy0-701-update/
CompTIA’s Security+, the most popular cybersecurity certification in the world, is getting an overhaul! The updated exam (from SY0-601 to SY0-701) re-aligns the certification to match the most in-demand entry-level cybersecurity skills and trends heading into 2024.
Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn how the Security+ certification is evolving so it remains the “go-to” certification for anyone trying to break into cybersecurity. You’ll learn about:
- Evolving Security+ domain areas and job skills
- Common job roles for Security+ holders
- SY0-601 and SY0-701 exam timelines
- Tips to pass the updated Security+ exam
- Plus Security+ questions from live viewers
Learn how to roll out a successful Cybersecurity Awareness Month program that boosts employee engagement all October (and beyond).
Join Infosec’s Emma Waite and Camille Raymond to learn:
- What employee-related risk data is needed to quantify success
- How to communicate your NCSAM plans to stakeholders
- The content and cadence appropriate to drive engagement
- Creative ways organizations are celebrating NCSAM
- How to continue the momentum after October
CompTIA CySA+ certification (CS0-003) changes: Everything you need to knowInfosec
Watch the webinar here: https://www.infosecinstitute.com/webinar/comptia-cysa-certification-changes-everything-you-need-to-know/
Information security analyst is one of the fastest-growing job categories in the U.S., with 35 percent overall growth expected by 2031. CompTIA’s Cybersecurity Analyst+ (CySA+) is one of the most popular certifications related to the role — and it’s getting an update in 2023 to align with the most in-demand knowledge and skills requested by employers.
Join Patrick Lane, Director of Certification Product Management at CompTIA, to learn everything you need to know about the latest CySA+ certification and exam (CS0-003) updates, including:
- Evolving security analyst job skills
- Common job roles for CySA+ holders
- What’s changed from CS0-002 to CS0-003
- Tips to pass the updated CySA+ exam
- Plus CySA+ questions from live viewers
Skills training value: How to differentiate your staff and your organization ...Infosec
Watch the full webinar here: https://event.on24.com/wcc/r/4125122/E0E3F3F43BABD48134E3909C4577F5EA
Hiring skilled people is hard. Once you get them, you want to retain them — and increase their value to your customers. Save your spot to learn more about:
- Challenges with getting and retaining internal talent
- How better skillsets affect margin/profitability
- Using Infosec Skills to attract highest-quality hires
- Using Infosec Skills to upskill your internal team
- Reselling Infosec Skills to your end-user
Learning ≠ Education: How people really learn and what it means for security ...Infosec
Emotion and passion are the two most essential elements in understanding how people learn. Often, the initial response to security threats is throwing technology at the problem. But as we know, you can’t fix all of your security issues without understanding the role humans play in the process.
Join Nick Shackleton-Jones — 30-year learning and development vet, Former CLO at Deloitte UK and CEO and Founder of Shackleton Consulting — to better understand:
- The difference between learning and education
- What really drives how employees learn
- How to develop a growth mindset that truly changes employee behavior
Watch the full webcast here: https://www.infosecinstitute.com/webinar/adult-learning-security/
Security awareness training - 4 topics that matter mostInfosec
National Cybersecurity Awareness Month (NCSAM) is right around the corner. Now’s the time to level up your security awareness training program — and instill best practices in employees that will help keep them (and your organization) secure year-round.
Join us to learn about the four key employee behaviors for NCSAM 2022. All registrants will receive a free Cybersecurity Awareness Month Toolkit, which includes:
1 training module & assessment
5 posters & infographics
1 employee presentation
4 email templates
And more
It’s been more than a decade since Marc Andreessen popularized the idea that “every company needs to become a software company.” But in 2022, just being a software company isn’t enough; you need to become a secure software company.
That’s why Ted Harrington created a new Infosec Skills learning path based on his best-selling book, “Hackable: How to Do Application Security Right.” Whether you create code, secure systems or manage organizational risk, understanding application security has become a must-have skill. Join us to learn how to:
Avoid common application security mistakes
Implement best practices to secure software systems
Create the business case for security as a competitive edge
Plus, get your live questions answered by Ted
Every registrant will get a free copy of Ted’s new ebook, “How to secure your software faster and better.”
