Dealing with Ransomware Dwell Time: Investigating Days and Weeks of Threat Actions

Webinar Registration

Ransomware threat actors aren’t in and out of a victim organization quickly; it’s quite the opposite – they spend as much time as is necessary to provide them with the access needed to as many systems and data sets as they believe will give them the upper hand when both stealing data for purposes of extortion and the encryption that brings operations to a halt.

Industry data has the dwell time – the time the threat actor resides in your network undetected – measured in terms of weeks, providing them with plenty of time to remain in stealth while gaining privileged access, moving through, accessing, and modifying the victim environment as they see fit, exfiltrating data and deploying malicious executables before they finally spring the ransomware on the unsuspecting victim org.

So, how can you properly investigate weeks of threat activity post-attack to not just remediate the attack, but to learn what parts of your security stance need to be strengthened?

In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, discussing:

  • The threat of dwell time in a ransomware attack
  • Common threat actions taken to set the ransomware stage
  • The challenge of investigating dwell time post-attack
  • Incident Response resources that can assist in establishing a proactive stance

Nick will be joined by Joe Carson, Chief Security Scientist & Advisory CISO at Thycotic, who will help you understand the risks in not having visibility into threat actions. Joe will play the role of a security investigator, demonstrating the open-source timeline tool Plaso. He’ll show you how to gather evidence from within your environment and put it into chronological order, allowing you to better understand what’s transpired and how threat actions work together.

Joe will also look at a ransomware attack from an incident responder’s perspective, using the gathered evidence to craft a contextual response that remediates the attack and provides guidance to better secure the environment against future attacks.

This real training for free event will be jam packed with technical detail and real-world application. Register today!

First Name:   
Last Name:   
Work Email:  
Job Title:  
Zip/Postal Code:  
Company Size:

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor.



Upcoming Webinars
    Additional Resources