Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017
Advanced persistent threats often pass through standard network defense capabilities undetected, requiring significant manual analysis or specialized tools for detection. Many of these require full network packet capture, which is storage and processing intensive. Small record size and long storage time make network flow a great supplement to full packet capture. Furthermore, the ability to query on multiple fields in different combinations over a
long period of time makes network flow much more flexible than signature matching tools.
The focus of this presentation will be on how to incorporate network flow analysis into your threat hunting toolkit. We will cover topics such as anomaly discovery versus signature matching, IP expansion, longitudinal analysis of threat actors, how network flow relates to the Cyber Kill Chain, and where network flow analysis should sit in the threat hunting cycle. We will look at real world examples of the effects of these techniques in discovering malicious actors on networks.
Austin Whisnant
Member of the Technical Staff, Software Engineering Institute
Видео Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017 канала SANS Digital Forensics and Incident Response
long period of time makes network flow much more flexible than signature matching tools.
The focus of this presentation will be on how to incorporate network flow analysis into your threat hunting toolkit. We will cover topics such as anomaly discovery versus signature matching, IP expansion, longitudinal analysis of threat actors, how network flow relates to the Cyber Kill Chain, and where network flow analysis should sit in the threat hunting cycle. We will look at real world examples of the effects of these techniques in discovering malicious actors on networks.
Austin Whisnant
Member of the Technical Staff, Software Engineering Institute
Видео Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017 канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
4 сентября 2017 г. 8:51:01
00:18:30
Другие видео канала
Real-Time Threat Hunting - SANS Threat Hunting & Incident Response Summit 2017
DIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
Wireshark and Recognizing Exploits, HakTip 138
Schroedinger’s Backslash: Tracking the Chinese APT Goblin Panda with RTF Metadata - SANS CTI Summit
Using Elasticsearch & Kibana for Security Analytics to Fight the Dark Army on Mr. Robot
Open-Source DFIR Made Easy: The Setup - SANS Digital Forensics & Incident Response Summit 2017
Threat Hunting Masterclass: Three Data Science Notebooks to Find Bad Actors in Your Network Logs
Network Security 101: Full Workshop
Taking Hunting to the Next Level: Hunting in Memory - SANS Threat Hunting Summit 2017
Hunting: From Fudd to Terminator - SANS Threat Hunting Summit 2017
Threat Hunting via Sysmon - SANS Blue Team Summit
DNS Evidence You Don’t Know What You’re Missing
The Threat Intelligence EASY Button with Chris Cochran - SANS CTI Summit
Tales from the Network Threat Hunting Trenches & AI Hunter Demo
Using Bro to Hunt Persistent Threats by Benjamin Klimkowski
The Secret History of Cyber War - SANS Digital Forensics and Incident Response Summit 2017
Getting Started with Threat Hunting Basics with Security Weekly and LogRhythm
Cyber Threat Hunting: Identify and Hunt Down Intruders