Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

461 views

Published on

As adversaries evolve their ability to evade traditional security controls, intelligence and innovation must also come together to provide new detection and disruption capabilities for defenders. This session will discuss the next evolution of SecureWorks' AETD service technology, Red Cloak.  Topics include the endpoint as today’s battleground and the unique approach AETD Red Cloak brings to the fight, and the advantage of coordinated advanced detection across the network and endpoints.

  • Be the first to comment

  • Be the first to like this

MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

  1. 1. Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
  2. 2. Justin Turner CTU Special Operations Phil Burdette CTU Cyber Intel Cell • The Counter Threat Unit Special Operations team is dedicated to responding to intrusions from hostile Nation States and other advanced adversaries on a daily basis
  3. 3. 3 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Agenda Why are we losing? How do we win? Prove it!
  4. 4. 4 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Defeat
  5. 5. 5 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Winning
  6. 6. The industry’s definition of defeat is different from our adversary’s definition of winning
  7. 7. Behaviors drive detections, indicators drive investigations
  8. 8. 8 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration WMI Consumer
  9. 9. 9 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  10. 10. 10 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  11. 11. 11 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  12. 12. 12 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  13. 13. 13 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  14. 14. 14 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection
  15. 15. 15 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection

×