Meet the new Threat Detection and Logging guidance from the ASD and CISA. Detect CnC Callouts, Lateral movement, and pivoting with Crystal Eye #TDIR | Red Piranha

Description

To keep up with advanced cyber threats from APT’s using living of the land (LOTL), pivoting and lateral movement techniques within your network, effective threat detection and event logging are key to staying secure. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in collaboration with global cybersecurity authorities including CISA, FBI, and NCSC, has established comprehensive guidelines to bolster organizational resilience.

Red Piranha is a pioneer and leader in threat detection with Crystal Eye designed to meet the new guidance to detect living off-the-land attacks and EDR bypass, offering advanced capabilities to enhance your security posture.

In this session, you will learn how Crystal Eye’s Advanced Intrusion Detection and Prevention System (IDPS) is essential for combatting, pivoting and lateral movement within networks.

You will discover how to effectively detect and isolate lateral movement activities within your network and implement a robust network segmentation strategy using Crystal Eye’s Advanced Intrusion Detection and Prevention System: 

• Comprehensive Detection and Prevention Framework  

• Operational Modes of IDPS  

• Customisable Rulesets and Profiles  

• Multi-Tenancy and Advanced Configuration  

• Local Rule Creation  

• Ongoing Updates and Adaptation  

Key Features 

• Network Segmentation: Implement robust segmentation to create secure zones with tailored IDPS profiles, isolating sensitive data and critical infrastructure from general user networks. This confines attacks to specific segments, ensuring rapid containment if lateral movement is detected. 

• Detection and Prevention Framework: Crystal Eye’s IDPS identifies and counters lateral movement using network traffic analysis, anomaly detection, and response mechanisms  

Operational Modes

Detection & Protection Mode: Alerts and logs suspicious traffic without blocking, allowing for thorough threat analysis. Administrators can configure profiles and rulesets for segmented interfaces. 

• Inline Mode: Actively blocks malicious traffic based on predefined rules, preventing the spread of threats. 

• Network Security Monitoring Mode (NSM): Provides detailed visibility into network activities, capturing and logging events to identify movement patterns. 

Customizable Rulesets and Profiles: Administrators can create tailored profiles and rulesets for different network segments, detecting sophisticated threats and addressing unique security needs. 

• Multi-Tenancy and Advanced Configuration: Efficiently manage multiple security zones and profiles with customizable local rules for detecting advanced tactics. 

• Ongoing Updates: Keeps up with new lateral movement techniques through regular updates from Red Piranha’s Global Security Operations Team. 

This is a fantastic opportunity to stay ahead of ASD's new standards and strengthen your organisation’s cybersecurity posture.  So, join us in this knowledge sprint webinar to learn how your business can align with the ASD’s latest guidelines. 

Key Presenters

George Boulis - General Manager, Sales at Red Piranha

Roland Casabar - Cyber Security Engineer & Incident Response at Red Piranha

Dylan Paquelet - Cyber Security Engineer at Red Piranha