Driving a Stake in Advanced Threats (SUNBURST) with the Network.

  • Tuesday, 26 Jan 2021 1:00PM EST (26 Jan 2021 18:00 UTC)
  • Speakers: Dave Shackleford, John Smith

It has been a time-honored, folklore tradition from Bram Stoker all the way down to \Buffy the Vampire Slayer" that a vampire must FIRST be invited in to enter your home. At the end of 2020, the worst Supply Chain attack in memory meant that 18,000 companies unknowingly invited digital vampires to enter their networks and feast on their intellectual property.

Given that sophisticated actors will continue, how can you use covert countermeasures to flag unusual and malicious behavior, investigate and respond to stop them before they breach your network?

In this talk, we will use the SUNBURST backdoor exploit as a backdrop since the majority of the IOCs were Network visible (Domains, Subdomains and IP Addresses). '

  • 'How to flag suspicious behavior regardless of its presence on a threat intelligence blacklist or the IOC
  • 'How Split-Tunnel VPNs have removed C2 visibility from us and the risk that raises
  • 'How to use the value of the covert, always-on, always watching network

'We will conclude with how to use Network Detection and Response (NDR) as a cross and Endpoint Detection and Response (EDR) as a wooden stake to stop advanced threats.


ExtraHop Networks logo