In the face of an emerging security incident, how you respond isn’t just about your technical abilities; the need to quickly respond to and remediate a situation will challenge how you make decisions in the heat of what can potentially become a crisis. Attacks like the recent Sunburst attack via Solarwinds makes it clear that even the most well-patched environments can be susceptible to vulnerabilities found within third-party solutions.
But how can you prepare for and develop better decision-making skills for addressing a scenario like Sunburst that has never happened before?
In this webinar, we join the experts at Ultimate Windows Security to discuss how decision-making is the real litmus test of incident response, why it’s a challenge, and how poor decision-making skills may have added to the impact of the Sunburst breach.
We also walk through our Sunburst Crisis Sim scenario, where attendees play decision-maker in addressing this compromise, as well as showcase our Solarwinds labs to demonstrate how to:
- Identify Indicators of Compromise – Using a set of Yara Rules from FireEye, we’ll show how to determine whether the malicious version of the Solarwinds DLL is in use.
- Analyze Malware – According to open source malware reports, there is a Domain Generation Algorithm that creates unique C2 domains for each installation. We’ll explore the DLL and identify the DGA, discussing how it avoids detection in your network.
- Chris Pace; Technology Advocate, Immersive Labs
- Kev Breen; Director of Cyber Threat Research, Immersive Labs
- Nick Cavalancia; Microsoft MVP and cybersecurity expert, Ultimate Windows Security