00:11 Panelist Introduction
00:38 Webinar Agenda
01:22 Security Threats by the Numbers
01:26 82% of incidents have counter incident response associated with them.
02:52 Detecting Emerging Attacks
02:59 [Counter incident response] are the activities that the adversary takes when they know that you’re either onto them—vis-à-vis you’ve stopped some executable, detected what they’re up to, and moved them into another environment.
04:04 Island hopping is the phenomenon of getting onto one piece of infrastructure inside of an environment and now leveraging that infrastructure to go attack partner networks or anything that’s connected to the infrastructure.
06:40 “We really have to pay attention to what’s happening within our network and on our endpoints and be able to detect those anomalies after we form a really good baseline.” – Taree
07:44 “You can’t just rely on network detection because oftentimes you’ll see the attackers hiding in common traffic. From an endpoint standpoint, you need some type of network data to determine what resources were accessed and what the actual attacker was looking after. Endpoints hold a lot of valuable information, especially surrounding what types of commands are being run.” – Taree
08:43 Threat Hunting Best Practices
09:17 “As adversaries are getting more sophisticated in their attacking methodologies, you have to look at the behavior: if they’re trying to blend in, if they’re trying to be stealthy, if they’re pivoting tactics, they’re still going to exhibit behavior to get to their end goal that’s in very stark contrast to what a normal user would be doing on their network.” – Eric
14:36 “There’s a lot of things that organizations need to do in order to understand what’s on their network, understand what’s normal, and then build detections around pointing out the abnormal. That way analysts won’t be inundated with numerous alerts of the exact same thing every day.” – Taree
17:11 Basics to Focus Your Detection Program On
18:28 Fighting Back Against the Biggest Cybersecurity Threats
20:59 Rapidly Evolving Business Environment
26:17 Best Practices for Transitioning Endpoints from WFH to the Office
28:26 Disabling Security Tools
42:39 Lateral Movement
43:58 “Now that we can put this contextual picture together [with detection tools], we have an opportunity to figure out which part of our real estate isn’t owned by us and kick the cyber squatters out.” – Rick
52:09 How Can We Be Future Ready?
54:27 “Whether it’s work from home or satellite or HQ, there’s a couple things that don’t change: the data—which is still critical, whether it’s on an endpoint or a data center—and credentials.” – Eric
55:15 “No matter how secure you and your organization are, the people you’re working with maybe aren’t as secure, so make sure that with any trusted relationships you have with vendors, you’re not giving them admin credentials and are locking down any type of access that they have.” – Taree
55:53 Additional Resources