Defenders are at a huge disadvantage, often investigating compromise with educated guesses based on theoretical knowledge of kill chains, anomaly detection, and IOCs. Experience adds the benefit of recognizing what has been done before, but few blue team members understand how attacks work and how attackers move or escalate during attacks. This talk will explore vulnerability discovery, attack flow, escalation paths, final compromise, and exfiltration for our most investigated incidents. Organizations that feel safe with vulnerability scanning, firewalls, anti-virus, and carefully considered risk prioritization will want to reconsider how effective these controls really are in light of the patterns revealed by these investigations. But, don’t fret! Practical recommendations will be made about how to help better secure the enterprise using a better understanding of attacker tactics. Strategic solutions as well as point solutions with low or no cost will be discussed.
October 21, 2014 | Tech 1 (718a) | 13:25 – 14:25