VIRTUAL THREAT HUNTING WORKSHOP

What separates security pros from security liabilities?


Due to demand for a deeper dive into cybersecurity, Mindsight is hosting a Virtual Threat Hunting Workshop presented by Bill O'Malley from Cisco. Experience real-world scenarios to develop your skills and test your abilities. In this 4-hour workshop, you will learn the best practices for threat hunting, be taught how to incorporate threat hunting into your daily workflow, and get real hands-on experience. 

For those who attended our first workshop earlier in the year, you will be glad to find we're introducing two new scenarios in addition to the original four. Completing the Olympic Destroyer scenario will unlock all the the other scenarios.

Any users who complete 5 labs will receive a certificate of completion and earn 8 CPE credits. Users will have access to the labs until Friday, October 23rd, 2020. 

The Original scenarios:

Olympic destroyer (25-40 Minutes) [CTR/AMP/TG]

Your CIO read about a recent threat “Olympic Destroyer”. Concerned that other threat actors may be able to reuse this malware, the CIO is asking if this threat is being blocked or if we need to update to be protected.

APT 29 (60-75 minutes) [CTR/AMP]

The FBI alerted your CIO that a hacking group, is increasing the number of attacks on your industry. How will you determine what their tactics, techniques, and procedures are? How do you find if any evidence is in your environment?

Fish the phish (30-45 minutes) [CTR/SMA]

One of our IT analysts noticed a phishing domain that was caught by Umbrella. We have decided to investigate further in our environment to see if we can determine the source of the offending URL. Unfortunately, we have not deployed AMP for Endpoints to this user's computer, so we don't have visibility on his machine. We were able to identify the specific link by looking at the user's browser history, but unfortunately, the user has no recollection of where the link came from. Now we will investigate to determine the source and to see if we can identify any further steps to prevent this in the future!

VPN Filter (30-45) [CTR/UMB/INV]

The CIO saw a Twitter post mentioning a threat called "VPNFilter" that has infected over half a million routers worldwide. While none of our corporate routers should be affected, the CIO wants to know if there are any infected "Shadow IT" devices connected to our network and if so, if our security products are blocking this threat or not.

The NEW scenarios:

poison ivy (60-75 min) [ctr/amp/tg/sma/umb/orb]

One of your users is suddenly unable to access the Internet. It appears your EDR has automatically isolated that machine from the network, but why? It's up to you to determine the scope of the threat, contain it, and eradicate it in your environment.

BiFrost (60-75 min) [ctr/amp/tg]

One of your users is suddenly unable to access the Internet. It appears your EDR has automatically isolated that machine from the network, but why? It's up to you to determine the scope of the threat, contain it, and eradicate it in your environment.

The Tools:

Cisco threat response (CTR)

A cloud-based research tool which automates integrations across Cisco Security products and threat intelligence sources.

AMP for endpoints (AMP)

A cloud-based endpoint protection platform (EPP) and endpoint detection and response (EDR) software, providing a total endpoint protection solution.

AMP orbital (orb)

Advanced Search tool with over a hundred pre-canned queries, allowing you to quickly run complex queries on any or all endpoints.

Threat grid (TG)

Cloud-based analysis tool combining advanced sandboxing with threat intelligence built into one unified solution.

Email Security (SMA)

Keep your cloud-based email safe and productive by stopping phishing, spoofing, business email compromise and other common cyber threats.

Umbrella (umb)

A cloud security platform that provides the first line of defense against threats on the internet for endpoint on and off the corporate network.

Umbrella Investigate (INV)

Research tool that gives complete view of relationships and evolution of internet domains, IPs, and files exposing current and developing threats.

Register Now

The Details:

Wednesday, October 21st, 2020 from 9:00 AM - 1:00 PM

Virtual Event hosted on Webex

**We suggest that you have 2 monitors for this workshop, or else it may be difficult to follow along during each scenario.**

The Presenter:

bill omalleyBill O'Malley, Cisco Technical Solutions Architect

Having worked for multiple Fortune 500 companies as a Security Team Lead, Bill has over 25 years of IT experience primarily focusing on networks, IT security, PCI, and keeping the bad guys out. For the last 8 years, he has worked for Cisco as a pre-sales systems engineer for all things security and has focused on Endpoint, AMP, Threat Grid, and Cisco Threat Response (CTR).

cisco