You Cant Respond If You Cant See: Building Sophisticated Detection Mechanisms Leveraging Patterns of Compromise

  • Thursday, 20 Aug 2015 3:00PM EDT (20 Aug 2015 19:00 UTC)
  • Speaker: Dave Shackleford

In the last several years, information security forensics and incident response teams have been fighting a losing battle. The attacks are coming more frequently, they're getting more sophisticated, and we always seem to be a step behind our adversaries. Despite this, we're learning some lessons along the way. The use of specific indicators of compromise (IOCs) to look for intrusion evidence has helped us, and we're getting better all the time. Unfortunately, we're not getting better fast enough, and we need to adopt some new approaches in order to be more effective at combating the advanced attacks we're seeing today. In this webcast, Dave Shackleford, senior SANS instructor and founder and principal consultant of Voodoo Security, will discuss the following:

  • How indicators of compromise (IOCs) are proving useful in helping defenders discover and respond to advanced attacks
  • Why we need to build on IOCs with the concept of \patterns of compromise" to develop more effective defense tactics
  • How information sharing and threat intelligence will enable information security teams to detect and respond faster and more effectively than ever