Your network is already compromised, but do you know how and by whom? Can you find them, remove them, and prevent them from getting back in again? In this presentation, we will examine actual attacks and indicators of compromise and show how, using some basic network flow pattern analysis, we can detect and prevent contemporary malware, advanced persistent threats (APTs), zero-day exploits and more. In addition, we will discuss how to feed this data into a security analytics program to create a new, broader perspective on the threats that your organization faces.
Over the past four years at National Instruments, we have been collecting tools to work cohesively as part of a larger security analytics platform. The goal of this presentation is to provide the attendee with the basic information that they need in order to build a security analytics program of their own. We will begin by talking about the problem of a lack of visibility within the enterprise environment. From there, we will talk about the traits that characterize a tool as being good for security analytics. Next, we will talk about the types of data that exists in the different tool sets and what types of questions they are good at answering. From there, we will talk about what it means to create patterns and analyze your data to find those specific patterns. Then, we will look at some specific analytics that are useful to run on a regular basis to find malware, misconfigured systems, APTs, and more. Lastly, we will talk about actionable (and even automated) next steps once we discover the patterns that we are looking for.
This talk will encourage audience participation by encouraging them to share what they are doing to perform security analytics and is appropriate for both novice and experienced security professionals.