Driving a Stake in Advanced Threats (SUNBURST) with the Network

Presented by

John Smith, Principal Engineer at ExtraHop; Dave Shackleford, Analyst at SANS

About this talk

It has been a time-honored, folklore tradition from Bram Stoker all the way down to "Buffy the Vampire Slayer" that a vampire must FIRST be invited in to enter your home. At the end of 2020, the worst Supply Chain attack in memory meant that 18,000 companies unknowingly invited digital vampires to enter their networks and feast on their intellectual property. Given that sophisticated actors will continue, how can you use covert countermeasures to flag unusual and malicious behavior, investigate and respond to stop them before they breach your network? In this talk, we will use the SUNBURST backdoor exploit as a backdrop since the majority of the IOCs were Network visible (Domains, Subdomains and IP Addresses). - How to flag suspicious behavior regardless of its presence on a threat intelligence blacklist or the IOC - How Split-Tunnel VPNs have removed C2 visibility from us and the risk that raises - How to use the value of the covert, always-on, always watching network We will conclude with how to use Network Detection and Response (NDR) as a cross and Endpoint Detection and Response (EDR) as a wooden stake to stop advanced threats.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (207)
Subscribers (10860)
The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster. Learn more at www.extrahop.com