Audits strengthen business operations, yet many organizations are fearful of the process, rather than seeing the benefits of audits. In this webinar, you get better insights in the auditing process and how you can use audits to strenghten and mature your overall risk programme.
Endpoint Detection & Response and the Feedback Loop – Webinar 25 November 2020
25 november 2020 – Cyber Security Coalition
Absence of evidence is not evidence of absence! This aphorism is more than ever valid in Cyber Security, people stating that they never had a breach probably simply do not know that they have been breached.
This presentation given by Luk Schoonaert – Director of Technology @ Exclusive Networks, Value Add Distributor of Emerging Technologies – elaborates on detection techniques and best practices in order to increase incident detection rates and collecting evidence. The importance of detection capabilities on the endpoints (EDR) is explained certainly given the fact that the visibility on network level is decreasing ironically enough due to security evolutions resulting in more and more encrypted network traffic. And moreover, thanks to EDR, response actions (isolation, cleaning) will be much easier since most EDR agents offer this possibility.
But if you want to detect something, you have to know what to look for! If you are only looking for Indicators Of Compromise (IOC), you are looking for artefacts: presence of known malware (signature based) and connections to malicious sites. You are not only reactive but will also miss a lot that is not in your signature or malicious sites databases. A complementary and even better way of working is TTP’s: Tactics, Techniques and Procedures. In an nutshell, TTP is about Behaviour Analysis searching for typical behaviour of intruders but also searching for deviations from the baseline. Machine learning and automation (SOAR) are emerging capabilities in helping here finding the bad guys.
Another dimension in Detection and Response is pro-active versus reactive. Traditional Incident Response is reactive: it is responding to a PIVOT triggered by an alert or an incident. On the other hand, when using Threat Hunting Capabilities, there is no alert, you are looking for a PIVOT, pro-actively. And thanks to a feedback loop, security architects get relevant threat intelligence from security operations to build risk models to evolve the infrastructure, operational capabilities and the overall security posture. And last but not least, to conclude, do not forget to include your business stakeholders in the feedback loop! At the end of the day, the business is responsible for the risk management and has to be in the loop in order to guarantee security by design!
This webinar focuses on the context of information security through governance, more particularly on the key role of the CISO and the value of COBIT as a digital governance framework for information security activities supported by the presentation of a best practice.
This webinar presents the building blocks of an effective organization-wide risk management and explains the requirements for IT risk management certification.
In this Cyber Talk you gain insights in advanced threats outside your organisation and what you could potentially do to protect you from them.
In this first webinar of the GRC: Be Connected! series, some very basic aspects of cyber security are treated: how to manage necessary skills, what about frameworks, where to find knowledge.