SlideShare a Scribd company logo

MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

Dell EMC World
Dell EMC World

As adversaries evolve their ability to evade traditional security controls, intelligence and innovation must also come together to provide new detection and disruption capabilities for defenders. This session will discuss the next evolution of SecureWorks' AETD service technology, Red Cloak.  Topics include the endpoint as today’s battleground and the unique approach AETD Red Cloak brings to the fight, and the advantage of coordinated advanced detection across the network and endpoints.

1 of 16
Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires
Justin Turner CTU Special Operations Phil Burdette CTU Cyber Intel Cell • The Counter Threat Unit Special Operations team is dedicated to responding to intrusions from hostile Nation States and other advanced adversaries on a daily basis
3 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Agenda Why are we losing? How do we win? Prove it!
4 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Defeat
5 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Winning
The industry’s definition of defeat is different from our adversary’s definition of winning
Behaviors drive detections, indicators drive investigations
8 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration WMI Consumer
9 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
10 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
11 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
12 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
13 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
14 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection
15 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection
MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

Recommended

MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...Dell EMC World
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Dragos, Inc.
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 

Recommended

MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...Dell EMC World
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
Critical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyCritical Capabilities for MDR Services - What to Know Before You Buy
Critical Capabilities for MDR Services - What to Know Before You BuyFidelis Cybersecurity
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Dragos, Inc.
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
Introduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersIntroduction to Advanced Persistent Threats (APT) for Non-Security Engineers
Introduction to Advanced Persistent Threats (APT) for Non-Security EngineersOllie Whitehouse
 
2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity GroupsDragos, Inc.
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthIceQUICK
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
CERT Certification
CERT CertificationCERT Certification
CERT CertificationConferencias FIST
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityCore Security
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 
Building CSIRT and its competency
Building CSIRT and its competencyBuilding CSIRT and its competency
Building CSIRT and its competencyDidik Partono Rudiarto
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Nethemba - Writing exploits
Nethemba - Writing exploitsNethemba - Writing exploits
Nethemba - Writing exploitsOWASP (Open Web Application Security Project)
 
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]RootedCON
 

More Related Content

What's hot

2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity GroupsDragos, Inc.
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint SecurityBen Rothke
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthIceQUICK
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingFRSecure
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentDamon Small
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsPeter Wood
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Dan Morrill
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityCore Security
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsSameer Thadani
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 

What's hot (20)

2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups2018 Year in Review- ICS Threat Activity Groups
2018 Year in Review- ICS Threat Activity Groups
 
Top Tactics For Endpoint Security
Top Tactics For Endpoint SecurityTop Tactics For Endpoint Security
Top Tactics For Endpoint Security
 
DC970 Presents: Defense in Depth
DC970 Presents: Defense in DepthDC970 Presents: Defense in Depth
DC970 Presents: Defense in Depth
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
Purple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration TestingPurple Teaming - The Collaborative Future of Penetration Testing
Purple Teaming - The Collaborative Future of Penetration Testing
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability AssessmentBeyond the Scan: The Value Proposition of Vulnerability Assessment
Beyond the Scan: The Value Proposition of Vulnerability Assessment
 
Security Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent ThreatsSecurity Intelligence: Advanced Persistent Threats
Security Intelligence: Advanced Persistent Threats
 
Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)Understanding advanced persistent threats (APT)
Understanding advanced persistent threats (APT)
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Persistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent ThreatsPersistence is Key: Advanced Persistent Threats
Persistence is Key: Advanced Persistent Threats
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirt
 
Building CSIRT and its competency
Building CSIRT and its competencyBuilding CSIRT and its competency
Building CSIRT and its competency
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
 

Viewers also liked

Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]RootedCON
 
MT54 Better security is better business
MT54 Better security is better businessMT54 Better security is better business
MT54 Better security is better businessDell EMC World
 
How Functions Work
How Functions WorkHow Functions Work
How Functions WorkSaumil Shah
 
Finding Product Market Fit
Finding Product Market FitFinding Product Market Fit
Finding Product Market FitScott Bales
 
Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns Thoughtworks
 
Recommendation system
Recommendation system Recommendation system
Recommendation system Vikrant Arya
 

Viewers also liked (7)

Nethemba - Writing exploits
Nethemba - Writing exploitsNethemba - Writing exploits
Nethemba - Writing exploits
 
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
Fermín J. Serna - Exploits & Mitigations: EMET [RootedCON 2010]
 
MT54 Better security is better business
MT54 Better security is better businessMT54 Better security is better business
MT54 Better security is better business
 
How Functions Work
How Functions WorkHow Functions Work
How Functions Work
 
Finding Product Market Fit
Finding Product Market FitFinding Product Market Fit
Finding Product Market Fit
 
Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns Lean Product Management for Enterprises: The Art of Known Unknowns
Lean Product Management for Enterprises: The Art of Known Unknowns
 
Recommendation system
Recommendation system Recommendation system
Recommendation system
 

Similar to MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached Dell EMC World
 
Perimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsPerimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsDan Houser
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedEndgameInc
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedAshwini Almad
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Duo Security
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...Brian Kelly
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeDell EMC World
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelineswebhostingguy
 
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625pladott1
 
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記 HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記 Hacks in Taiwan (HITCON)
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Matthew Rosenquist
 
Cyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz AcademyCyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz Academyananthakrishnansblit
 
Cyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiCyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiamallblitz0
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webST_World
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defenseChristiaan Beek
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsChristopher Frenz
 
Advanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxAdvanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxFrancesco Faenzi
 

Similar to MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires (20)

MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
 
Perimeter Defense in a World Without Walls
Perimeter Defense in a World Without WallsPerimeter Defense in a World Without Walls
Perimeter Defense in a World Without Walls
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are Detected
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are DetectedWorst-Case Scenario: Being Detected without Knowing You are Detected
Worst-Case Scenario: Being Detected without Knowing You are Detected
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
 
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
How To Stop Targeted Attacks And Avoid “Expense In Depth” With Strong Authent...
 
MT82 IoT Security Starts at Edge
MT82 IoT Security Starts at EdgeMT82 IoT Security Starts at Edge
MT82 IoT Security Starts at Edge
 
Web Server Security Guidelines
Web Server Security GuidelinesWeb Server Security Guidelines
Web Server Security Guidelines
 
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
First 2015 szatmary-eric_defining-and-measuring-capability-maturity_20150625
 
01.L1 Deck- Singularity Platform.pptx
01.L1 Deck- Singularity Platform.pptx01.L1 Deck- Singularity Platform.pptx
01.L1 Deck- Singularity Platform.pptx
 
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記 HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
HITCON FreeTalk 2022 - Zero Trust Architecture 讀書筆記
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
 
Cyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz AcademyCyber security course in kerala | C|PENT | Blitz Academy
Cyber security course in kerala | C|PENT | Blitz Academy
 
Cyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochiCyber security courses in Kerala , kochi
Cyber security courses in Kerala , kochi
 
Track 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for webTrack 5 session 4 - st dev con 2016 - life cycle management for web
Track 5 session 4 - st dev con 2016 - life cycle management for web
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
 
Offensive malware usage and defense
Offensive malware usage and defenseOffensive malware usage and defense
Offensive malware usage and defense
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
Advanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptxAdvanced Metering Infrastructure Security Test.pptx
Advanced Metering Infrastructure Security Test.pptx
 

More from Dell EMC World

MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...Dell EMC World
 
David Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC WorldDavid Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC WorldDell EMC World
 
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...Dell EMC World
 
MT58 High performance graphics for VDI: A technical discussion
MT58 High performance graphics for VDI: A technical discussionMT58 High performance graphics for VDI: A technical discussion
MT58 High performance graphics for VDI: A technical discussionDell EMC World
 
MT93 - Federal: End-point evolution: Mobile, secure, connected
MT93 - Federal: End-point evolution: Mobile, secure, connected MT93 - Federal: End-point evolution: Mobile, secure, connected
MT93 - Federal: End-point evolution: Mobile, secure, connected Dell EMC World
 
