Using Behavior to Detect Intrusions Involving Edge Devices

Logo
Presented by

Jeffrey Gardner, Nick Cavalancia, Ted Samuels

About this talk

Any Internet-facing device, appliance, server, or VM is fair game as an initial attack vector to a cyber attacker. They are readily accessible remotely and offer security teams little visibility into whether they are secure, under attack, or compromised. Additionally, those devices running on a Linux kernel can prove to be valuable assets to an attacker: A Linux device can be made a stealthy persistent foothold from which to pivot and begin attacks on your Windows infrastructure, it can be used to assist in exfiltration, and just because it’s been patched doesn’t mean it hasn’t already been exploited and continues to provide access via web shell. All this while your security team may be unaware these devices are still compromised. Attackers choosing to pivot and focus on gaining access to your Windows environment, historically expose themselves to detection through indicators of compromise (IoC) on the network, as well as within the Windows OS, applications, and Active Directory. But with many attackers working to hide their tracks, how can organizations detect attacks and trace them back to edge devices?
Related topics:

More from this channel

Upcoming talks (31)
On-demand talks (571)
Subscribers (47737)
Rapid7 is creating a more secure digital future for all by helping organizations strengthen their security programs in the face of accelerating digital transformation. Our portfolio of best-in-class solutions empowers security professionals to manage risk and eliminate threats across the entire threat landscape from apps to the cloud to traditional infrastructure to the dark web. We foster open source communities and cutting-edge research–using these insights to optimize our products and arm the global security community with the latest in attackers methods. Trusted by more than 10,000 customers worldwide, our industry-leading solutions and services help businesses stay ahead of attackers, ahead of the competition, and future-ready for what’s next.