A public discussion about privacy careers: Training, certification and experi...Infosec
The word privacy can have so many meanings. Whether personal, professional or procedural, privacy can be a state of being, an action that requires compliance or a created space of safety.
Join Infosec Skills authors Chris Stevens, John Bandler and Ralph O’Brien as they discuss the intersection of privacy and cybersecurity. They’ll help you walk a path that will lead to an engaging career as a privacy specialist — a job role that grows with more opportunities year after year!
The panel will discuss:
Privacy as it relates to cybersecurity
Privacy certifications that align with your career path
Best practices for studying for IAPP certification exams
Tips for getting experience in the field of privacy
Interviewing for the privacy position you’ve been searching for
Plus your live questions on privacy as a career
Learn intrusion detection: Using Zeek and Elastic for incident responseInfosec
Intrusion detection is a foundational skill for many cybersecurity careers. Learn how intrusion detection works in action in this live webcast. Then take these free intrusion detection system (IDS) tools and start building your skills.
Join Infosec Skills author Mark Viglione on March 8 at 11 a.m. CST to learn all about:
What is intrusion detection?
How intrusion detection fits into different career paths
Live demo of Zeek for log analysis
Live demo of Elastic SIEM for incident response
Plus your live intrusion detection and career questions
There are 4.19 million cybersecurity professionals worldwide, but another 2.7 million are needed for organizations to adequately defend their critical assets, according to (ISC)². Learn how you can get started in cybersecurity and build a career in this lucrative and rewarding field.
CompTIA PenTest+: Everything you need to know about the examInfosec
Penetration testers find and report vulnerabilities before they can be exploited. CompTIA’s PenTest+ is one of the best certifications to validate those skills, and it’s being updated to align with the most up-to-date hacking and pentesting skills requested by employers in 2021.
CompTIA CASP+ | Everything you need to know about the new examInfosec
Want to be an advanced cybersecurity practitioner? Then CompTIA’s CASP+ certification may be the perfect fit for you. The popular certification is getting an overhaul heading into 2022 to ensure it validates the most relevant and in-demand skills — from security architecture and operations to engineering and governance.
CompTIA network+ | Everything you need to know about the new examInfosec
CompTIA’s Network+ is one of the most popular entry-level IT and cybersecurity certifications available, and it’s got an update in September 2021. The new exam (from N10-007 to N10-008) will align the certification with the most in-demand job trends to ensure Network+ holders have the skills necessary to succeed in 2022 and beyond.
Isaca career paths - the highest paying certifications in the industryInfosec
ISACA certifications are among the most in-demand in the industry. CISA, CISM, CRISC and CGEIT regularly top lists of highest-paying IT and security certs with average salaries ranging from $103,000 to $133,000 — and a new certification is now available, Certified Data Privacy Solutions Engineer (CDPSE).
Check out the session here: https://www.infosecinstitute.com/webinar/isaca-career-path/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
3. Today’s
webcast
⮚ What is threat hunting?
⮚ Assumption of a breach
⮚ Key components of threat hunting
⮚ Threat hunting process
⮚ Demo
⮚ Q&A
4. What is threat hunting?
Incident response
REACTIVE
Responds to alerts and gets the organization back to a ”safe” place
Forensics
INVESTIGATIVE
Documents historical events: What happened? How? When? Who?
