Today’s network advanced persistent threats by definition evade detection by perimeter defenses and current concepts for defense in depth – whether you know it or not. Most organizations have developed an over-reliance upon network-layer, perimeter focused solutions that require signatures or profile-based foreknowledge of a given technical threat. As proven through numerous security breaches over the last few years, most signature and log -based security solutions are already entirely obsolete by the very definition of focused adversary methods. Other architectures currently being deployed are based upon statistical analysis of netflows and other network-layer telemetry providing limited and incomplete network visibility.
This session focuses on the true nature and sources of today’s difficult threats, and describes solution characteristics, both technology and operations-related, which are required to detect these invisible threats. Mr. Shields will demonstrate techniques that will enable your organization to detect and stop designer malware, zero-day attacks, and non-signature-based threats to improve overall network visibility, and to detect the leakage and exfiltration of valuable organizational data. The session will cover actual technical case studies from the commercial and public sector to illustrate more effective operational methods for monitoring enterprise infrastructures at the application and content/context layers by performing advanced analysis of full packet captures.