Есть ли жизнь без SIEM?

Linux

Любое использование данного материала без прямого разрешения АО «Позитив Текнолоджиз» запрещено. Докладчик покажет, как провести эффективный первичный анализ системных журналов при помощи бесплатных продуктов. Система, собранная за 10 человеко-часов из нескольких открытых программных продуктов (syslog, Logstash, Elasticsearch и Kibana), позволяет расследовать инциденты безопасности в два щелчка мыши.

Ведущий: Игорь Гоц

Подробнее: www.phdays.ru/program/40893/

Bankit 2019_23.10.2019_А.Масалович_Личность в цифровом мире - источник угроз и объект атаки

Linux

СЕКЦИЯ: Кибербезопасность. Люди

Личность в цифровом мире — источник угроз и объект атаки
Андрей Масалович, ведущий эксперт по конкурентной разведке Академии Информационных Систем

STAR Webcast: Threat Hunting and the Rise of Targeted eCrime Intrusions

Linux

The rise in targeted eCrime attacks was a major focus of CrowdStrikes 2020 Global Threat Report. The OverWatch threat hunting team has continued to see this trend in 2020 as criminal adversaries evolve to capitalize on targeted tactics, particularly with intent to deploy ransomware. This presentation covers how these intrusions occur and what you should look for in your threat hunting to uncover them. Discussion will include details on the commands the adversaries are actually running to exploit their victims.

Attendees will learn:

— More about the current eCrime ecosystem
— Targeted eCrime techniques recently observed in the wild
— How to use threat hunting to discover eCrime actors before they accomplish their objectives

Speaker Bios

Katie Nickels

Katie is a SANS instructor for FOR578: Cyber Threat Intelligence and a Principal Intelligence Analyst for Red Canary. She has worked on cyber threat intelligence (CTI), network defense, and incident response for nearly a decade for the DoD, MITRE, Raytheon, and ManTech. Katie hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at Black Hat, multiple SANS Summits, Sp4rkcon, and many other events. Katie has also served as a co-chair of the SANS CTI Summit and FIRST CTI Symposium. She was the 2018 recipient of the Presidents Award from the Womens Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM. You can find Katie on Twitter @LiketheCoins

Karl Scheuerman

Karl is a Senior Strategic Intrusion Analyst on CrowdStrike’s OverWatch threat hunting team. Previously, he led threat intelligence programs for the Department of Energy. Karl began his career as an Air Force officer and he continues to serve in the Air National Guard as commander of a threat intelligence squadron. He holds multiple SANS certifications, a Bachelor of Science degree from the U.S. Air Force Academy, and a Master of Public Policy degree from the University of Maryland, College Park. You can follow him on Twitter at @KarlScheuerman.

Jason Wood

Jason is a Senior Researcher on CrowdStrike’s OverWatch threat hunting team. He has worked as a threat hunter, penetration tester, consultant, trainer, security engineer and systems administrator. Jason is involved in the security community through podcasting and speaking at conferences. You can find him every week on Security Weekly News and the InfoSec Career Podcast. Jason is also an instructor for SANS SEC504, Hacker Tools, Techniques, Exploits, and Incident Handling. He holds a bachelors degree in Computer Science and the GCIH certification.

Updated FOR578: Training for Security Personnel and Why Intelligence Matters to You

Linux

FOR578 — Cyber Threat Intelligence has now been running as a course at SANS for a little over two years. In that time a lot has evolved including the field itself being extended through the SANS FOR578 authors and students. A major update has now taken place in the course to codify next skill sets and advancements, understanding in adversary behavioral tradecraft, and new exciting labs to push security to a new level. Come learn about the updates, why FOR578 should be a class you should take, and in general why Intelligence matters to you regardless of your security role.

For more information about the FOR578 course visit or to register for the course visit: sans.org/FOR578

For more information about GCTI Certification vsit: www.giac.org/u/wY7

Speaker Bio

Robert M. Lee

Robert M. Lee is the CEO and Founder of the industrial (ICS/IIoT) cyber security company Dragos, Inc. He is also a non-resident National Cybersecurity Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure. For his research and focus areas, Robert was named one of Passcodes Influencers, awarded EnergySecs Cyber Security Professional of the Year (2015), and inducted into Forbes 30 under 30 for Enterprise Technology (2016).

A passionate educator, Robert is the course author of SANS ICS515 — «ICS Active Defense and Incident Response» with its accompanying GIAC certification GRID and the lead-author of SANS FOR578 — «Cyber Threat Intelligence» with its accompanying GIAC GCTI certification. He may be found on Twitter @RobertMLee

Threat Intelligence: Explained, Examined,

Linux

Dragos VP of Threat Intelligence, Sergio Caltagirone, co-hosted with Dave Bittner from Cyberwire, discusses threat intelligence as part of a cybersecurity strategy to help organizations reduce risk by improving detection, response, and prevention of secure critical infrastructure.
Topics covered:
— What is threat intelligence and why you need it
— How threat intelligence can reduce your organization’s risk profile
— Vulnerable industrial assets that need protection
— Highlights from major cyber risks impacting Oil and Gas and Utilities