Threat hunting
PROACTIVE
Identifies how threats behave in an environment. Driven by
hypothesis — not incidents or events
5. JOB TITLE:
Threat hunter
RESPONSIBILITIES:
Finds threats
within an
environment
TASKS:
Uses data analysis
tools and
techniques to
discover threats
and related
vulnerabilities
Anatomy of a
threat hunter
6. REACTIVE
Incident response
PROACTIVE
Threat hunting
• Actively searching for
and preventing threats
• Includes threats which
may not have been
detected or reported
by automated
monitoring tools
• Detecting attacks after
they have occurred
• Logging and responding
to alerts and
notifications from
monitoring tools
7. Threat hunting concepts
Data
Discrete logs used for
analysis, often collected by
individual devices and
centralized by a SIEM
Baselines
Simple metrics and
established, secure
configurations or behaviors
Threat intelligence
Collections of data relating to
known threats and threat
actors
9. Three reasons to
assume a breach
1. Systems are complex and difficult to
fully secure
2. It’s much safer than assuming a
system or environment is secure from
attack
3. You can’t only depend on alerts
10. Zero-day
vulnerabilities
• Vulnerabilities unknown to software
developers
• Zero-day attacks will exist regardless
of how secure a product is thought to
be
• By their very nature, these
vulnerabilities are unknown and
difficult to prevent
11. Detection
deltas
The “global median dwell
time” (detection delta)
has steadily dropped
since 2011 when it was
416 days, according to
FireEye’s M-Trends report
Global median dwell time 2015-2021
Compromise
notifications
2015 2016 2017 2018 2019 2020 2021
All 146 99 101 78 56 24 21
External
notifications
320 107 186 184 141 73 28
Internal
detection
56 80 57.5 50.5 30 12 18
12. Combat alert fatigue
with active defense
1. Large influx of false positive alerts can
lead to disinterest
2. Constantly chasing down false
positives becomes exhausting and
boring
3. Actively hunting threats helps combat
alert fatigue and reduce false positives
13. Key components of threat hunting
Three factors to help determine threat hunting program maturity
1. Quality of collected
data
2. Tools used for
gathering/analyzing data
3. Threat hunter skills
14. Let’s take a look at
what a mature
threat hunting
process looks like.
1. Collect and process data
2. Establish hypothesis
3. Hunt for threats
4. Identify threats
5. Respond
15. 1. Collect and process data
2. Establish hypothesis
3. Hunt for threats
4. Identify threats
5. Respond
● Data collected from various log
sources, often centralized for
analysis
● Data then processed and organized
using automated tools
● Manual investigation leads to
development of a hypothesis
Collect and
process data
16. 1. Collect and process data
2. Establish hypothesis
3. Hunt for threats
4. Identify threats
5. Respond
● Data analyzed by a hunter or other
party tasked with developing
hypotheses
● Once created, a hypothesis is used
to direct threat hunting efforts
● Should be business-related and
specific
Establish
hypothesis
17. 1. Collect and process data
2. Establish hypothesis
3. Hunt for threats
4. Identify threats
5. Respond
● After a hypothesis has been created,
threat hunters attempt to confirm
the hypothesis
● Look for a sufficient number of IOCs
to support a hypothesis
● If unable to confirm a hypothesis,
move to a new one
Hunt for threats
18. 1. Collect and process data
2. Establish hypothesis
3. Hunt for threats
4. Identify threats
5. Respond
● After confirming a hypothesis,
gather further information on all
related threats
● Discover information to attribute
the threat to a specific actor,
determine threat characteristics and
goals
Identify threats
19. 1. Collect and process data
2. Establish hypothesis
3. Hunt for threats
4. Identify threats
5. Respond
● Becomes an incident response (IR)
process
● Handoff to IR team happens here
● Threat hunters may pulled into the
IR process
Respond
20. ● Review threats
● Ask questions:
○ Why did the threat exist?
○ Is the current mitigation
sufficient going forward?
○ What can we do to better
prepare for this type of threat in
the future?
Lessons learned
23. Learn threat hunting with Infosec Skills
Infosec Skills subscription:
➢ 190+ role-based learning paths (e.g., Cyber Threat
Hunting, Ethical Hacking, PenTest+)
➢ 100s of hands-on labs in cloud-hosted cyber ranges
➢ Custom certification practice exams and skill
assessments
Infosec Skills live boot camp:
➢ Live, instructor-led training (in-person or live online)
➢ Certification exam voucher
➢ 90 day extended access to recordings of daily
lessons, plus all materials in Infosec Skills
➢ Exam Pass Guarantee
infosecinstitute.com/skills
24. Learn how to hack with Infosec Skills
And the winner for a
one-year subscription to
Infosec Skills is …
infosecinstitute.com/skills
(Valued at $299)
25. About us
Infosec believes knowledge is power when fighting
cybercrime. We help IT and security professionals advance
their careers with skills development and certifications
while empowering all employees with security awareness
and privacy training to stay cyber-safe at work and home.
www.infosecinstitute.com