Cyber Threat Workshops

Know Your Ever-Changing Surroundings:
Security Operations Intelligence

background image

In this Cyber Threat Workshop, we continue our Back to School Series by exploring the 5 Key Principles of Security Intelligence. This workshop is dedicated to the fourth principle: Know Your Ever-Changing Surrounding (Security Operations Intelligence), and will examine how to operationalize insights, determine the infrastructure chains of threat actor infrastructure, and the threat actor tooling in the global attack surface targeting your organization.

Our experts demonstrate utilizing vulnerabilities in publicized attacks to determine the scope of the attacks and determine if you or any partners you rely upon are affected or can become potential victims. The RiskIQ API is utilized to analyze large amounts of data to quickly and accurately determine the reputation of hosts and IP addresses to identify active and past threats that incident responders can use.

Graph and Identify

  • Internet Graphing and History
  • Infrastructure Chaining and Pivoting
  • Determine the scope of a vulnerability
  • Which Threat Actors are targeting particular vulnerabilities

Threat Actor Infrastructure and
Third-Party Connections

  • Expand threat search from one to thousands
  • Identify relationships and related infrastructure, including depth indicators from certificates, banners, and NetFlow
  • Determine the dynamic reputation scores of IP addresses and hosts in investigations

Broad Scope, Global Scale
Attacks (and Defenses)

  • See where and how threats become entangled with threat actor infrastructure and attack surfaces
  • Learn new techniques for attribution— from system to user to threat group
  • Find and eliminate global scale attacks originating from threat actor tooling and other threat actor infrastructure.

Our team analyzes and investigates publicized attacks to determine the threat actors, tooling, attack vectors used, and some ways to identify, stop and prevent these types of attacks. Attendees gain expertise and knowledge to allow a thorough investigation of these attacks and scale the quantity and quality of their investigations.

We explore publicized recent vulnerabilities and determine the global scale of the issue, determine if you or your partners are victims or could be affected. We use RiskIQ Illuminate and RiskIQ’s API to determine the steps needed for an investigation and then create a Jupyter Notebook to scale the investigation and make it repeatable for others. We also analyze attack surfaces for vulnerabilities and prioritize them based upon risk and known active exploits across the attack surface.

Hands-on labs and exercises show how to expose real-life malicious and risky applications, hosts, domains, and components from services to silicon—every layer of your exploitable attack surface.

Watch and Learn:

  • Introduction: Security Intelligence
  • Introduction to infrastructure chaining and internet graphing
  • Techniques for adversary-threat infrastructure tracking and attribution
  • How to identify bulletproof hosting providers
  • How to graph connected threats entangled with legitimate resources
  • Real-world use cases with hands-on exercises, labs, and investigations