Recorded Webcast: https://logrhythm.com/resources/webcasts/activated-charcoal-making-sense-of-endpoint-data/
Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you can highlight trends, find flaws and resolve issues.
This Presentation was given at Black Hat 2016 and, recently, an SC Magazine Webcast, covering the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.
6. Company Confidential
• Phishing
• 91% of ‘advanced’ attacks began with a phishing email
or similar social engineering tactics.
• http://www.infosecurity-magazine.com/view/29562/91-of-
apt-attacks-start-with-a-spearphishing-email/
• 2014 Metrics
• Average cost per breach => $3.5 million
• 15% Higher than the previous year
• http://www.ponemon.org/blog/ponemon-institute-
releases-2014-cost-of-data-breach-global-analysis
7. Company Confidential
Drive By Downloads, Malvertizing, and Watering Hole Attacks
Image Source:
https://blog.kaspersky.com/what-is-malvertising/5928/
18. Company Confidential
Building a Believable Campaign
Use realistic files with somewhat realistic data
Staged approach to track file access and exploitation
24. Company Confidential
Key Focus Areas:
• Employees
• IT Staff
• Roles and Responsibilities
• Incident Response Duties
• Configuration Monitoring
• Malware Removal
• Security Infrastructure
25. Company Confidential
Key Focus Areas:
• Employees
• IT Staff
• Security Staff
• Table Top and Red vs Blue Exercises
• Threat Simulation Leads to Process Improvement
• Announced vs Unannounced Simulations or Penetration Testing
26. Company Confidential
Purple Team FTW!
• Employees
• IT Staff
• Security Staff
• Table Top and Red vs Blue Exercises
• Threat Simulation Leads to Process Improvement
• Announced vs Unannounced Simulations or Penetration Testing