Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018
SIEM Summit 2019 Agenda: http://www.sans.org/u/UIC
Presenter:
Eric Conrad, Fellow, SANS Institute
Defensible networks are designed to prevent and detect computer attacks, and are hardened at every layer. Per Richard Bejtlich, defensible networks “can be watched” and “limit an intruder’s freedom to maneuver.” For example: modern malware often attempts to steal credentials and move laterally via tools such as WMIC, PSExec, and PowerShell. Most host-based firewalls can block (and log) based on applications such as PSExec. Prudent organizations use host-based firewalls to block and log network connections initiated by these tools from “regular” user desktops, and only allow authorized use from system administration drop boxes.
This talk focuses on designing a defensible security architecture that limits an intruder’s ability to maneuver, and creates logs when it is successful in doing so. Specific examples will be provided that prevent recent malware such as Petya, NotPetya, SamSam, and others. We will provide an actionable list of techniques that prevent and detect the deadliest events that occur during virtually every successful breach.
Видео Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018 канала SANS Institute
Presenter:
Eric Conrad, Fellow, SANS Institute
Defensible networks are designed to prevent and detect computer attacks, and are hardened at every layer. Per Richard Bejtlich, defensible networks “can be watched” and “limit an intruder’s freedom to maneuver.” For example: modern malware often attempts to steal credentials and move laterally via tools such as WMIC, PSExec, and PowerShell. Most host-based firewalls can block (and log) based on applications such as PSExec. Prudent organizations use host-based firewalls to block and log network connections initiated by these tools from “regular” user desktops, and only allow authorized use from system administration drop boxes.
This talk focuses on designing a defensible security architecture that limits an intruder’s ability to maneuver, and creates logs when it is successful in doing so. Specific examples will be provided that prevent recent malware such as Petya, NotPetya, SamSam, and others. We will provide an actionable list of techniques that prevent and detect the deadliest events that occur during virtually every successful breach.
Видео Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018 канала SANS Institute
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017
Network Security 101: Full Workshop
James Lyne: Everyday cybercrime -- and what you can do about it
Can You Name a Country?
SANS Cybersecurity Programs for the Department of Defense
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
The Dark Arts of Social Engineering – SANS Security Awareness Summit 2018
What Does my SOC Do?: A Framework for Defining an InfoSec Ops Strategy - SANS DFIR Summit 2016
Introduction to Malware Analysis
Know Your Creds, or Die Trying - SANS Digital Forensics and Incident Response Summit 2017
Rob Lee "The Most Lethal Forensicator We Know" Award - SANS DFIR Summit 2017
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017
DFIR Summit 2016: Incident Detection and Hunting at Scale: An Introduction to Osquery
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
Leveraging Curiosity to Enhance Analytic Technique - SANS Cyber Threat Intelligence Summit 2018
Top Cybersecurity Risks 2022
Demo: The Ukraine Event In a Box – SANS ICS Security Summit 2017
Open-Source DFIR Made Easy: The Setup - SANS Digital Forensics & Incident Response Summit 2017