The “Assumption of Compromise”: Government Agency Best Practices

Logo
Presented by

Ian Farquhar, Security CTO and Stephen Goudreault, Cloud Security Evangelist

About this talk

It’s not a matter of “if” but “when” organizations are breached. That’s the premise that Federal agencies operate under and it’s one that would be prudent to follow. With an Assumption of Compromise, it’s assumed that threat actors are currently living off the land (LTOL) using applications and protocols already available in workloads. Why LTOL and similar attacks can go unnoticed is because of a critical gap in traditional logging that is often overlooked. Learn why relying on logs from a firewall or router as the single source of truth is not enough. In this session, we will take a broad look at logging from the perspective of government threat hunting, and how it can be greatly enhanced with network-derived intelligence to make it far more resilient and harder for bad actors to defeat.
Related topics:

More from this channel

Upcoming talks (16)
On-demand talks (94)
Subscribers (6087)
Gigamon offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools. This powerful combination enables IT organizations to assure security and compliance governance, speed root-cause analysis of performance bottlenecks, and lower operational overhead associated with managing hybrid and multi-cloud IT infrastructures.