In the face of an emerging security incident, how you respond isn't just about your technical abilities; the need to quickly respond to and remediate a situation will challenge how you make decisions in the heat of what can potentially become a crisis. Attacks like the recent Sunburst attack via Solarwinds makes it clear that even the most well-patched environments can be susceptible to vulnerabilities found within third-party solutions – this means that you need to have a solid ability to begin investigating what's happening, decide where to put your focus, and communicate with senior decision makers quickly.
But how can you prepare for and develop better decision-making skills for addressing a scenario like Sunburst that has never happened before?
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat in this webcast and will cover how decision-making is the real litmus test of incident response, why it’s a challenge, and discuss practically how poor decision-making skills may have added to the impact of the Sunburst breach.
Nick will be joined by Kev Breen, Director Cyber Threat Research at Immersive Labs, who will walk you through a unique interactive experience where you will individually test your skills live during the webcast to see whether you have the decision-making skills to quickly and accurately respond, using an attack scenario that mimics the Solarwinds compromise. You’ll be asked to piece together available intelligence and make decisions in the face of evolving scenario events.
Next, Kev will talk a bit about how he thinks Solarwinds was compromised, using a lab environment to demonstrate how to:
- Identify Indicators of Compromise – Using a set of Yara Rules from FireEye, Kev will show how to determine whether the malicious version of the Solarwinds DLL is in use
- Analyze Malware – According to open source malware reports, there is a Domain Generation Algorithm that creates unique C2 domains for each installation. Kev will explore the DLL and identify the DGA, discussing how it avoids detection in your network.
This real training for free event will be jam packed with technical detail and real-world application. Register today!