Anatomy of a Hack Disrupted: How One SIEM’s Out-of-the-Box Rules Caught an Intrusion and Beyond

Webinar Registration

True story. Names have been changed.

The information security professional was at the airport waiting for a flight when his phone rang. He glanced at caller ID. It was the office.

“Hello, this is John –“

His employer's Security Operations Center manager cut him off. “Stop yanking our chain, John. We haven't got time for your pranks.”

“What do you mean?”

“You know what I mean, you've got alerts going off down here with your pen-testing again. We don't need red herrings from you drowning out the real attackers.”

“I'm not doing anything. I'm sitting here in the airport goofing off before my flight.”

“John, I know it's you because your logon name is all over what we are looking at.”

“Tim, come on, think about it. If I was pen-testing you would I be using my own account?”

“Well if you aren't pentesting then what is going on? You've got simultaneous VPN sessions from San Francisco and Miami.”

“I'm in Denver, Tim.”

“Have you got a remote system at some Miami datacenter you're playing with?”

“Nothing in Miami. Are you serious about this?”

“Turn off your computer now, John. I'm disabling your account. You'll be on the plane anyway. When you get off the plane come straight in. I'll be here.”

So begins the fascinating discovery and subsequent investigation of a sophisticated hack that I will take you through step-by-step. It is sponsored by LogRhythm which was the SEIM that caught the intrusion with one of its out-of-the-box rules. We will show you how the security operations team tracked the intrusion with VPN concentrator logs, packet analysis, server and endpoint logs. This hack involves never before seen malware, DNS poisoning, malicious proxies and more.

This is real training for free ™ taken from the real world. Forget theory – this is a true story where it all comes together. The technology, the skills and teamwork to catch a sophisticated intrusion early on, prevent damage and then perform full remediation and responsible follow up with the infosec community.

Not only will this webinar be technically educational and fascinating. It also shows how SOC and infosec teams can work together and proves the true value and efficacy of SIEM technology when it’s done right.

Please register now and hold on for a very cool ride.

First Name:   
Last Name:   
Work Email:  
Zip/Postal Code:  
Job Title:

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Additional Resources