Name: Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
Start: 2023-10-18T19:13:00Z
End: 2023-10-18T19:13:26.000Z
Location: BrightTALK
Rating: 0

Vectra® is the leader in Security AI-driven cyber threat detection and response for hybrid cloud. Vectra’s patented Attack Signal  Intelligence™ detects and prioritizes threats across public cloud, SaaS, identity, and networks in a single platform. Vectra’s Attack Signal Intelligence goes beyond simple anomaly detection to analyze and understand attacker behavior. The resulting high-fidelity signal and deep context enables security operations teams to prioritize, investigate and respond to cyber-attacks in progress sooner and faster. Organizations worldwide rely on the Vectra platform and MDR services to stay ahead of modern cyber-attacks. Visit www.vectra.ai. 

Organizations are experiencing more complex and targeted attacks in which traditional security approaches are not enough to stop bad actors. Security investments need to diversify to include detection and response—not just prevention. The network touches everything, making NDR a foundational strategy for protecting against cyberthreats.

In this webinar, Mark Wojtasiak, VP of Product Marketing at Vectra, will provide perspective on Gartner’s® 2022 findings surrounding Network Detection and Response (NDR) solutions. You can expect to walk away with a practical framework for enhancing your organization’s detection and response capabilities, rooted in Gartner’s best-practice recommendations, including:

- Why is a need for enhanced attack surface coverage driving the growth of Network Detection and Response tooling?   
- How should you measure signal clarity and efficacy in your NDR solution?   
- What level of automation and control should you look for to better arm your team with the context they need to perform their roles exceptionally?

Unpacking Gartner's NDR Market Guide for 2022

In the era of hybrid enterprises, SOC teams are constantly faced with more: More attack surface to cover. More alerts to manage. More analyst workload, burnout and turnover. But that doesn't have to be your story. During this session, we’ll show you how to break this daunting spiral of more to achieve SOC modernization and hybrid attack resilience.

Thinking like a "Hybrid" Attacker Takes Integrated Hybrid Attack Signal

Choosing the right security assessment method can be intimidating as your attack surface grows. Penetration testing assesses vulnerabilities comprehensively, while red teaming provides a targeted, no-holds-barred approach. During this session, our experts will explore the role for both methods and their importance in securing your hybrid environments.

The Art of Red Teaming: Best Practices and Insights

Introducing the DeRF (Detection Replay Framework) — a solution addressing gaps in cloud threat detection integration. Existing tools often lack flexibility and extensibility for evolving use cases and custom attack techniques. DeRF's key design choices include segregating infrastructure deployment and attack execution permissions, catering to expanding capabilities and user roles. It's highly extensible — featuring built-in attack techniques and easy customization via YAML files —without altering core functionality. Embrace DeRF to enhance cloud threat detection and seamlessly adapt to evolving security needs.

Bridging the Gap in Current Cloud Threat Detection Tools - Meet the DeRF

We will discuss what Gartner’s recent Hype Cycle for Security Operations, 2022 tells us about threat detection and response today and where it’s going. Gartner highlights the trend towards a flexible threat detection and response architecture rooted in higher levels of integration, automation and ease of use. In this session, we dive deep into five keys near-term and long-term XDR strategy success.  During this session, we will share:

- Takeaways from Gartner Hype Cycle for security operations 
- Navigating the evolving threat detection and response ecosystem
- Why extended threat detection and response goes beyond EDR

[New Gartner Research] 5 Keys to XDR Strategy Success

Vectra MDR analysts share the top 3 challenges customers face when detecting and responding to hybrid attacks and how Vectra MDR solves them. You'll learn:

▼ The top 3 challenges customers face defending against modern hybrid attackers. 
▼ Why real time hybrid attack defense requires real-time integrated attack signal.  
▼ How real customers stopped real attacks in real-time with Vectra MDR. 

