All about the power of incident response

Incident Response service: Numbers, challenges and tactics

Kaspersky’s Incident Response Team faces daily challenges as it handles information security incidents as a third-party service provider, constantly using its experience and expertise to offer complete analysis and quick recovery successfully. To completely eliminate threats, the team covers the entire incident investigation cycle, getting involved in containment, digital forensics investigation and malware analysis, as well as helping to improve security processes after incidents.

In this talk, Digital Forensics and Incident Response Manager of Kaspersky Global Emergency Response Team (GERT), Ayman Shaaban, will share his knowledge of the latest incident trends based on his day-to-day experiences. He will also present statistical analysis of recent incidents aimed at financial organizations, government agencies, industrial bodies and more.
This webinar session will discuss:
•The GERT team and IR services
•The most frequent reasons our incident response service was requested
•Attack vectors
•How different types of attack effect different types of businesses
•Attack scenarios and the details of some of the most noteworthy cases
•What can help in reducing the risk of getting compromised

Daily interaction with organizations that seek assistance with full-scale incident response helps Kaspersky’s Incident Response Team understand the latest cyberthreat trends. After analyzing data containment, digital forensics investigations and malware analysis, as well as helping to improve security processes following incidents, the team now has a great knowledge base with statistical data of recent incidents.

After this panel discussion with experts from different organizations, attendees will understand the latest trends in attack scenarios and the details of some of the most noteworthy cases they faced. This session will be of special interest to representatives of financial organizations, government agencies, and industrial bodies, as well as others.

Webinar's speakers:
• Chris Kubecka, CEO and Founder of HypaSEC, previously established security after Shamoon attack against Saudi Aramco in 2012 – will discuss how global corporates manage cyber risk and what should be changed in their approach to the incident response
• Ayman Shaaban, Digital Forensics and Incident Response Manager of Kaspersky Global Emergency Response Team (GERT) – will share his knowledge, based on his day-to-day experiences. He will present statistical analysis of recent incidents, the most frequent reasons why the Kaspersky incident response service was requested, and tools used in the attacks
• Dr. Serge Droz, Chair of the Board of directors of the Forum of Incident Response and Security Teams (FIRST) and seasoned incident responder working at Proton Technologies, will share his vision of global incident response as well as some interesting cases from his practice.

At Kaspersky, we deliver solutions that cover the entire incident response cycle to eliminate threats to our customers completely. The Incident response analytics report includes statistics of adversaries’ cyber incident tactics and techniques used in the wild, which come from our daily practices.

In this webinar, Ayman Shaaban, Digital Forensic and Incident Response Manager at Kaspersky, will talk through the results and findings of the report. Attendees will obtain in-depth knowledge of the insights and trends discovered during the investigations by the Kaspersky team, including:
• Reasons to implement an incident response
• The most common initial attack vectors
• Tools and exploits adversaries typically use
• Statistics on the attack and incident response duration
• Observations and recommendations based on analysis of incident statistics

According to Kaspersky Incident Response Analyst report, an incident can exist undetected in the system for hours and days to months and even years - compromising your data all this time. This is why incident response skills are crucial for identifying the breach and stopping further damage.
In this webinar you will get onboard with experts Ayman Shaaban and Kai Schuricht from Kaspersky’s Global Emergency Response Team (GERT). They will go through the stages of the IR process and carry out live analysis of the traces of a real-life malware sample from an infected machine. If you want to kick off your career as an incident responder or level-up your IR skills, book your seat now.
Join the webinar for:
IR process stages in a nutshell
Live analysis with PowerShell (including practical session)
Questions and Answers
Ayman and Kai will also introduce you to their new Kaspersky training, Windows Incident Response – a comprehensive course designed to help you become a better IR expert or increase the skills of your in-house IR team.
This practice-focused course offers a detailed step-by-step investigation into the real REvil ransomware case. You will follow the course leaders to perfect incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR.
Be sure to follow the webinar closely as all participants will have a chance to WIN 6-months’ free access to the Windows Incident Response course worth $1,400!

The threat landscape is changing rapidly. It’s becoming incredibly challenging to effectively respond to emerging complex and advanced cyberthreats without a 360-degree view of the tactics, techniques and procedures used by threat actors. Immediate access to relevant and reliable threat intelligence (TI) makes your incident response and SOC teams more efficient and effective, arming them with the threat context required to quickly respond to cyberattacks.
In this webinar, you will see a demonstration of the incident investigation process with the help of different Kaspersky threat intelligence services. Kaspersky experts will present:
• How to validate specific suspicious activities or artefacts
• Analyses of the relationships between objects to see the attack spread path
• How to get more context about observables and understand if they can be attributed to a known threat actor
• How relevant TI context can speed up incident response process

Join this webinar to get actionable information that will help you plan and develop your own security operations strategy and will guide you towards practically proven solutions. During the webinar, Roman Nazarov, Head of SOC Consulting at Kaspersky, will provide a comprehensive review of our consulting services – SOC Maturity assessment and SOC Framework development – and share informative insights based on successfully completed projects, including:
• The most common SOC services and their dependence on customers’ business areas
• Typical internal SOC processes and organizational structure and what influences them
• Common issues in security operations and how they’re mitigated
• Where to learn security operations and threat hunting in theory and practice

Kaspersky Security Operations Center provides consulting services for customers who aren’t ready to outsource their operations to a Managed Detection and Response team but want to develop internal security operations practices.

A new Kaspersky online cybersecurity course ‘Security operations and threat hunting’ helps SOC analysts and other staff dealing with security operations understand the SOC structure, plan and organize security monitoring, and master threat hunting.

Everyday Kaspersky Global Emergency Response Team (GERT) helps organizations all over the world with full-blown responses and expert advice for internal incident teams.

Responding and providing expert analysis for internal incident response teams, enables our experts to gain a holistic overview of any cyberthreat trends, and to summarize observations into statistical analysis of recent incidents.

Join this webinar to explore the most common attack scenarios based on 2021 incident investigations. Ayman Shaaban, Digital Forensic and Incident Response Manager at Kaspersky will share knowledge with you and guide you through the following points:
• Top targeted regions and industries
• Most common initial compromise vectors
• Adversarial tools and tactics
• Attack duration and impact
• Expert incident response recommendations

The walkthrough: Kaspersky security operations and threat hunting training

Presented by
Sergey Soldatov, Head of Kaspersky Security Operations Center
About this talk
Gain intimate hands-on experience about protecting and securing your business infrastructure through Security Operations Center (SOC) in the brand-new Kaspersky XTraining course “Security Operations and Threat Hunting”. Join the webinar of the course leader Sergey Soldatov, who will not only guide you through the extensive course material but also familiarize you with SOC infrastructure. He will also explain SOC attack hunting and mitigation tactics and offer you a sneak peek at the numerous exercises within restricted virtual labs.

During the webinar, Sergey will also introduce you to a simple scenario of malicious persistence in Windows through a service creation by the means of a C&C. The expert will demonstrate how SOC analysts tackle this issue using the virtual lab environment.

In the webinar you will:
● Learn about the Security Operations & Threat Hunting Training structure and material
● Participate in a practical session with threat hunting for malicious persistence
● Acquire tools and experience shared by the Head of Kaspersky SOC with 20+ years in the business
● Get a chance to get the answers to your questions directly from the course author!

The new Security Operations and Threat Hunting course by Kaspersky Expert Training guides you through the realms of Security Operations, including detecting and investigating malicious activities in Windows and Linux, threat hunting with Elastic stack, and includes various virtual environments where you can get hands-on practice.