workshop: Threat Hunting Workshop
Become the hunter In the heat of a crisis, every keystroke counts and indecision could cost your organization millions of dollars. Join Cisco's Threat Hunting Workshop to develop your skills and test your abilities. At the end of the workshop you will be armed with knowledge and hands-on experience in hunting down threats and defending networks against advanced adversaries.Get your hands dirty to keep your organization clean. In order for your businesses to continually innovate and transform, it must remain secure. To do this, you need a comprehensive security strategy that will enable you to gain visibility and control into all endpoint devices. Join Cisco’s Advanced Threat Solutions Specialists for this hands-on threat hunting workshop to learn: How to identify advanced threats that lurk in your environment, What is your exposure to emerging threats and how should you respond, How to regain resources and minutes by reducing time to remediate.
What should you expect? In the heat of a crisis, every keystroke counts and indecision could cost your organization millions. What separates security pros from security liabilities? A plan – and practice.
Join this Threat Hunting Workshop to develop your skills and test your abilities. In this full-day workshop, you will uncover best practices for threat hunting, learn how to incorporate threat hunting into your daily workflow, network with your peers to share strategies and techniques, and execute four real-world lab scenarios: Hunt and Contain A new threat is making headlines and your executives want complete answers fast. You need to know if it is inside your organization and how to contain it. Catch the Phish You have evidence that a remote user was phished. Follow the attack from entry to execution. Event Overload Hundreds of events are clamoring for your attention, but you have a plan to prioritize and execute a response. Screenshot Holds the Clue There’s not much to go on – just a single screenshot – but that’s all you need to trace the attack back to the entry point.
What will you learn? Lab 1: Olympic Destroyer
The CIO read a front - page news article on something called “Olympic Destroyer”, which was recently used to disrupt the Winter Olympic Games in Pyeongchang. The news article suggests that other threat actors may be able to reuse this malware in a commodity attack against other
targets. The CIO is asking if our security products are already blocking this threat or if we need to update to be protected.
Lab 2: Bifrost One of your users was phished. The attacker was very careful, using a legitimate email account belonging to an employee of a catering company that you’ve done business with in the past. The email didn’t contain any active code or malicious attachments – just a link to a website that looked very similar to a portal that is sometimes used for invoicing, but in this case, the “ invoice ” was actually a powerful piece of malware. We were able to trace the name of the file that was downloaded by querying our firewall, which intercepted the file and sent it to the cloud sandbox for analysis. Unfortunately, the file was already on its way to the victim’s computer when the alert came back for a malware detection.
Lab 3: Poweliks It’s early in the workday and you log in to AMP and see a lot of activity in the dashboard. In fact, if you look at your Events tab, you might see hundreds or even thousands of individual malware detection events. Which event type do we start with? How do we better group these and get a handle on them? Are any of these events connected to one another? If they are connected to one another how? Are they part of the same campaign? If they are, we can minimize our response actions and de-duplicate efforts
-that is, the action for a single system will likely be the same for the others impacted by the same campaign or event.
Lab 4: Threat Hunting John Doe from Human Resources is working on hiring additional security engineers for your
department. Unfortunately, this morning John let you know that he tried to open a resume from an email attachment, but it did not open correctly - instead of a document, he saw a command prompt window pop up on his desktop. John doesn't remember anything about the email message subject, sender, or file attachment name, but he did take a screen capture of his desktop
Skill Requirements: The Cisco Threat Hunting Workshop is designed for one and all. You do not need an in-depth understanding of security operations or Cisco security products to successfully complete and understand the labs. The labs provided will be a step-by-step guide to follow with ease and understand today's sophisticated threat landscape and successfully secure your network before, during and after an attack. Moreover, this will entail threat hunting capability for your mobile and BYOD endpoints, branch, headquarter, and your multi-cloud environments. Access to all the required products and tools will be provided.
Supporting File(s)?: Threat Hunting Workshops.pdf , THW 180724.JPG, THW pic1.jpg and Threat Hunting Workshop Lab Guide.pdf
Start time: 14:15