Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017
Advanced persistent threats often pass through standard network defense capabilities undetected, requiring significant manual analysis or specialized tools for detection. Many of these require full network packet capture, which is storage and processing intensive. Small record size and long storage time make network flow a great supplement to full packet capture. Furthermore, the ability to query on multiple fields in different combinations over a
long period of time makes network flow much more flexible than signature matching tools.
The focus of this presentation will be on how to incorporate network flow analysis into your threat hunting toolkit. We will cover topics such as anomaly discovery versus signature matching, IP expansion, longitudinal analysis of threat actors, how network flow relates to the Cyber Kill Chain, and where network flow analysis should sit in the threat hunting cycle. We will look at real world examples of the effects of these techniques in discovering malicious actors on networks.
Austin Whisnant
Member of the Technical Staff, Software Engineering Institute
Видео Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017 канала SANS Digital Forensics and Incident Response
long period of time makes network flow much more flexible than signature matching tools.
The focus of this presentation will be on how to incorporate network flow analysis into your threat hunting toolkit. We will cover topics such as anomaly discovery versus signature matching, IP expansion, longitudinal analysis of threat actors, how network flow relates to the Cyber Kill Chain, and where network flow analysis should sit in the threat hunting cycle. We will look at real world examples of the effects of these techniques in discovering malicious actors on networks.
Austin Whisnant
Member of the Technical Staff, Software Engineering Institute
Видео Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017 канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
4 сентября 2017 г. 8:51:01
00:18:30
Другие видео канала
Real-Time Threat Hunting - SANS Threat Hunting & Incident Response Summit 2017DIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017Wireshark and Recognizing Exploits, HakTip 138Schroedinger’s Backslash: Tracking the Chinese APT Goblin Panda with RTF Metadata - SANS CTI SummitUsing Elasticsearch & Kibana for Security Analytics to Fight the Dark Army on Mr. RobotOpen-Source DFIR Made Easy: The Setup - SANS Digital Forensics & Incident Response Summit 2017Threat Hunting Masterclass: Three Data Science Notebooks to Find Bad Actors in Your Network LogsNetwork Security 101: Full WorkshopTaking Hunting to the Next Level: Hunting in Memory - SANS Threat Hunting Summit 2017Hunting: From Fudd to Terminator - SANS Threat Hunting Summit 2017Threat Hunting via Sysmon - SANS Blue Team SummitDNS Evidence You Don’t Know What You’re MissingThe Threat Intelligence EASY Button with Chris Cochran - SANS CTI SummitTales from the Network Threat Hunting Trenches & AI Hunter DemoUsing Bro to Hunt Persistent Threats by Benjamin KlimkowskiThe Secret History of Cyber War - SANS Digital Forensics and Incident Response Summit 2017Getting Started with Threat Hunting Basics with Security Weekly and LogRhythmCyber Threat Hunting: Identify and Hunt Down Intruders