Learn how to build an incident response playbook against dispersed spiders in real time

Learn How to Build an Incident Response Playbook

In the tumultuous landscape of cybersecurity, the year 2023 has left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in one of the most impactful ransomware attacks in recent history.

When organizations don’t have a response plan for such an attack, it can become an overwhelming effort to prioritize next steps. This will increasingly impact the threat actors’ ability to maintain access to and control over a compromised network.

Silverfort’s threat research team has been working closely with the identity threats used by Scattered Spider. and essentially built a response playbook in real time to respond to an active Scattered Spider attack. In this webinar the real-life scenario is analyzed calling on them to create and execute a response plan as attackers moved into an organization’s hybrid environment.

Hear directly from the Silverfort team about the challenges they faced, including how to quickly and efficiently (and in the most automated way possible) meet the following response goals:

  • Immediately place ‘roadblocks’ to protect against additional lateral movement from that point
  • Identify user accounts that have been compromised, with a special emphasis on service accounts (a favorite Scattered Spider target)
  • Eliminate potential malicious presence from the organization’s identity infrastructure (again, a beneficial and publicly documented Scattered Spider technique)

Plus, you’ll gain insight into the steps you take in response, focusing on three dimensions of lateral movement:

  • User accounts – We will look at the necessary policies and monitoring for service accounts, administrators, and domain users
  • Identity Infrastructure – We discuss limiting user access, disabling insecure authentication protocols, and further tightening authentication requirements
  • Other domain-joined machines – We will look at limiting machine-to-machine communications for users’ workstations, temporarily blocking insecure authentication protocols

See you there!

#Learn #build #incident #response #playbook #dispersed #spiders #real #time

Notify of
Inline Feedbacks
View all comments
Previous Post
Cybersecurity Framework

SaaS Compliance via the NIST Cybersecurity Framework

Next Post
North Korean Hackers

New report reveals North Korean hackers are targeting defense companies worldwide

Related Posts