Special Webcast: What’s Next in Automation Support: Part 2 of the SANS Automation and Integration Survey – March 21, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Barbara Filkins, Matt Bromiley and Emily Laufer

In this second installment of a two-part webcast, attendees will dig deeper to learn how they can overcome their challenges and enhance their automation programs. This webcast will provide actionable advice for next steps in meeting the challenges and achieving the benefits of security automation.

Discussion will focus on:

  • Respondents top requirements for automating security operations center (SOC) and incident response (IR) tasks
  • Key activities supported by automation
  • Enhancements achieved by automation
  • Best practices

Click here to register for the Part 1 webcast, held on Tuesday, March 19 at 1 PM Eastern. That webcast provides the basis for this webcast, including the types of activities being automated, implementation of automation and challenges associated with automating SOC and IR functions.

Be among the first to receive the associated whitepaper written by SANS Analyst Program Research Director Barbara Filkins, with advice from SANS Analyst and Incident Response Expert Matt Bromiley

Ask The Expert Webcast: Hiding in Plain Sight: Dissecting Popular Evasive Malware Techniques – March 20, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Jake Williams, Rohan Viegas, Tamas Boczan

Join SANS Analyst Jake Williams, VMRay Senior Threat Researcher Tamas Boczan and Product Manager Rohan Viegas as they take a deeper look at pervasive evasion techniques malware authors use to circumvent detection. This webcast will explore:

  • The strategies used to evade AV and sandbox detection
  • Trends in popular evasion techniques
  • Actionable defense tactics

Drupal Releases Security Updates

This post was originally published on this site

Original release date: March 20, 2019

Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Security Adisory and apply the necessary updates.

 


This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Advisories for Multiple Products

This post was originally published on this site

Original release date: March 20, 2019

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Special Webcast: Osquery: A Modern Approach to CSIRT Analytics – March 20, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Dave Shackleford and Milan Shah

Speed to detection and the ability to provide a comprehensive view of breached systems are the bread and butter of modern CSIRTs. However, having a reliable, comprehensive and consolidated view of high-fidelity system data can often be a frustrating barrier to reducing dwell time, and activating remediation and communication plans.

Join Milan Shah, Uptycs Co-Founder and CTO, as he explores how the open source, universal agent, osquery, is providing a single view of the truth with a comprehensive data set inclusive of 100s of system attributes across operating systems, containers and cloud workloads. Then, see how Uptycs Osquery-Powered Security Analytics Platform further enhances incident investigation with query speeds that match your train of thought, complete historical state recreation, hundreds of performance optimized pre-scheduled queries for continuous monitoring, and more.

Attendees of this webinar will gain an understanding of:

  • How osquery works, and what data it collects
  • How osquery would fit into a comprehensive IR capability (integration with existing tooling, required team skills, etc)
  • How Uptycs reduces the time and costs associated with deploying osquery at scale

Mozilla Releases Security Updates for Firefox

This post was originally published on this site

Original release date: March 19, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Ending Support for Windows 7

This post was originally published on this site

Original release date: March 19, 2019

All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free:

•         Technical support for any issues
•         Software updates
•         Security updates or fixes

Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.

 


This product is provided subject to this Notification and this Privacy & Use policy.

New – Gigabit Connectivity Options for Amazon Direct Connect

This post was originally published on this site

AWS Direct Connect gives you the ability to create private network connections between your datacenter, office, or colocation environment and AWS. The connections start at your network and end at one of 91 AWS Direct Connect locations and can reduce your network costs, increase throughput, and deliver a more consistent experience than an Internet-based connection. In most cases you will need to work with an AWS Direct Connect Partner to get your connection set up.

As I prepared to write this post, I learned that my understanding of AWS Direct Connect was incomplete, and that the name actually encompasses three distinct models. Here’s a summary:

Dedicated Connections are available with 1 Gbps and 10 Gbps capacity. You use the AWS Management Console to request a connection, after which AWS will review your request and either follow up via email to request additional information or provision a port for your connection. Once AWS has provisioned a port for you, the remaining time to complete the connection by the AWS Direct Connect Partner will vary between days and weeks. A Dedicated Connection is a physical Ethernet port dedicated to you. Each Dedicated Connection supports up to 50 Virtual Interfaces (VIFs). To get started, read Creating a Connection.

