Jim Deerman, Head of Cybersecurity Engineering, ISC8
The process of detecting advanced malware threats is growing in complexity and in the sources of data and points to be analyzed. Certain tactics are well known and practiced, i.e. DNS fast fluxing, whitelisting/blacklisting, email tracking, pdf and image sandboxing, etc. The combination of these tactics plus more complicated behavior analysis needs to be automated in order to stay ahead of the bad actors as they quickly evolve. We will discuss these challenges and offer some ideas for solving the analysis automation in a world of big data – saving time and human resources in the fight against sophisticated hackers and rapidly emerging threats.
The process of detecting advanced malware threats is growing in complexity and in the sources of data and points to be analyzed. Certain tactics are well known and practiced, i.e. DNS fast fluxing, whitelisting/blacklisting, email tracking, pdf and image sandboxing, etc. The combination of these tactics plus more complicated behavior analysis needs to be automated in order to stay ahead of the bad actors as they quickly evolve. We will discuss these challenges and offer some ideas for solving the analysis automation in a world of big data – saving time and human resources in the fight against sophisticated hackers and rapidly emerging threats.
Join us to explore the concept of using automated tactical intelligence in the war against advanced malware. Cybersecurity solutions must be able to identify the tactical steps of the kill chain of sophisticated attacks and Advanced Persistent Threats (APTs). By automatically identifying these tactical steps and alerting the operator, the malware can be stopped prior to devastating damage or critical data theft occurring. Explore how these next-gen solutions utilize network topology and knowledge of advanced malware’s tactics to identify hosts that have been compromised. Unlike other tools that only work on a single event or signature, advanced threat detection solutions must be able to analyze and correlate network activities over weeks or months to identify the most sophisticated attacks - and do it automatically, saving valuable forensic analysts time and reducing the likelihood of missing serious bad actors.