Dell EMC World, profile picture
Uploaded byDell EMC World
585 views

MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

The document discusses an advanced endpoint detection strategy called tripwire defense, aimed at countering intrusions from hostile entities. It emphasizes the distinction between industry and adversary definitions of defeat, indicating that behaviors should guide detection efforts. Case studies highlight the importance of behavioral analysis in driving effective detection and investigation processes.

Embed presentation

Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
Justin Turner CTU Special Operations Phil Burdette CTU Cyber Intel Cell • The Counter Threat Unit Special Operations team is dedicated to responding to intrusions from hostile Nation States and other advanced adversaries on a daily basis
3 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Agenda Why are we losing? How do we win? Prove it!
4 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Defeat
5 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Winning
The industry’s definition of defeat is different from our adversary’s definition of winning
Behaviors drive detections, indicators drive investigations
8 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration WMI Consumer
9 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
10 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
11 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
12 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
13 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
14 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection
15 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

More Related Content

PDF
MT 70 The New Era of Incident Response Planning
byDell EMC World
 
PDF
MT88 - Assess your business risks by understanding your technology’s supply c...
byDell EMC World
 
PDF
Threat intelligence Primary Tradecraft and Research
byFidelis Cybersecurity
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
PDF
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
byCore Security
 
PDF
Rising Cyber Escalation US Iran Russia ICS Threats and Response
byDragos, Inc.
 
PDF
Private sector cyber resilience and the role of data diodes
byOllie Whitehouse
 
PPTX
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
byOllie Whitehouse
 
MT 70 The New Era of Incident Response Planning
byDell EMC World
 
MT88 - Assess your business risks by understanding your technology’s supply c...
byDell EMC World
 
Threat intelligence Primary Tradecraft and Research
byFidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
byCore Security
 
Rising Cyber Escalation US Iran Russia ICS Threats and Response
byDragos, Inc.
 
Private sector cyber resilience and the role of data diodes
byOllie Whitehouse
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
byOllie Whitehouse
 

What's hot

PPTX
2018 Year in Review- ICS Threat Activity Groups
byDragos, Inc.
 
PPT
Top Tactics For Endpoint Security
byBen Rothke
 
PPTX
DC970 Presents: Defense in Depth
byIceQUICK
 
PDF
The Golden Rules - Detecting more with RSA Security Analytics
byDemetrio Milea
 
PPTX
Purple Teaming - The Collaborative Future of Penetration Testing
byFRSecure
 
PPT
CERT Certification
byConferencias FIST
 
PDF
Beyond the Scan: The Value Proposition of Vulnerability Assessment
byDamon Small
 
PPT
Security Intelligence: Advanced Persistent Threats
byPeter Wood
 
PPTX
Understanding advanced persistent threats (APT)
byDan Morrill
 
PDF
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
byCore Security
 
PDF
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
byCore Security
 
PPTX
Advanced Persistent Threats
byESET
 
PDF
Defense In Depth Using NIST 800-30
byKevin M. Moker, CFE, CISSP, ISSMP, CISM
 
PPTX
Persistence is Key: Advanced Persistent Threats
bySameer Thadani
 
PPT
Lesson 1- Intrusion Detection
byMLG College of Learning, Inc
 
PDF
Day 1 Enisa Setting Up A Csirt
byvngundi
 
PDF
Building CSIRT and its competency
byDidik Partono Rudiarto
 
PPTX
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
bymdagrossa
 
PPTX
Incident Response in the age of Nation State Cyber Attacks
byResilient Systems
 
PDF
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
bySaraPia5
 
2018 Year in Review- ICS Threat Activity Groups
byDragos, Inc.
 
Top Tactics For Endpoint Security
byBen Rothke
 
DC970 Presents: Defense in Depth
byIceQUICK
 
The Golden Rules - Detecting more with RSA Security Analytics
byDemetrio Milea
 
Purple Teaming - The Collaborative Future of Penetration Testing
byFRSecure
 
CERT Certification
byConferencias FIST
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
byDamon Small
 
