Thursday, October 18, 2018 5 months ago 09:00 - 17:30 London
So far 2018 has seen fewer ransomware attacks and government leaks in the headlines compared to the first half of 2017 – but cyber attackers haven’t abated, they’ve simply evolved.
The corporate world remains subject to an increasing number of threat actors with continuously changing techniques. Security is the top priority for organisations facing the most highly targeted attacks from top-tier threats, such as nation-states and cyber-criminal organisations.
MWR’s October Briefing will focus on the interlinking nature of offensive and defensive security, how advances in defensive security drives adaptation and reinforces offensive security, and vice versa.
By invitation only – please contact firstname.lastname@example.org with any questions.
Attendees will gain insight into the latest developments and attacker techniques, and also have the opportunity to network with peers and MWR’s experts.
For the first time at a UK Briefing, attendees will have the opportunity to to use and experience Playground, MWR’s internal training environment.
Our UK MD John Fitzpatrick will open the day with insights from different approaches to security across industries and maturity levels. What security measures are the most forward-thinking organizations taking now, which will likely become trends in the future? How can you rebalance your security investment to focus on the things that matter? We'll share creative and innovative approaches we've seen working well in organizations. Where approaches have not worked as planned, we'll share our guidance for looking at security differently to reach a state of continuous assurance.
Karmina from F-Secure Labs will introduce some of the additional insight MWR has gained from joining the F-Secure family. We’ll share a general overview of the prevalent malware threats affecting most users. We'll delve into the most common sources of infection, and we'll also share the emerging trends of the threat landscape.
Software provides the digital platforms to run companies and the channels to reach customers – but security is essential to make it work. Late-stage testing causes delays and increasing costs, driving the shift to integrated security as part of development. However, the multitude of tools and lack of standards is often a source of confusion for companies seeking to hop on the DevSecOps wagon. We’ll share successful pipeline strategies we’ve seen designed to catch preventable issues before they reach production whilst enabling rapid deployments - including policies around Dockerfiles, dependency vulnerabilities, automated tests and deployments.
Active Directory (AD) is at the heart of (nearly) every enterprise attack. To combat this, Microsoft has released the ambitious Enhanced Security Administrative Environment (ESAE) or "Red Forest" AD system architecture. Upgrading to ESAE is worth the effort – it can eliminate the majority of common AD attack strategies... but what's the best approach to take? We’ll review the strategy and benefits behind implementing an ESAE environment in five manageable stages. We'll tackle a clear explanation of LAPS, PAW, PAM, and JEA/JIT on the road to ESAE, and how to avoid common pitfalls on the way.
Some of the most effective preventive controls are also the hardest to implement without causing excessive user impact. For example, application whitelisting is consistently classed as the most effective preventive control, but can be almost impossible to implement in an enterprise environment. However, as detection capabilities mature, we have more visibility of corporate estates than ever before. This talk proposes a new approach to identifying and mitigating risks whilst minimising limits on user behaviour, using data typically used to aid detection.
An active endpoint detection and response (EDR) control on your estate will minimize your exposure to cyberattacks. But what happens when the top-tier of attackers find ways to get around those controls? Recent advances in EDR agents are forcing attackers (and MWR's red team) to adapt their tooling in order to remain undetected. We will share how MWR's red teamers are approaching these developments. This will include exploring methods of sidestepping memory analysis techniques and reducing execution of suspicious commands.
Recent advances in defensive tooling and SOC capability mean that malware using traditional Command and Control (C2) channels is now detected increasingly quickly. This talk will examine the changing landscape for attackers looking to use these channels, and for defenders looking to prevent them. For example, what are the trends in defensive tooling for the prevention and detection of C2 channels? What type of activity is being currently being detected? Finally, we'll share some of the technologies MWR has developed to evade C2 detection controls as part of our attack simulations.