Lessons Learned from a SOC Analyst: Automating the Detection, Alerting, and Remediation of Threats such as Ryuk, Cobalt Strike and Gh0st RAT

Webinar Registration

Today’s security operations – whether part of a formal SOC or not – require IT and Security teams to identify and address threats as quickly and decisively as possible. The growing list of threats, along with their methods of entry, techniques used, and means of detection and resolution have grown to a point where it’s nearly impossible to address manually.

In this real-training for free session, I’ll be joined by Sydney Coffaro, Senior Technical Advisor, SOAR and Jeffrey Gardner, Practice Advisor from Rapid7 who will discuss some of today’s most prevalent threats (such as Ryuk ransomware and the Gh0st remote access trojan) and demonstrate how automating common tasks that are manually performed everyday by incident responders can be used to simplify the detection and response to threats, including:

  • The process of gathering threat-specific artifacts to identify the threat
  • Techniques for enriching alerts to minimize false positive notifications
  • Using alert escalation scenarios to help break down barriers between IT/Security teams and your internal users
  • Containing users, endpoint, and destinations using firewall technologies to minimize attack scope and impact
  • Reverse-containment steps for the purpose of business continuity

In addition, we will discuss how to justify Security Orchestration, Automation, and Response (SOAR) solutions to automate security operations tasks, as well as provide guidance on how to get started using automation and prioritizing the work of automating security operations.

Join us for this real-training-for-free event.

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
State:  
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources