Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Rekt Casino Hack Assessment Operational Series – Security Operations Center Ill-equipped and Unprepared Part 3 of 4

  • Wednesday, March 17, 2021 at 11:59 AM EDT (2021-03-17 15:59:00 UTC)
  • Mark Orlando

You can now attend the webcast using your mobile device!

  

Overview

The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach.

The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet. 

If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. Its not enough to acknowledge that security requires more attention, you also have to act on that knowledge.

In this Part 3 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to the management of their Security Operations Center. We will dive into topics such as:

  • SOC design
  • Leading a SOC
  • Incident Detection
  • Responding to an incident
  • Lessons learned for continual improvement

Dont wait! Register now for the other webcasts in the series!

Speaker Bio

Mark Orlando

Mark Orlando is a SANS Associate Instructor, co-author of the new MGT551: Building and Leading Security Operations Center 5 day version, instructor for SEC450: Blue Team Fundamentals: Security Operations and Analysis, and also the Co-Founder and CEO of Bionic Cyber. Prior to Bionic, Mark built, assessed, and managed security teams at the Pentagon, the White House, the Department of Energy, and numerous Fortune 500 clients. Mark has presented on security operations and assessment at DefCon's Blue Team Village, the Institute for Applied Network Security (IANS) Forum, BSidesDC, and the RSA Conference and has been quoted in the New York Times, the Washington Post, Forbes, and many other publications. He holds a Bachelor's Degree in Advanced Information Technology from George Mason University and served in the US Marine Corps as an Artillery Non-Commissioned Officer. Read Mark’s full profile here

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.