Detecting Ransomware Before It’s Too Late Using MITRE ATT&CK

Logo
Presented by

Randy Franklin Smith, Ultimate Windows Security; Michael McGinnis, LogRhythm

About this talk

Good backups are not the solution to ransomware. Backups take time – time when your business is in complete limbo because it chose to completely shut down business operations out of “an abundance of caution.” Paying the ransom isn’t a solution either because all that data usually needs to be decrypted. This takes time and may not fully recover all of the data or doesn’t work at all. In the case of the Colonial Pipeline, decryption took so long, they decided to restore data from their backups even after paying the ransom. Really the only true defense against ransomware is prevention combined with early detection and response capabilities. Beyond that, you need a well-honed and fast-as-possible, complete-as-possible recovery procedure which means automatic and secure. Fast recovery is a topic for another day. And for many organizations prevention requires redesign of network and re-thinking of security priorities – lots of rip and repair costs and support from management that has yet to materialize at most organizations I talk to. So, for now, how do you know where to spend your limited resources to detect ransomware early enough to prevent Impact (MITRE ATT&CK Tactic TA0040). In this real training for free session, Randy Franklin Smith of Ultimate Windows Security and LogRhythm will use MITRE ATT&CK as a guide for answering that question. We’ll look at the tactics an attacker must complete prior to triggering the ransom note (post Impact). Then we’ll explore key techniques associated with each of those tactics. The prerequisite tactics include: Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Mike McGinnis, Senior Sales Engineer at LogRhythm will show you how they make Network Threat Hunting Made Easy with the MistNet NDR MITRE ATT&CK™ Engine.
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (257)
Subscribers (76717)
LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency. With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com