The last few years represent a large change in the threats against our systems. The attacks that are hitting enterprises today are much more targeted and malicious than at previous times. Where once we had script kiddies and general purpose attacks aimed at the entire Internet, now we face highly skilled software engineers who are motivated by money more than fame. At the same time, many organizations are discovering that the standard suite of security products (firewalls, IDS, and AV) aren’t stopping these new attacks. Worse, there aren’t a lot of new products popping up to help out.
This talk will examine current trends in the attack and malware space. From there, we will take a look at ways to defend your network that you may not have thought about before. Non-conventional audit records like network flow data, crash dumps, and detailed system enumeration can represent a wealth of information that you may be overlooking today. This talk will discuss these mechanisms and how to use them with open-source software currently available. At the end of the talk, you should have a better appreciation for how bad the current security situation is but you also feel better armed to defend yourself and your network.