An advanced adversary has bypassed the perimeter defenses, moved inside the environment, and become a literal ghost in the machine, free to move from system to system.... searching for its next target. This is a scenario that every SOC fears, and it presents a daunting threat hunting challenge. But, as we will demonstrate, it doesn't have to.

New Age Network Detection: Keeping pace with the Evolution of Tech Infrastructure New approaches to network detection and response to address increasing attacker sophistication and cloud-based resources. How advances in analytics help organizations detect attacks in encrypted traffic and identify command and control traffic. The advantage of an open data approach is to integrate with existing detection capabilities.

XDR is new to the marketplace, and there remains confusion about what it is - and is not. Alex Kirk of Corelight likes to dispel the myth that it's about endpoint security. "You've got to have the N," he says - network technology. In this interview, he dispels myths and expounds on possibilities. In this video interview with Information Security Media Group, Kirk discusses.

As defenders, we deploy or develop a number of policies, procedures, tools and technologies to support our risk management strategy while struggling to maintain situational awareness. The regular outputs of detection and response activities rarely cross functional boundaries and result in missed opportunities to translate learnings into institutional memory. With an ever-evolving threat landscape including the transformation to a hybrid work model; the power of decision and ultimately Decision Advantage is the most valuable tool in cyber-defense. In this webcast, Bernard Brantley CISO Corelight will discuss the exploitation of data-centric NDR as the coalescence point for tactical and operational outputs and as a pathway to cultivating strategic decision advantage.

Security has always been one of the prime concerns for any growing business. In a world where technology is continually evolving, companies are constantly stumbling onto new vulnerabilities. One wrong move in the data management space and companies leave themselves vulnerable to shattering attacks. The increasingly multifaceted landscape means that more groups are turning towards a zero-trust security framework. This approach asks companies to take their security enforcement strategy to the next level and recognize that existing approaches don't offer enough defense.

Ransomware attacks have become some of the most prolific and public intrusions over recent years. Within a matter of hours, organizations can go from normal operations to having an inoperable network and being extorted for tens of millions of dollars. On this webcast, SANS instructor and author Matt Bromiley, as well as sponsor representatives, will share their thoughts on modern detection and response techniques for ransomware breaches

Unmanaged endpoints like IoT devices represent a significant and growing risk surface. Network Detection and Response (NDR) solutions monitor network traffic to generate rich security evidence that enables asset inventory, vulnerability assessment and threat monitoring. In this presentation, experts from Corelight and Microsoft will walk you through how it works and how it can improve your security posture.

This bone-chilling webinar will cover: A spine-tingling hands-on-keyboard scenario of a motivated and capable insider threat working with the ghoulish adversary. Use of realistic and terrifying exploits and offensive security tools to simulate adversary TTPs, and how organizations are able to hunt for them. A practical threat hunting session demonstrating true behavioral hunting that walks participants through not only how the attack was carried out, but also how they can hunt for this insidious behavior in their own environments.

With increases in remote work, VPN and RDP services are prime targets for gaining unauthorized access to organizations. RDP services secured by passwords are subject to brute-force guessing and credential stuffing attacks, not to mention remote exploitation. Advisories are using RDP to gain initial access to organizations and then pivot to distribute and spread ransomware. In this technical training, we will take a deep dive look at threats to RDP services, adversarial TTP involving RDP, and explore how artifacts from encrypted RDP sessions are leveraged to build detections.