Security Intelligence: Advanced Persistent Threats
byPeter Wood
 
Understanding advanced persistent threats (APT)
byDan Morrill
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
byCore Security
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
byCore Security
 
Advanced Persistent Threats
byESET
 
Defense In Depth Using NIST 800-30
byKevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Persistence is Key: Advanced Persistent Threats
bySameer Thadani
 
Lesson 1- Intrusion Detection
byMLG College of Learning, Inc
 
Day 1 Enisa Setting Up A Csirt
byvngundi
 
Building CSIRT and its competency
byDidik Partono Rudiarto
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
bymdagrossa
 
Incident Response in the age of Nation State Cyber Attacks
byResilient Systems
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
bySaraPia5
 

Viewers also liked

PDF
Nethemba - Writing exploits
byOWASP (Open Web Application Security Project)
 
PDF
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
byRootedCON
 
PDF
MT54 Better security is better business
byDell EMC World
 
PPTX
How Functions Work
bySaumil Shah
 
PDF
Finding Product Market Fit
byScott Bales
 
PDF
Lean Product Management for Enterprises: The Art of Known Unknowns
byThoughtworks
 
PPT
Recommendation system
byVikrant Arya
 
Nethemba - Writing exploits
byOWASP (Open Web Application Security Project)
 
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
byRootedCON
 
MT54 Better security is better business
byDell EMC World
 
How Functions Work
bySaumil Shah
 
Finding Product Market Fit
byScott Bales
 
Lean Product Management for Enterprises: The Art of Known Unknowns
byThoughtworks
 
Recommendation system
byVikrant Arya
 

Similar to MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

PDF
Tripwire enterprise 87_datasheet
byDevaraj Sl
 
PDF
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
byDell EMC World
 
PPTX
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
byScott Sutherland
 
PDF
Nss labs-breach-detection
byMichael Kurzidim
 
PDF
Three Considerations To Amplify Your Detection and Response Program
byMorphick
 
PDF
Cisco Security Architecture
byCisco Canada
 
PDF
Reducing cyber risks in the era of digital transformation
bySergey Soldatov
 
PDF
Behind the Curtain: Exposing Advanced Threats
byCisco Canada
 
PDF
Exploring the Defender's Advantage
byRaffael Marty
 
PDF
Journey to the Center of Security Operations
by♟Sergej Epp
 
PDF
FireEye - Breaches are inevitable, but the outcome is not
byMarketingArrowECS_CZ
 
PDF
Dell sonicwall connected security
byMotty Ben Atia
 
PPTX
Cyber Threat Intelligence
byPrachi Mishra
 
PDF
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
byJames Perry, Jr.
 
PDF
Cisco - See Everything, Secure Everything
byRedington Value Distribution
 
PDF
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
byKhaledboufnina
 
PPTX
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
byJoe Vest
 
PDF
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
byHexis Cyber Solutions
 
PDF
FireEye Use Cases — FireEye Solution Deployment Experience
byValery Yelanin
 
PPTX
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 
Tripwire enterprise 87_datasheet
byDevaraj Sl
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
byDell EMC World
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
byScott Sutherland
 
Nss labs-breach-detection
byMichael Kurzidim
 
Three Considerations To Amplify Your Detection and Response Program
byMorphick
 
Cisco Security Architecture
byCisco Canada
 
Reducing cyber risks in the era of digital transformation
bySergey Soldatov
 
Behind the Curtain: Exposing Advanced Threats
byCisco Canada
 
Exploring the Defender's Advantage
byRaffael Marty
 
Journey to the Center of Security Operations
by♟Sergej Epp
 
FireEye - Breaches are inevitable, but the outcome is not
byMarketingArrowECS_CZ
 
Dell sonicwall connected security
byMotty Ben Atia
 
Cyber Threat Intelligence
byPrachi Mishra
 
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
byJames Perry, Jr.
 
