2. Today’s Speakers
Jack Naglieri
Founder, CEO
Russell Leighton
Principal Engineer
● 8+ years experience in detection and
response
● Ex-Airbnb and Yahoo
● Co-creator of StreamAlert
● 25+ years experience in large
scale distributed data
processing
● Ex-Amazon
3. 1. Introductions and Challenges
2. What is Panther?
3. Breach Scenario
4. Recap
5. Roadmap
Agenda
5. Company Background
Est. August 2018
HQ in San Francisco,
CA
AWS & Airbnb
Security Alumni
Our mission is to help teams prevent
security breaches at cloud-scale.
7. Threat Hunting Overview
Mapping Attackers in your Network
Proactive - Detect
● Continuous monitoring
● Behavioral-based, such as “Malicious
commands executed”
● Indicator-based, such as “New hits on
known bad IPs”
Reactive - Investigate
● Ad-hoc searching
● Triage alerts to find related activity,
identify root cause, and scope of the attack
● Bulk-search indicators from reports, info
exchanges, OSINT
8. Diverse Data
● Bringing structure to logs
● Extracting indicators for indexing
● Correlating events
● Timezone alignment
Scale
● Search time grows as data grows
● High cost for “hot” (fast) data retention
● Operational burden
Challenges
13. Triage
Alert Summaries
● Auto calculate helpful
statistics in events
● “What are all of the
unique IPs associated with
this alert?”
● Customizable for each
detection
19. Scenario Recap
Scanning
The attacker is
scanning and
info gathering
Legit
Logins
Normal logins and
activity is
observed from
Tracey
Failed Logins
A series of failed
root logins are
observed from
our attacker
Initial Access
The attacker
successfully
logs in as Root
Collect and Exfil
Attacker establishes
persistence,
escalates privs,
exfiltrated data
20. Triage with Panther
● Behavioral Rules to detect initial compromise
● Alert Summaries to quickly answer questions
● Indicator Search to identify related activity in all logs
● Data Explorer to refine searches and perform analytics
21. Run Panther
● Deploy Panther Community
● Run the samples in this
webinar
● Built-in packs
● Write your own rules
● Contribute back!
● Contact us for Hosted
Panther
22. Let’s Talk
● Schedule your free evaluation- contact
sales@runpanther.io
● Be sure to check out our blog!