Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018
SIEM Summit 2019 Agenda: http://www.sans.org/u/UIC
Presenter:
Eric Conrad, Fellow, SANS Institute
Defensible networks are designed to prevent and detect computer attacks, and are hardened at every layer. Per Richard Bejtlich, defensible networks “can be watched” and “limit an intruder’s freedom to maneuver.” For example: modern malware often attempts to steal credentials and move laterally via tools such as WMIC, PSExec, and PowerShell. Most host-based firewalls can block (and log) based on applications such as PSExec. Prudent organizations use host-based firewalls to block and log network connections initiated by these tools from “regular” user desktops, and only allow authorized use from system administration drop boxes.
This talk focuses on designing a defensible security architecture that limits an intruder’s ability to maneuver, and creates logs when it is successful in doing so. Specific examples will be provided that prevent recent malware such as Petya, NotPetya, SamSam, and others. We will provide an actionable list of techniques that prevent and detect the deadliest events that occur during virtually every successful breach.
Видео Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018 канала SANS Institute
Presenter:
Eric Conrad, Fellow, SANS Institute
Defensible networks are designed to prevent and detect computer attacks, and are hardened at every layer. Per Richard Bejtlich, defensible networks “can be watched” and “limit an intruder’s freedom to maneuver.” For example: modern malware often attempts to steal credentials and move laterally via tools such as WMIC, PSExec, and PowerShell. Most host-based firewalls can block (and log) based on applications such as PSExec. Prudent organizations use host-based firewalls to block and log network connections initiated by these tools from “regular” user desktops, and only allow authorized use from system administration drop boxes.
This talk focuses on designing a defensible security architecture that limits an intruder’s ability to maneuver, and creates logs when it is successful in doing so. Specific examples will be provided that prevent recent malware such as Petya, NotPetya, SamSam, and others. We will provide an actionable list of techniques that prevent and detect the deadliest events that occur during virtually every successful breach.
Видео Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018 канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017Network Security 101: Full WorkshopJames Lyne: Everyday cybercrime -- and what you can do about itCan You Name a Country?SANS Cybersecurity Programs for the Department of DefenseHow Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017The Dark Arts of Social Engineering – SANS Security Awareness Summit 2018What Does my SOC Do?: A Framework for Defining an InfoSec Ops Strategy - SANS DFIR Summit 2016Introduction to Malware AnalysisKnow Your Creds, or Die Trying - SANS Digital Forensics and Incident Response Summit 2017Rob Lee "The Most Lethal Forensicator We Know" Award - SANS DFIR Summit 2017Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017DFIR Summit 2016: Incident Detection and Hunting at Scale: An Introduction to OsqueryYou’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018Leveraging Curiosity to Enhance Analytic Technique - SANS Cyber Threat Intelligence Summit 2018Top Cybersecurity Risks 2022Demo: The Ukraine Event In a Box – SANS ICS Security Summit 2017Open-Source DFIR Made Easy: The Setup - SANS Digital Forensics & Incident Response Summit 2017