MT92 - Federal: Budget? What budget? Build your dream IT modernization plan
MT92 - Federal: Budget? What budget? Build your dream IT modernization planMT92 - Federal: Budget? What budget? Build your dream IT modernization plan
MT92 - Federal: Budget? What budget? Build your dream IT modernization planDell EMC World
 
MT87 How technology can reduce costs, minimize environmental impact, and maxi...
MT87 How technology can reduce costs, minimize environmental impact, and maxi...MT87 How technology can reduce costs, minimize environmental impact, and maxi...
MT87 How technology can reduce costs, minimize environmental impact, and maxi...Dell EMC World
 
MT101 Dell OCIO: Delivering data and analytics in real time
MT101 Dell OCIO: Delivering data and analytics in real timeMT101 Dell OCIO: Delivering data and analytics in real time
MT101 Dell OCIO: Delivering data and analytics in real timeDell EMC World
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportDell EMC World
 
MT13 - Keep your business processing operating at peak efficiency with Dell E...
MT13 - Keep your business processing operating at peak efficiency with Dell E...MT13 - Keep your business processing operating at peak efficiency with Dell E...
MT13 - Keep your business processing operating at peak efficiency with Dell E...Dell EMC World
 
MT12 - SAP solutions from Dell – from your Datacenter to the Cloud
MT12 - SAP solutions from Dell – from your Datacenter to the CloudMT12 - SAP solutions from Dell – from your Datacenter to the Cloud
MT12 - SAP solutions from Dell – from your Datacenter to the CloudDell EMC World
 
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoTMT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoTDell EMC World
 
MT01 The business imperatives driving cloud adoption
MT01 The business imperatives driving cloud adoptionMT01 The business imperatives driving cloud adoption
MT01 The business imperatives driving cloud adoptionDell EMC World
 
Mt19 Integrated systems as a foundation of the Software Defined Datacentre
Mt19 Integrated systems as a foundation of the Software Defined DatacentreMt19 Integrated systems as a foundation of the Software Defined Datacentre
Mt19 Integrated systems as a foundation of the Software Defined DatacentreDell EMC World
 
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...Dell EMC World
 
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...Dell EMC World
 
MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...
MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...
MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...Dell EMC World
 
MT16 Future-Ready Networking for the Campus
MT16 Future-Ready Networking for the CampusMT16 Future-Ready Networking for the Campus
MT16 Future-Ready Networking for the CampusDell EMC World
 
MT25 Server technology trends, workload impacts, and the Dell Point of View
MT25 Server technology trends, workload impacts, and the Dell Point of ViewMT25 Server technology trends, workload impacts, and the Dell Point of View
MT25 Server technology trends, workload impacts, and the Dell Point of ViewDell EMC World
 
MT23 Benefits of Modular Computing from Data Center to Branch Office
MT23 Benefits of Modular Computing from Data Center to Branch OfficeMT23 Benefits of Modular Computing from Data Center to Branch Office
MT23 Benefits of Modular Computing from Data Center to Branch OfficeDell EMC World
 

More from Dell EMC World (20)

MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
MT135_Simplifying web-scale systems management with the Dell PowerEdge Embedd...
 
David Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC WorldDavid Goulden keynote at Dell EMC World
David Goulden keynote at Dell EMC World
 
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
MT147_Thinking Windows 10? Think simple, scalable, and secure deployments wit...
 
MT58 High performance graphics for VDI: A technical discussion
MT58 High performance graphics for VDI: A technical discussionMT58 High performance graphics for VDI: A technical discussion
MT58 High performance graphics for VDI: A technical discussion
 
MT93 - Federal: End-point evolution: Mobile, secure, connected
MT93 - Federal: End-point evolution: Mobile, secure, connected MT93 - Federal: End-point evolution: Mobile, secure, connected
MT93 - Federal: End-point evolution: Mobile, secure, connected
 
MT92 - Federal: Budget? What budget? Build your dream IT modernization plan
MT92 - Federal: Budget? What budget? Build your dream IT modernization planMT92 - Federal: Budget? What budget? Build your dream IT modernization plan
MT92 - Federal: Budget? What budget? Build your dream IT modernization plan
 
MT87 How technology can reduce costs, minimize environmental impact, and maxi...
MT87 How technology can reduce costs, minimize environmental impact, and maxi...MT87 How technology can reduce costs, minimize environmental impact, and maxi...
MT87 How technology can reduce costs, minimize environmental impact, and maxi...
 
