The emergence of ransomware over the past decade has transformed the business of “hacking” into a multi-billion dollar industry with low barriers to entry and has generated an attractive career option for the upwardly mobile in certain parts of the world. It has created an unparalleled threat to organizations of all sizes. While the overall forecast may call for more ransomware ahead, the good news is that defenders have better tools and detection techniques at their disposal than ever before. The security profession has been investing in “behavior-based” threat detection methods, which can be effective in detecting attacker behavior that would otherwise be missed by “indicator-based” protections. However, done poorly, behavior based threat detection can quickly bury network defenders in false-positives, causing delays in detection or, worse, compelling defenders to simply turn the detection alarms off.
This session will introduce the concept of the threat detection engineering and explore how defenders can best protect their organization from ransomware attacker groups. The speakers will share what they have learned from years in the trenches going keyboard-to-keyboard with a range of attackers, including today’s ransomware outfits.
An attendee will learn
How ransomware has emerged as the dominant form of cyber-attack and why it is unlikely to go away anytime soon.
What a typical ransomware attack looks like from inside a network.
How defenders are using threat detection engineering techniques to identify and repel attackers before they can steal your data or lock up your systems.
How to accurately assess your vulnerability to a ransomware attack.
What you can do today with your existing tools to put yourself in the best position to stop an attack before it starts.
How automated tools alone can’t provide adequate defense against ransomware.
What makes this course unique?
This course will present a realistic, experience-driven perspective on how to effectively detect and suppress threats by combining the right mix of people, process and technology. The presenters have been on the front lines fighting against cyber attackers for well over a decade and will share the truth about what you can expect from today’s security tools- and what you can’t expect.
Director of Information Security
Security Operations Center leadership and staff
R Jason Straight
Senior Managing Director and Chief Privacy Officer at Ankura
R Jason Straight is a Senior Managing Director and Chief Privacy Officer at Ankura, based in New York. Jason is a leader in the cybersecurity and privacy consulting practice and oversees Ankura’s internal data privacy program. He has extensive experience managing complex cybersecurity investigations and data breach events in a wide variety of industries involving a range of threat actors including malicious insiders, organized criminal operations, and state sponsored groups. In addition, Jason has overseen and led large data risk and privacy compliance consulting matters for global companies facing regulatory challenges arising from the General Data Protection Regulation, the California Consumer Privacy Act, HIPAA, federal and state financial services regulations and other frameworks. Jason also founded and led a Gartner-recognized managed detection and response business providing continuous network security monitoring and threat detection to companies in the financial services, healthcare, manufacturing, legal, and technology sectors. Jason has also served as the Chief Privacy Officer for an international technology services firm.
Managing Director at Ankura
Kevin Noble is a Managing Director at Ankura and has experience leading intelligence driven security operations through advances in architecture and data sciences to greatly improve threat detection. Kevin’s current objective is to bind Ankura’s cyber practice of highly cultivated incident response capability with the Managed Detection and Response service.
Kevin previously led a dedicated professional consulting practice at Verizon, included development and testing of services for U.S. Federal entities and commercial businesses. Verizon acquired a Terremark Worldwide and Terremark Federal where Kevin led DARPA funded research projects on behalf of federal entities and the U.S. Military including the United States Southern Command. In recent years, Kevin has had considerable success in developing and improving security operations for a diverse range of client like the U.S. Department of Justice Joint Security Operations Center and one of the world’s largest hedge funds. Kevin also served honorably served in the United States Marine Corps gaining fundamental security experience.
Prior to Verizon’s acquisition of Terremark Worldwide Inc. Kevin led an experienced specialized team of information security professionals in the areas of incident response to computer intrusion and various aspects of vulnerability assessments including penetration testing as the director of Engagement Services for Terremark’s Secure Information Services, the professional services component of threat services. Kevin has a history of cultivating teams with a security mindset in support of investigations in the areas of digital forensics, malicious software reverse engineering, network instrumentation, and research and secure system design. Kevin created specialized purple teams as a direct response to client migration to cloud services and internal organization security issues.
Kevin has a CISSP and served in the United States Marine Corps where he gained experience leading into the fields of information security. Kevin is also a National Security Institute Technology Fellow at George Mason University.
Key experiences including working with the Connecticut AG in a multi-state investigating of Google’s collection of unsecured wireless data and research for cyber defense projects cosponsored by Defense Advanced Research Projects Agency and; the Office of the Secretary of Defense.