⏱️ Chapters:
00:00 - Introduction
00:36 - Agenda
01:00 - Key Challenges Companies Face in Cybersecurity
04:12 - Customers' attack signal was siloed & hidden, negatively impacting cyber resilience, SOC effectiveness and time to detect and respond
06:07 - Real life example: Ransomware Attack from VPN to Multi-Cloud
08:15 - Vectra AI & MDR Approach to Solve Challenges
08:23 - Challenge 1: The attack surface is growing and becoming more complex
10:17 - Challenge 2: There's too much alert noise, and it's getting worse
12:09 - Challenge 3: It's hard to find and retain talent, as it can be costly to identify and respond to attacks
14:30 - Real life example: Ransomware Attack detection with Vectra AI's MDR services
21:28 - Q&A

Companies Top 3 Challenges Defending Against Hybrid Attackers

MITRE and the NSA are advising organizations to implement the D3FEND framework in their security plans. This framework provides all the actions needed for security teams to counter the attacker actions defined in the Attacker Tactics and Techniques (ATT&CK) framework. In this video, we cover the following: 
► How D3FEND relates to ATT&CK 
► The benefits of D3FEND 
► Practical tips for using D3FEND to improve your security readiness 

00:00 Introduction to MITRE ATT&CK and MITRE D3FEND
02:08 Who is MITRE?
05:23 The origins of the MITRE ATT&CK Framework
07:16 What is the MITRE ATT&CK Matrix
09:14 MITRE ATT&CK Framework updates
11:14 How to understand the MITRE ATT&CK Framework
14:02 The anatomy of a MITRE ATT&CK Technique
16:05 How to use the MITRE ATT&CK Framework
16:18 The MITRE ATT&CK Navigator
16:57 Communicating around cyberattacks
18:40 Mapping and documenting the current coverage around the attack
19:47 Building defense to prevent a cyberattack
20:45 MITRE ATT&CK limitations
24:28 What is the MITRE D3FEND framework?
25:43 The History of the MITRE D3FEND framework
27:42 The anatomy of a MITRE D3FEND countermeasure
28:54 The MITRE D3FEND Navigator
29:38 How to start using MITRE D3FEND
31:19 Key takeaways about MITRE ATT&CK and MITRE D3FEND
32:40 How Vectra leverages the MITRE frameworks
35:03 Q&A around MITRE ATT&CK and D3FEND

How to Counter MITRE ATT&CK with MITRE D3FEND

At this informal fireside chat, join representatives from Sanofi, a multinational pharmaceutical company, as they share how they contend with cyberthreats and:  
- How a threat actor used social engineering to gain the trust of an employee and evaded multiple tools in their security stack
- Why only Vectra network detection and response (NDR) identified and stopped the #cyberattack, preventing a data breach
- How Vectra is being used to protect their organization against cyberthreats
- Why they prioritize NDR and endpoint detection and response (EDR) solutions within their security stack to ensure their data is not compromised

How Sanofi, a global pharmaceutical company, stopped a cyberattack with Vectra

FictoTech's hybrid Cloud environment leverages Vectra's AI to analyze billions of network events, tens of millions of AWS events, and millions of Azure AD M365 events daily, all in real time. 

On the day of the attack, Vectra raised three distinct alerts to FictoTech's SOC. Each of these alerts was directly linked to the ongoing attack. The initial alert pertained to the marketing server, where the attack originated. The second alert flagged an account that had been compromised and subsequently exploited across the data center, cloud, and SAS. The third alert identified an administrative server deep within the data center that was being used as a pivot point to advance the attack. This third alert served as a clear indicator that prompted FictoTech to respond swiftly, aiming to neutralize the adversary before any harm occurred.

