Using Behavior to Detect Intrusions Involving Edge Devices

Presented by

Jeffrey Gardner, Nick Cavalancia, Ted Samuels

About this talk

Any Internet-facing device, appliance, server, or VM is fair game as an initial attack vector to a cyber attacker. They are readily accessible remotely and offer security teams little visibility into whether they are secure, under attack, or compromised. Additionally, those devices running on a Linux kernel can prove to be valuable assets to an attacker: A Linux device can be made a stealthy persistent foothold from which to pivot and begin attacks on your Windows infrastructure, it can be used to assist in exfiltration, and just because it’s been patched doesn’t mean it hasn’t already been exploited and continues to provide access via web shell. All this while your security team may be unaware these devices are still compromised. Attackers choosing to pivot and focus on gaining access to your Windows environment, historically expose themselves to detection through indicators of compromise (IoC) on the network, as well as within the Windows OS, applications, and Active Directory. But with many attackers working to hide their tracks, how can organizations detect attacks and trace them back to edge devices?

Related topics:

More from this channel

Upcoming talks (12)
On-demand talks (252)
Subscribers (19797)
Rapid7 is advancing security with visibility, analytics, and automation delivered through our Insight platform. Our solutions simplify the complex, allowing security teams to work more effectively with IT and development to reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Over 9,300 customers rely on Rapid7 technology, services, and research to improve security outcomes and securely advance their organizations. For more information, visit our website rapid7.com.