SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsApplication whitelisting technologies are extremely effective at reducing the ability for malicious code to run in an environment. For organizations with limited security budgets, built-in Windows features, such as AppLocker and Software Restriction Policies, offer the ability to implement low-cost whitelisting solutions that can significantly reduce the attack surface on Windows endpoints. While lacking centralized management and reporting consoles, these tools can be tested and deployed with limited effort using scripts to collect and analyze logs and Group Policy to manage whitelists.Even though whitelisting provides greater protection to endpoints, emerging research is highlighting innovative whitelisting bypass techniques, and attackers are adopting new styles to evade this type of control. However, through regular log review and anomaly detection, organizations can detect and respond to these types of sophisticated attacks that are bypassing application whitelisting utilities. When looking for attacks that are bypassing AppLocker specifically, organizations can lean heavily on the use of PowerShell for log collection and automated analysis.
Josh has been working in Information Security for 10+ years. He enjoys contributing to the community by sharing research and tools that help bolster blue team capabilities; tools that have been used in preventing and detecting large-scale incidents.
Read more about Josh Johnson