MT101 Dell OCIO: Delivering data and analytics in real time
MT101 Dell OCIO: Delivering data and analytics in real timeMT101 Dell OCIO: Delivering data and analytics in real time
MT101 Dell OCIO: Delivering data and analytics in real time
 
MT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT SupportMT17_Building Integrated and Secure Networks with limited IT Support
MT17_Building Integrated and Secure Networks with limited IT Support
 
MT13 - Keep your business processing operating at peak efficiency with Dell E...
MT13 - Keep your business processing operating at peak efficiency with Dell E...MT13 - Keep your business processing operating at peak efficiency with Dell E...
MT13 - Keep your business processing operating at peak efficiency with Dell E...
 
MT12 - SAP solutions from Dell – from your Datacenter to the Cloud
MT12 - SAP solutions from Dell – from your Datacenter to the CloudMT12 - SAP solutions from Dell – from your Datacenter to the Cloud
MT12 - SAP solutions from Dell – from your Datacenter to the Cloud
 
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoTMT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
MT11 - Turn Science Fiction into Reality by Using SAP HANA to Make Sense of IoT
 
MT01 The business imperatives driving cloud adoption
MT01 The business imperatives driving cloud adoptionMT01 The business imperatives driving cloud adoption
MT01 The business imperatives driving cloud adoption
 
Mt19 Integrated systems as a foundation of the Software Defined Datacentre
Mt19 Integrated systems as a foundation of the Software Defined DatacentreMt19 Integrated systems as a foundation of the Software Defined Datacentre
Mt19 Integrated systems as a foundation of the Software Defined Datacentre
 
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
MT09 Using Dell’s HPC Cloud Solutions to maximize HPC utilization while reduc...
 
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
MT125 Virtustream Enterprise Cloud: Purpose Built to Run Mission Critical App...
 
MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...
MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...
MT126 Virtustream Storage Cloud: Hyperscale Cloud Object Storage Built for th...
 
MT16 Future-Ready Networking for the Campus
MT16 Future-Ready Networking for the CampusMT16 Future-Ready Networking for the Campus
MT16 Future-Ready Networking for the Campus
 
MT25 Server technology trends, workload impacts, and the Dell Point of View
MT25 Server technology trends, workload impacts, and the Dell Point of ViewMT25 Server technology trends, workload impacts, and the Dell Point of View
MT25 Server technology trends, workload impacts, and the Dell Point of View
 
MT23 Benefits of Modular Computing from Data Center to Branch Office
MT23 Benefits of Modular Computing from Data Center to Branch OfficeMT23 Benefits of Modular Computing from Data Center to Branch Office
MT23 Benefits of Modular Computing from Data Center to Branch Office
 

MT 69 Tripwire Defense: Advanced Endpoint Detection by a Thousand Tripwires

  • 2. Justin Turner CTU Special Operations Phil Burdette CTU Cyber Intel Cell • The Counter Threat Unit Special Operations team is dedicated to responding to intrusions from hostile Nation States and other advanced adversaries on a daily basis
  • 3. 3 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Agenda Why are we losing? How do we win? Prove it!
  • 4. 4 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Defeat
  • 5. 5 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Reconnaissance Lateral Movement Data Exfiltration Delivery Command & Control Credential Theft Host Enumeration Define Winning
  • 6. The industry’s definition of defeat is different from our adversary’s definition of winning
  • 8. 8 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration WMI Consumer
  • 9. 9 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 10. 10 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 11. 11 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 12. 12 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 13. 13 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Backdoor Credential Theft Defensive Evasion Host Enumeration Lateral Movement Exfiltration
  • 14. 14 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection
  • 15. 15 Dell - Internal Use - Confidential Classification: //SecureWorks/Confidential - Limited External Distribution: Case Study :: Behaviors Drive Detection