Virtual THREAT HUNTING WORKSHOP

What separates security pros from security liabilities?


A plan—and practice. Join Mindsight and Cisco for this Virtual Threat Hunting Workshop to develop your skills and test your abilities. In this 4-hour workshop, you will learn the best practices for threat hunting, be taught how to incorporate threat hunting into your daily workflow,  and get hands-on with four real-world scenarios.

The scenarios:

Olympic destroyer (25-40 Minutes) [CTR/AMP/TG]

Your CIO read about a recent threat “Olympic Destroyer”. Concerned that other threat actors may be able to reuse this malware, the CIO is asking if this threat is being blocked or if we need to update to be protected.

APT 29 (60-75 minutes) [CTR/AMP]

The FBI alerted your CIO that a hacking group, is increasing the number of attacks on your industry. How will you determine what their tactics, techniques, and procedures are? How do you find if any evidence is in your environment?

Fish the phish (30-45 minutes) [CTR/SMA]

One of our IT analysts noticed a phishing domain that was caught by Umbrella. We have decided to investigate further in our environment to see if we can determine the source of the offending URL. Unfortunately, we have not deployed AMP for Endpoints to this user's computer, so we don't have visibility on his machine. We were able to identify the specific link by looking at the user's browser history, but unfortunately, the user has no recollection of where the link came from. Now we will investigate to determine the source and to see if we can identify any further steps to prevent this in the future!

VPN Filter (30-45) [CTR/UMB/INV]

The CIO saw a Twitter post mentioning a threat called "VPNFilter" that has infected over half a million routers worldwide. While none of our corporate routers should be affected, the CIO wants to know if there are any infected "Shadow IT" devices connected to our network and if so, if our security products are blocking this threat or not.

The Tools:

Cisco threat response

A cloud-based research tool which automates integrations across Cisco Security products and threat intelligence sources.

AMP for endpoints

A cloud-based endpoint protection platform (EPP) and endpoint detection and response (EDR) software, providing a total endpoint protection solution.

Threat grid

Cloud-based analysis tool combining advanced sandboxing with threat intelligence built into one unified solution.

Email Security

Keep your cloud-based email safe and productive by stopping phishing, spoofing, business email compromise and other common cyber threats.

 

***Registration Closed***

Registration for this event has closed as we have reached maximum capacity. Please stay tuned for more security events in the future!

The Details:

Wednesday, June 24th, 2020 from 9:00 AM - 12:30 PM

**We suggest that you have 2 monitors for this workshop, or else it may be difficult to follow along during each scenario.**

The Presenter:

bill omalleyBill O'Malley, Cisco Technical Solutions Architect

Having worked for multiple Fortune 500 companies as a Security Team Lead, Bill has over 25 years of IT experience primarily focusing on networks, IT security, PCI, and keeping the bad guys out. For the last 8 years, he has worked for Cisco as a pre-sales systems engineer for all things security and has focused on Endpoint, AMP, Threat Grid, and Cisco Threat Response (CTR).