Hunting Attackers with Network Audit Trails

  • Friday, 06 Dec 2013 1:00PM EST (06 Dec 2013 18:00 UTC)
  • Speaker: Tom Cross

Sophisticated, targeted attacks have become increasing difficult to detect and analyze. Attackers can employ 0-day vulnerabilities and exploit obfuscation techniques to evade detection systems and \fly under the radar" for long periods of time.

Gartner estimates 85% of breaches go completely undetected and 92% of the detected breaches are reported by third parties. New strategies for identifying network attack activity are necessary.

Learn how network logging technologies such as NetFlow and IPFIX can be applied to the problem of detecting sophisticated, targeted attacks and used to create an audit trail of network activity that can be analyzed, both automatically and by skilled investigators, to uncover anomalous traffic.

Lancope will demonstrate how to these records can be used to:

  • Discover active attacks in each phase of the attacker's "kill chain."
  • Determine the scope of successful breaches and document the timeline of the attacks