While there was an early indication that FictoTech could have thwarted the attack while it was contained to the marketing server, either through Vectra's automated response or their own predefined protocols, their approach paralleled that of numerous seasoned SOCs. FictoTech's decision was to closely monitor the attack's progression, driven by their desire to gather comprehensive insights into the adversary's actions. This strategic choice aimed to facilitate a deeper understanding of the adversary's motives and techniques, subsequently enhancing FictoTech's future security measures. The confidence in their ability to meticulously track every phase of the attack allowed FictoTech to offer an in-depth walkthrough, providing an end-to-end perspective of the incident.

The Vectra AI Platform vs Hybrid Attacks [Demo 1]

Nearly three-quarters of security teams don’t know where they are compromised right now.  We call this the unknown threat, and it has been gaining steam over the past couple years given the rapid shift to hybrid cloud services, storage, applications and identity.

In this video we explore why organizations more susceptible to unknown threats. We believe it boils down to three things, where at the heart of these three things, is the vicious spiral of trying to address more with “more.”

- More attack surface exposure means more tools, which means more complexity.
- More evasive attackers mean more rules, which means more alerts and more tuning.
- More alert rules to tune and maintain means more analysts, more work and more burnout.

Learn why the only “more” security need, is more Attack Signal Intelligence. Attack Signal Intelligence is to the unknowns what Threat Intelligence is to the knowns. Unlike other “AI” approaches that look for simple anomalies to tell security teams what’s different, Vectra’s Attack Signal Intelligence tells security teams what matters.

Attack Signal Intelligence: Breaking out of the Spiral of More

Wir erörtern, was der jüngste Hype Cycle for Security Operations, 2022, von Gartner über den heutigen 'Detection & Response' Markt aussagt und wohin er sich entwickeln wird. Gartner hebt den Trend zu einer flexiblen Architektur für NDR hervor, die auf einem hohen Maß auf Integration, Automatisierung und Benutzerfreundlichkeit beruht. Wir befassen wir uns eingehend mit den fünf Schlüsselfaktoren für den kurz- und langfristigen Erfolg Ihrer XDR-Strategie und besprechen: 

- Schlussfolgerungen aus dem Gartner Hype Cycle für Security Operations 
- das sich entwickelnde Ökosystem von 'Network Detection & Response' (NDR)
- warum 'Extended Detection & Response' (XDR) über EDR hinausgeht

Neuer Gartner-Report: Die fünf Schlüssel zum Erfolg Ihrer XDR-Strategie

A well-established security operation practice is based on the well-known pillars of people, process and technology. Processes and the associated workflows are the glue that ties everything together. Optimizing and refining these processes by adopting best practices empowers organizations to improve their cybersecurity posture.

In this video we will share our best practices on how to optimally integrate Vectra in your SOC Workflow. What you will learn:

- Understanding the value of groups
- Utilizing the API for ticketing automation and SOAR integration
- Leveraging tags and notes in the platform

Best practices to overcome Security Operations Workflow Challenges

Operating a Blue Team isn’t an easy task. It is often mired in too many false positives, too few conclusive investigations, and too little gratitude when things are going right. Solving this problem doesn’t require reinventing the wheel, but it may require a little self-reflection on what’s working, what isn’t, and – critically -- why that may be for each case.

Join Tim Wade, Deputy CTO at Vectra AI, as he unpacks the why behind very practical ways security leaders and practitioners can both level-up their game, and improve their threat coverage with both less effort and better results.

The Blue Team Wins | Practical Measures To Improve Defensive Operations

Attackers target Microsoft identities for access to applications and SaaS platforms, exploiting native functions over vulnerabilities. Nobelium, linked to SolarWinds, uses native tools like Federated Trusts for ongoing tenant access. This session will reveal an attacker leveraging another native function, enabling persistent access to a Microsoft cloud tenant using lateral movement and other tactics. This vector exploits misconfigured Cross-Tenant Sync, letting attackers breach connected tenants or establish rogue configurations.

Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

Cyber Attacks

Cyber Defense

Cross Border

Cyber Incident Response

Security Breach

Social Engineering

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

Presented by

About this talk

More from this channel