Loading Events

« All Events

  • This event has passed.

CISA- Webinar- Understanding Indicators of Compromise for Incident Response

June 24, 2021 @ 10:00 am - 11:00 am CDT

Major cyber attacks have made headlines for years, and the pace of threat activity faced by government and private sector organizations is accelerating as cyber criminals test new ways to extort victims, and as the operations of business and government become increasingly dependent on the internet and digital infrastructure. Often, the most damaging attacks reported are traced to Advanced Persistent Threats (APT): sophisticated actors who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test defenses or execute malicious activity without tripping network defenses.

Indicators of Compromise (IOC) are the digital and informational “clues” that  incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. This webinar provides an overview of IOC for incident responders and those who work with them, introduces example scenarios and how IOC can be used to trace activity and piece together a picture of the suspicious activity, and discusses tools and frameworks that use IOC to detect, analyze, respond to, and report cyber threat activity.

Join us to learn the following information and more:

– Define IOC and why tracking, investigating, and reporting IOC are crucial to enterprise cybersecurity.

– Understand how IOC are used for threat hunting and incident response, different types of indicators, and how different IOC are collected including the sophistication and difficulty level of collecting different categories of indicators.

– Learn about the MITRE ATT&CK Framework and how it can be used to analyze threat activity, potential threat actors and their associated methods and tactics.

– Introduce CISA’s CHIRP and SPARROW IOC detection tools to help network defenders find IOC associated with APT activity linked to the SolarWinds compromise, and in Azure and O365 environments.

– Questions throughout the presentation will be addressed by an expert technical facilitator.

This course is accessible to a non-technical audience including managers and business leaders, and provides an organizational perspective and strategic overview useful to technical specialists. Participants can request 1 CPE credit for this course.