Gain the Decisive Advantage to Secure the Enterprise

Detect and Prevent Lateral Movement

In the early stages of an attack, when attackers perform recon of the environment and identify potential avenues of attack, their main objective is to be stealthy. They are looking to make initial access undetected so that they can move laterally throughout the network before gaining privilege escalations that will allow them to move closer to their intended target. Understanding the attackers motives is key.

• What is Lateral Movement
• Common stages of lateral movement
• Recon, Credential dumping and privilege escalation
• Preventing Lateral Movement

_______________________________________________________________________________________

Align Visibility for Post Breach Detection and Response

Threat actors are constantly adapting their tactics, techniques and procedures to evade preventive defenses and as a result, consideration of detection and response capabilities has never been more vital. In this webinar we discuss why organisations can no longer rely on a prevention-only strategy, and how the right depth of visibility can better enrich rapid post-breach detection and response.

• Why prevention isn’t enough
• What issues are hindering detection capabilities for organisations like yours
• The benefits of a detection and response approach
• How Fidelis products can help take your visibility and detection and response capabilities to the next level

_______________________________________________________________________________________

The Art of Persistence

Persistence facilitates longer dwell times, during which the adversary can work to achieve their objectives. Join us for a live webinar to understand how an adversary’s need for persistence can provide defenders with valuable opportunities to detect and remove an attacker from their environment.

• Why Persistence?
• Common persistent locations
• Detecting persistence

_______________________________________________________________________________________

SOC automation – improving efficiency and effectiveness 

Security analysts often have more alerts than they can typically triage and investigate, giving attackers more time to evade detection and taking longer for SOCs to respond. The result is that once attackers break in, they often stay hidden inside for too long – moving laterally and stealing sensitive data. Join us for a live webinar to understand the specific challenges facing many SOCs and the opportunities to improve their efficiency and effectiveness, including:

• Alert overload and how to automate alert triaging and prioritisation
• The importance of integrating security controls to speed investigations, remediation and control
• How to standardise and automate processes for threat detection and response
• Identifying meaningful SOC metrics to use for understanding effectiveness/ineffectiveness

_______________________________________________________________________________________

Detecting WMI Event Consumers

(WMI) Event Subscription is a popular technique to establish persistence on an endpoint. The best attackers have gravitated towards WMI because it is fairly difficult to detect and mitigate in the modern enterprise. However, there are multiple techniques you can use to discover evil WMI activity.

• What are Event Consumers
• The Detection Challenge

_______________________________________________________________________________________

Stack Rationalisation & Proactive Defense

As new threats have emerged over time, many organisations have purchased different cybersecurity products to solve single problems, often from different vendors, as part of their overarching security infrastructure. This strategy results in duplicative capabilities, a lack of interoperability and further reduced visibility – all of which add complexity without providing any added security benefits.

• Benefits of automating the processing and analysis of threat information from multiple sources to quickly identify and mitigate network security threats
• EDR & NTA
• Reducing Risk
• Reducing OPEX

_______________________________________________________________________________________

Data Exfiltration

Data exfiltration is a very real threat for the enterprise. Attacks can be conducted manually by authorised employees with access to company systems or through external malicious actors who have gained access. The ability to detect and ultimately prevent data leakage or theft is core to cybersecurity defense.

• Detection Queries
• Detection on the Endpoint
• Detection on the Wire (Network)
• Prevention Responses

_______________________________________________________________________________________

EDR vs AV

Traditionally, antivirus has been sufficient to protect your organisation’s endpoints. EDR is the next level of protection – so what is the difference between antivirus vs. EDR?

• Signature-based vs Behaviour-based detection
• Real time response
• The value of metadata