Cisco - See Everything, Secure Everything
byRedington Value Distribution
 
Security Operation Center : Le Centre des Opérations de Sécurité est une div...
byKhaledboufnina
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
byJoe Vest
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
byHexis Cyber Solutions
 
FireEye Use Cases — FireEye Solution Deployment Experience
byValery Yelanin
 
Threat Hunting - Moving from the ad hoc to the formal
byPriyanka Aash
 

More from Dell EMC World

PDF
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
byDell EMC World
 
PDF
David Goulden keynote at Dell EMC World
byDell EMC World
 
PDF
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
byDell EMC World
 
PDF
MT58 High performance graphics for VDI: A technical discussion
byDell EMC World
 
PDF
MT93 - Federal: End-point evolution: Mobile, secure, connected
byDell EMC World
 
PDF
MT92 - Federal: Budget? What budget? Build your dream IT modernization plan
byDell EMC World
 
PDF
MT87 How technology can reduce costs, minimize environmental impact, and maxi...
byDell EMC World
 
PDF
MT101 Dell OCIO: Delivering data and analytics in real time
byDell EMC World
 
PDF
MT17_Building Integrated and Secure Networks with limited IT Support
byDell EMC World
 
PDF
MT13 - Keep your business processing operating at peak efficiency with Dell E...
byDell EMC World
 
PDF
MT12 - SAP solutions from Dell – from your Datacenter to the Cloud
byDell EMC World
 
PDF
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
byDell EMC World
 
PDF
MT01 The business imperatives driving cloud adoption
byDell EMC World
 
PDF
Mt19 Integrated systems as a foundation of the Software Defined Datacentre
byDell EMC World
 
PDF
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
byDell EMC World
 
PDF
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
byDell EMC World
 
PDF
MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...
byDell EMC World
 
PDF
MT16 Future-Ready Networking for the Campus
byDell EMC World
 
PDF
MT25 Server technology trends, workload impacts, and the Dell Point of View
byDell EMC World
 
PDF
MT23 Benefits of Modular Computing from Data Center to Branch Office
byDell EMC World
 
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
byDell EMC World
 
David Goulden keynote at Dell EMC World
byDell EMC World
 
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
byDell EMC World
 
MT58 High performance graphics for VDI: A technical discussion
byDell EMC World
 
MT93 - Federal: End-point evolution: Mobile, secure, connected
byDell EMC World
 
MT92 - Federal: Budget? What budget? Build your dream IT modernization plan
byDell EMC World
 
MT87 How technology can reduce costs, minimize environmental impact, and maxi...
byDell EMC World
 
MT101 Dell OCIO: Delivering data and analytics in real time
byDell EMC World
 
MT17_Building Integrated and Secure Networks with limited IT Support
byDell EMC World
 
MT13 - Keep your business processing operating at peak efficiency with Dell E...
byDell EMC World
 
MT12 - SAP solutions from Dell – from your Datacenter to the Cloud
byDell EMC World
 
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
byDell EMC World
 
MT01 The business imperatives driving cloud adoption
byDell EMC World
 
Mt19 Integrated systems as a foundation of the Software Defined Datacentre
byDell EMC World
 
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
byDell EMC World
 
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
byDell EMC World
 
MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...
byDell EMC World
 
MT16 Future-Ready Networking for the Campus
byDell EMC World
 
MT25 Server technology trends, workload impacts, and the Dell Point of View
byDell EMC World
 
MT23 Benefits of Modular Computing from Data Center to Branch Office
byDell EMC World
 

MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

  • 1.
  • 2.
    Justin Turner CTU SpecialOperations Phil Burdette CTU Cyber Intel Cell • The Counter Threat Unit Special Operations team is dedicated to responding to intrusions from hostile Nation States and other advanced adversaries on a daily basis
  • 3.
    3 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Agenda Why are we losing? How do we win? Prove it!
  • 4.
    4 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Defeat
  • 5.
    5 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Winning
  • 6.
    The industry’s definitionof defeat is different from our adversary’s definition of winning
  • 7.
  • 8.
    8 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration WMI Consumer
  • 9.
    9 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 10.
    10 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 11.
    11 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 12.
    12 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 13.
    13 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 14.
    14 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection
  • 15.
    15 Dell - InternalUse - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection