SlideShare uma empresa Scribd logo

Activated Charcoal - Making Sense of Endpoint Data

Greg Foss
Greg Foss

Recorded Webcast: https://logrhythm.com/resources/webcasts/activated-charcoal-making-sense-of-endpoint-data/ Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you can highlight trends, find flaws and resolve issues. This Presentation was given at Black Hat 2016 and, recently, an SC Magazine Webcast, covering the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.

Tecnologia
1 de 62
Baixar para ler offline
Company Confidential Powered by Activated Charcoal Making Sense of Endpoint Data
Company Confidential Greg Foss Head of Global Security Operations OSCP, GAWN, GPEN, GWAPT, GCIH, CEH, Cyber APT
The Endpoint is the new Perimeter
Company Confidential The easiest path into any network…
Company Confidential Social Engineering Nothing like a little pretext to get people to click on your links…
Company Confidential • Phishing • 91% of ‘advanced’ attacks began with a phishing email or similar social engineering tactics. • http://www.infosecurity-magazine.com/view/29562/91-of- apt-attacks-start-with-a-spearphishing-email/ • 2014 Metrics • Average cost per breach => $3.5 million • 15% Higher than the previous year • http://www.ponemon.org/blog/ponemon-institute- releases-2014-cost-of-data-breach-global-analysis
Company Confidential Drive By Downloads, Malvertizing, and Watering Hole Attacks Image Source: https://blog.kaspersky.com/what-is-malvertising/5928/
Company Confidential
Company Confidential
Training is Critical to Success
Company Confidential Key Focus Areas: • Employees Image Source: http://www.cloudpro.co.uk/hr/5803/gov-offers-hr-workers-free-cyber-security-training
Company Confidential End User Tips - Phishing
Company Confidential All You Need is +
Company Confidential Shortened URL Tracking
Testing and Validation
Company Confidential Rogue Wi-Fi Network – Threat Simulation
Company Confidential USB Drop – Training Exercise : Case Study
Company Confidential Building a Believable Campaign Use realistic files with somewhat realistic data Staged approach to track file access and exploitation
Company Confidential Profit Send an email when the Macro is run… Use a bogus email (unlike I did here) – I know, I know. Bad OpSec.
Company Confidential Toolscalculator.exe
Company Confidential “Nobody’s going to an an exe from some random USB” - Greg Yep… They ran it...
Company Confidential Now we have our foothold… Fortunately they didn’t run this as an admin
Company Confidential
Company Confidential Key Focus Areas: • Employees • IT Staff • Roles and Responsibilities • Incident Response Duties • Configuration Monitoring • Malware Removal • Security Infrastructure
Company Confidential Key Focus Areas: • Employees • IT Staff • Security Staff • Table Top and Red vs Blue Exercises • Threat Simulation Leads to Process Improvement • Announced vs Unannounced Simulations or Penetration Testing
Company Confidential Purple Team FTW! • Employees • IT Staff • Security Staff • Table Top and Red vs Blue Exercises • Threat Simulation Leads to Process Improvement • Announced vs Unannounced Simulations or Penetration Testing
Company Confidential Key Focus Areas: • Employees • IT Staff • Security Staff • Leadership
Company Confidential Key Focus Areas: • Employees • IT Staff • Security Staff • Leadership • Processes and Procedures
Continuous Monitoring and Detection
Company Confidential Automating OSINT and Response Domain Tools Passive Total VirusTotal Cisco AMP ThreatGRID Netflow / IDS Firewalls Proxy / DNS Endpoint SIEM API Integration SecOps Infrastructure
Company Confidential
Company Confidential Malware Beaconing
Company Confidential
Company Confidential Malware Beaconing
Company Confidential Correlate Network / Log Activity with Endpoint Data
Company Confidential Macro Phishing Attacks • Common • Bypasses Most AV • Heavily Obfuscated • Newer attacks targeting Office 365
Company Confidential Macro Attack Detection
Company Confidential Full Command Line Details
Company Confidential Full Command Line Details
Company Confidential Be Careful – Don’t Jump To Conclusions…
Company Confidential Be Careful – Don’t Jump To Conclusions…
Centralized Logging and Event Management
Company Confidential
Company Confidential Threat Feed Configuration
Company Confidential Full Event Alerting
Company Confidential Syslog Only
Company Confidential Watchlist Configuration
Company Confidential Carbon Black Event Forwarder LogRhythm => Use LEEF Format https://github.com/carbonblack/cb-event-forwarder
Dashboards and Investigations
Company Confidential
Company Confidential
Company Confidential Long Tail Analysis Strange activity can bubble to the surface when viewing the whole picture
Company Confidential
Company Confidential
Taking it a Step Further…
Company Confidential Additional Integration Alarming Trigger on Specific Watch List Hits
Company Confidential Additional Integration Alarming Admin Tracking
Company Confidential Additional Integration Alarming Admin Tracking Reporting
Company Confidential Additional Integration Alarming Admin Tracking Reporting Automation Perform Actions Based on Alarms Observed
Company Confidential LogRhythmChallenge . com Booth #600 #logrhythmchallenge
Company Confidential Mini Network Monitor Booth #600
Company Confidential Thank You! QUESTIONS? Greg Foss Greg . Foss [at] LogRhythm . com @heinzarelli

Recomendados

Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseGreg Foss
 

Recomendados

Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Deception Driven Defense - Infragard 2016
Deception Driven Defense - Infragard 2016Greg Foss
 
SecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingSecureSet WarGames - Logging and Packet Capture Training
SecureSet WarGames - Logging and Packet Capture TrainingGreg Foss
 
Anatomy of the Compromised Insider
Anatomy of the Compromised InsiderAnatomy of the Compromised Insider
Anatomy of the Compromised InsiderImperva
 
DerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseDerbyCon 5 - Tactical Diversion-Driven Defense
DerbyCon 5 - Tactical Diversion-Driven DefenseGreg Foss
 
Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware LabThreatConnect
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareCybereason
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksThreatConnect
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverAmit Serper
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic LogRhythm
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack ModelsSeniorStoryteller
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green North Texas Chapter of the ISSA
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Kevin Finley
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinarThreatConnect
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
Tracey Rancifer: The Health Benefits Of Activated Charcoal
Tracey Rancifer: The Health Benefits Of Activated CharcoalTracey Rancifer: The Health Benefits Of Activated Charcoal
Tracey Rancifer: The Health Benefits Of Activated CharcoalTracey Rancifer
 

Mais conteúdo relacionado

Mais procurados

Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionGreg Foss
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatImperva
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringImperva
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment SpamImperva
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware LabThreatConnect
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareCybereason
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksThreatConnect
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverAmit Serper
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic LogRhythm
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenSplunk
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack ModelsSeniorStoryteller
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain OpenDNS
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green North Texas Chapter of the ISSA
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Kevin Finley
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinarThreatConnect
 

Mais procurados (20)

Advanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement DetectionAdvanced Threats and Lateral Movement Detection
Advanced Threats and Lateral Movement Detection
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
The Non-Advanced Persistent Threat
The Non-Advanced Persistent ThreatThe Non-Advanced Persistent Threat
The Non-Advanced Persistent Threat
 
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity MonitoringSophisticated Incident Response Requires Sophisticated Activity Monitoring
Sophisticated Incident Response Requires Sophisticated Activity Monitoring
 
The Anatomy of Comment Spam
The Anatomy of Comment SpamThe Anatomy of Comment Spam
The Anatomy of Comment Spam
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance HealthcareAvoiding Sophisticated Targeted Breach Critical Guidance Healthcare
Avoiding Sophisticated Targeted Breach Critical Guidance Healthcare
 
Save Time and Act Faster with Playbooks
Save Time and Act Faster with PlaybooksSave Time and Act Faster with Playbooks
Save Time and Act Faster with Playbooks
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
 
Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic Detecting and Blocking Suspicious Internal Network Traffic
Detecting and Blocking Suspicious Internal Network Traffic
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud Attacks
 
Building Security Controls around Attack Models
Building Security Controls around Attack ModelsBuilding Security Controls around Attack Models
Building Security Controls around Attack Models
 
What Happens Before the Kill Chain
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
 
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
Networking 2016-05-24 - Topic 1- Cybereason Lab Analysis by Brad Green
 
Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017Advanced Threat Hunting - Botconf 2017
Advanced Threat Hunting - Botconf 2017
 
Intelligence driven defense webinar
Intelligence driven defense webinarIntelligence driven defense webinar
Intelligence driven defense webinar
 

Destaque

Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 
Tracey Rancifer: The Health Benefits Of Activated Charcoal
Tracey Rancifer: The Health Benefits Of Activated CharcoalTracey Rancifer: The Health Benefits Of Activated Charcoal
Tracey Rancifer: The Health Benefits Of Activated CharcoalTracey Rancifer
 
LogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data SheetLogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data Sheetjordagro
 
What's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data SheetWhat's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data Sheetjordagro
 
LogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data SheetLogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data Sheetjordagro
 
LogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data SheetLogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data Sheetjordagro
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking DrupalGreg Foss
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggAlienVault
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose LogrhythmLogRhythm
 
Detox activated-charcoal
Detox activated-charcoalDetox activated-charcoal
Detox activated-charcoalManuel Díaz
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallTroy Kitch
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014Greg Foss
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
USES AND MODE OF ACTION AC
USES AND MODE OF ACTION ACUSES AND MODE OF ACTION AC
USES AND MODE OF ACTION ACFrancis Onasanya
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis AlienVault
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 

Destaque (17)

Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 
Tracey Rancifer: The Health Benefits Of Activated Charcoal
Tracey Rancifer: The Health Benefits Of Activated CharcoalTracey Rancifer: The Health Benefits Of Activated Charcoal
Tracey Rancifer: The Health Benefits Of Activated Charcoal
 
LogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data SheetLogRhythm Web Rhythm Data Sheet
LogRhythm Web Rhythm Data Sheet
 
What's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data SheetWhat's New Logrhythm 5.1 Data Sheet
What's New Logrhythm 5.1 Data Sheet
 
LogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data SheetLogRhythm Advanced Agent Data Sheet
LogRhythm Advanced Agent Data Sheet
 
Securityanalytics
SecurityanalyticsSecurityanalytics
Securityanalytics
 
LogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data SheetLogRhythm Training Syllabus Data Sheet
LogRhythm Training Syllabus Data Sheet
 
Attacking Drupal
Attacking DrupalAttacking Drupal
Attacking Drupal
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
 
8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm8 Reasons to Choose Logrhythm
8 Reasons to Choose Logrhythm
 
Detox activated-charcoal
Detox activated-charcoalDetox activated-charcoal
Detox activated-charcoal
 
Introducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database FirewallIntroducing Oracle Audit Vault and Database Firewall
Introducing Oracle Audit Vault and Database Firewall
 
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
USES AND MODE OF ACTION AC
USES AND MODE OF ACTION ACUSES AND MODE OF ACTION AC
USES AND MODE OF ACTION AC
 
SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis SIEM 101: Get a Clue About IT Security Analysis
SIEM 101: Get a Clue About IT Security Analysis
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 

Semelhante a Activated Charcoal - Making Sense of Endpoint Data

The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThreatConnect
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Software
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayChris Gates
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceSPAN Infotech (India) Pvt Ltd
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisNorth Texas Chapter of the ISSA
 
Extending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterExtending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterVeriato
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016Tudor Damian
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security IntelligenceSplunk
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session Splunk
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...Enterprise Management Associates
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 

Semelhante a Activated Charcoal - Making Sense of Endpoint Data (20)

Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
 
Top Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions TodayTop Security Challenges Facing Credit Unions Today
Top Security Challenges Facing Credit Unions Today
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob DavisLuncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
Luncheon 2015-11-19 - Lessons Learned from Avid Life Media by Rob Davis
 
Extending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office PerimeterExtending CyberSecurity Beyond The Office Perimeter
Extending CyberSecurity Beyond The Office Perimeter
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent Cybersecurity
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016The state of web applications (in)security @ ITDays 2016
The state of web applications (in)security @ ITDays 2016
 
InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings
 
Operationalizing Security Intelligence
Operationalizing Security IntelligenceOperationalizing Security Intelligence
Operationalizing Security Intelligence
 
Security Breakout Session
Security Breakout Session Security Breakout Session
Security Breakout Session
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
Where There Is Smoke, There is Fire: Extracting Actionable Intelligence from ...
 
BREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAPBREACHED: Data Centric Security for SAP
BREACHED: Data Centric Security for SAP
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 

Último

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Último (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Activated Charcoal - Making Sense of Endpoint Data