Data breaches have become headline news, affecting government agencies, large corporations and small to mid-sized companies. Many of these breaches went on for months before being detected. Stopping a determined, well-resourced adversary requires the ability to detect the intrusion when the intruder is most vulnerable.
Join this session to learn:
Techniques to detect breaches more quickly, thereby mitigating the damage
The phases of the Cyber Kill Chain and its importance to stop attacks
How the SANS 20 Critical Security Controls can be linked to the attack phases of the Cyber Kill Chain
Whether the term used is "Advanced Persistent Threat (APT)," "advanced threat" or "state-sponsored threat actor," cyberattacks are increasing in sophistication and the amount of damage they can inflict. These attacks, frequently affiliated with governments or organized crime, have the resources, expertise and time necessary to meet their objectives.
Organizations should expect to be compromised in the future (if they have not already been compromised) because a well-funded, state-sponsored adversary is likely to find a weakness in a targeted environment and obtain access. This is sound advice, and all organizations must develop, implement and test incident response processes to prepare for inevitable security incidents.
If an organization experiences an intrusion, however, it does not necessarily mean that they will experience a substantial loss of sensitive data. A critical time period exists during an attack - the period of time after the attacker has established a presence in the targeted environment, but before the attacker has been able to identify, access and exfiltrate key data. If an intrusion is detected before critical data is exfiltrated, the impact can be minimized. Organizations must develop capabilities not only to prevent successful attacks, but also to detect attacks in progress.
In this webinar, Solutionary will present one approach to develop these capabilities. This approach maps the defensive techniques presented in the SANS 20 Critical Security Controls to the attack phases described in the Cyber Kill Chain. By ensuring that controls exist to detect each step of the kill chain, organizations provide themselves with the best opportunity to detect attacks.
Director of Security Research and Strategy, Solutionary
As Director of Security Research and Strategy for the Solutionary Security Engineering Research Team (SERT) Kraus and his team are continually focused on improving client's security by using threat research to advance threat detection.
Working with existing clients, he also helps define both tactical and strategic roadmaps, enabling them to reach their security goals and grow their businesses with security in mind. Before joining SERT, Kraus was a manager with Solutionary's Professional Security Services. In this role, he performed offensive-based security assessments consisting of penetration testing, vulnerability assessment, social engineering, Web application penetration tests and vulnerability research.
An accomplished author, Kraus has written/co-written two of Syngress Publishing's Seven Deadliest Attack Series - Seven Deadliest Windows Attacks and Seven Deadliest Network Attacks.
Senior Research Analyst, Solutionary
Scott is a senior research analyst with the Security Engineering Research Team at Solutionary. He has more than 16 years of IT experience, with the last ten years in the information security field. Prior to working at Solutionary, Scott was a cybersecurity analyst for a managing contractor to the Department of Energy/National Nuclear Security Administration. Scott led a team, as the senior analyst and as a manager, providing computer network defense capabilities for the corporate and government networks. He also performed various security assessments consisting of penetration testing and vulnerability assessments in addition to the defensive duties.