Hosted Connections are available with 50 to 500 Mbps capacity, and connection requests are made via an AWS Direct Connect Partner. After the AWS Direct Connect Partner establishes a network circuit to your premises, capacity to AWS Direct Connect can be added or removed on demand by adding or removing Hosted Connections. Each Hosted Connection supports a single VIF; you can obtain multiple VIFs by acquiring multiple Hosted Connections. The AWS Direct Connect Partner provisions the Hosted Connection and sends you an invite, which you must accept (with a click) in order to proceed.

Hosted Virtual Interfaces are also set up via AWS Direct Connect Partners. A Hosted Virtual Interface has access to all of the available capacity on the network link between the AWS Direct Connect Partner and an AWS Direct Connect location. The network link between the AWS Direct Connect Partner and the AWS Direct Connect location is shared by multiple customers and could possibly be oversubscribed. Due to the possibility of oversubscription in the Hosted Virtual Interface model, we no longer allow new AWS Direct Connect Partner service integrations using this model and recommend that customers with workloads sensitive to network congestion use Dedicated or Hosted Connections.

Higher Capacity Hosted Connections
Today we are announcing Hosted Connections with 1, 2, 5, or 10 Gbps of capacity. These capacities will be available through a select set of AWS Direct Connect Partners who have been specifically approved by AWS. We are also working with AWS Direct Connect Partners to implement additional monitoring of the network link between the AWS Direct Connect Partners and AWS.

Most AWS Direct Connect Partners support adding or removing Hosted Connections on demand. Suppose that you archive a massive amount of data to Amazon Glacier at the end of every quarter, and that you already have a pair of resilient 10 Gbps circuits from your AWS Direct Connect Partner for use by other parts of your business. You then create a pair of resilient 1, 2, 5 or 10 Gbps Hosted Connections at the end of the quarter, upload your data to Glacier, and then delete the Hosted Connections.

You pay AWS for the port-hour charges while the Hosted Connections are in place, along with any associated data transfer charges (see the Direct Connect Pricing page for more info). Check with your AWS Direct Connect Partner for the charges associated with their services. You get a cost-effective, elastic way to move data to the cloud while creating Hosted Connections only when needed.

Available Now
The new higher capacity Hosted Connections are available through select AWS Direct Connect Partners after they are approved by AWS.

Jeff;

PS – As part of this launch, we are reducing the prices for the existing 200, 300, 400, and 500 Mbps Hosted Connection capacities by 33.3%, effective March 1, 2019.

 

Now Available: Recording of Chinese Malicious Cyber Activity Briefing

This post was originally published on this site

Original release date: March 19, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs).   

CISA encourages MSPs and their customers to view the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity and to review the page on Chinese Malicious Cyber Activity for more information.


This product is provided subject to this Notification and this Privacy & Use policy.

Special Webcast: The State of Automation/Integration Practice: Part 1 of the SANS Automation and Integration Survey – March 19, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Barbara Filkins, Matt Bromiley, Dan Cole, Stan Engelbrecht and Darren Thomas

Enterprises are striving to keep up with the current threat landscape, while continuing to rely on manual processesand struggling with a continual lack of resources, skills and budgets. Security and risk management leaders must consider what security automation and integration can do to improve the efficiency, quality and efficacy of security operations.

This first installment of a two-part webcast will begin that discussion and outline what survey respondents have defined as the current state of their efforts at security automation, integration and workflow orchestration. Attendees will hear survey results on such issues as:

  • The number of processes that are truly being automated
  • The level of automation being implemented
  • Problems in automated environments today
  • What challenges implementers face

The second webcast, held on Thursday, March 21, at 1 PM Eastern, builds on these results to look at what comes next for automation support. Click here to register for that webcast.

Be among the first to receive the associated whitepaper written by SANS Analyst Program Research Director Barbara Filkins, with advice from SANS Analyst and Incident Response Expert Matt Bromiley.