Tuesday, December 5, 2023
Threat intelligence: Using what’s right in front of you

When people think of threat intelligence, the focus is often about being able to afford the latest and greatest tools on the market. But there are plenty of free sources of threat intelligence if you know where to look. In this interview with CRA’s Bill Brenner, Reddit Head of Software Security Matt Johansen discusses some of the readily available sources he turns to on a daily basis.

Matt Johansen
The Anatomy of a Cyberattack

Even the phrase sounds fearsome — cyberattack. And well, it should. They’re basically silent, deadly, pernicious attacks during which cybercriminals may steal, damage, or encrypt your data, so it becomes useless to you. In this last case, you may receive a demand that you pay a large ransom to get them to decrypt your data so you can use it again. Ransomware is among the most prevalent cyberattacks, but there are many others. 
In this session, Tanium’s Chief Security Advisor Zac Warren will show you how proper “cyber hygiene,” maintaining a constant discipline over your network and data security measures, will result in making it far more difficult for cybercriminals to exploit your network, making it undesirable for them to even try. You become a network worth passing by. 
Topics covered will include: 

  • How cybercriminals go about preparing for an attack, the steps they take, and telltale signs someone is attempting to attack your network. 
  • Beyond the initial attack, how broadly and widely they can travel within your network once they’re inside, and the enormous havoc they may wreak when they do. 
  • Details on the numerous ways in which they can copy, steal, damage, or encrypt your data and how damaging that can be. 
  • Effective ways in which you can protect yourself from these exploits and the ransom demands that may accompany them. 
  • The critical importance of ensuring that you have clear visibility of every object on your network, and any points of vulnerability so that you get early warning when attacks are starting. 
  • The many defensive options available to you, and how to assemble the right security system for your needs. 
  • Going proactive – How to proactively hunt down potential attacks as they’re first forming so you can pre-emptively stop them.
Zac Warren
Practical Threat Intelligence Use-Cases for Your Security Operations

"Threat Intelligence" can be a source of a tactical advantage for security teams, or it can become a distraction. The key is knowing what kind of data you're working with, and how best to utilize it. In this talk we will focus on methods, techniques, and operational processes that can take advantage of threat data, or threat intelligence, to help your security operations team defend more effectively, and at greater scale. The focus will be on practical applications of threat data and intelligence - from threat-hunting, to rapidly operationalizing block lists, and other potential applications for security teams.

Rafal Los Johnathon Brandis
Top Five Risks of Not Investing in EM

Cyberattacks increased by 38% last year, with the average cost of a single attack reaching $4.35 million.  A key reason for attacker success? Organizations are struggling with publicly-exposed and unmanaged internet assets, thanks to the continued rise of remote workforces, multi-cloud adoption, and the proliferation of IoT devices. Teams can’t protect what they can’t see – and attackers are taking advantage. To minimize the risk of cyber attacks, security leaders need Exposure Management. Exposure Management is a proactive approach to cybersecurity that involves continually evaluating your digital assets' visibility, accessibility, and vulnerabilities. CISOs, cybersecurity analysts, and federal governments recognize the significance of Exposure Management, with 92% of security leaders considering or implementing a solution in the next 12 months. Join "The Top 5 Risks of Not Investing in Exposure Management,” webinar to learn more about exposure management and why it should be on every security leader’s radar.

Celestine Jahren
Wednesday, December 6, 2023
The future of threat intelligence and how to prepare

The threat intelligence space is evolving rapidly, and organizations are clamoring for the latest tools and techniques. But incorporating these into the daily workings of a business are not without challenges. Joining CRA’s Bill Brenner to discuss those challenges, how today’s developments will affect the future of threat intelligence and how to prepare is Mark Weatherford, SVP and Chief Security Officer at AlertEnterprise and Chief Strategy Officer and a Director on the board at the National Cybersecurity Center.

Mark Weatherford
Operationalizing threat intelligence in the SOC: Challenges and solutions

Organizations are vigorously pursuing new threat intelligence tools and techniques. But security professionals have found that threat intelligence is much more difficult to operationalize in their SOCs than initially anticipated. Joining CRA’s Bill Brenner to unpack the challenges and potential solutions is Michael Farnum, an Advisory CISO and 30-year veteran of the IT and information security fields.

Michael Farnum
How to Use Data Threat Analytics to Fight Ransomware

In 2022, a typical organization secured 227 BETB of data with averages of 155 BETB on-premises, 63 BETB for cloud, and 10 TB for SaaS.1

Given this data volume, how can you identify risks to all of it? 

Join this webinar to learn how to:

  • Determine the scope of ransomware attacks using machine learning to detect deletions, modifications, and encryptions in your data.
  • Monitor for lurking threats automatically using threat intelligence from multiple sources.
  • Analyze the time series history of data for indicators of compromise to identify the initial point, scope, and time of infection.
Vir Choksi
Driving Intelligence with MITRE ATT&CK: Leveraging Limited Resources to Build an Evolving Threat Repository

Building a threat intelligence repository is challenging, even under the most ideal circumstances. But what if you are even more limited in your resources? You are part of a small (but skilled) team, with high expectations, and people are relying on you to make business-critical decisions…all the time! What do you do in that situation? Turn a Toyota Tercel into a tank, of course.

The Interpres Security Threat Intelligence team found itself in that exact situation. Wanting to leverage the MITRE ATT&CK catalog in creating a comprehensive and timely threat intelligence repository, the Interpres team built a series of tools, processes, and paradigms that we call Intelligence Engineering. In this talk, we’ll examine how we combined ATT&CK, STIX2, the Vertex Project’s open-source intelligence platform, Synapse, and custom code to deliver meaningful, rapid, verifiable intelligence to our customers. We’ll share lessons learned on automation, how to run multiple ATT&CK libraries side-by-side and making programmatic intelligence delivery scalable and effective – just like building a tank out of an imported sedan.

Scott J Roberts
Threat intelligence: Breaking down myths around intel sharing

Security experts have long stressed the importance of organizations in the public and private sectors sharing critical intelligence to help repel attacks, but many organizations remain reluctant to do so because of myths that have developed over the years. As co-chair of the cybersecurity and data privacy practice group at Husch Blackwell and a former attorney at NSA, Erik Dullea has a unique perspective on the myths and benefits. In this session he will talk to CRA’s Bill Brenner about the myths regarding the risks companies face when joining an info/intel sharing organization, the benefits of sharing information and safe harbor provisions that can help organizations manage the risks.

Erik Dullea