Pen Test Austin - Two NEW courses, NetWars, CyberCity, Challenge coins all in Austin, TX!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Hunting Attackers with Network Audit Trails

  • Friday, December 6th, 2013 at 1:00 PM EST (18:00:00 UTC)
  • Tom Cross, Director of Research, Lancope
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Lancope

You can now attend the webcast using your mobile device!

Overview

Sophisticated, targeted attacks have become increasing difficult to detect and analyze. Attackers can employ 0-day vulnerabilities and exploit obfuscation techniques to evade detection systems and "fly under the radar" for long periods of time.

Gartner estimates 85% of breaches go completely undetected and 92% of the detected breaches are reported by third parties. New strategies for identifying network attack activity are necessary.

Learn how network logging technologies such as NetFlow and IPFIX can be applied to the problem of detecting sophisticated, targeted attacks and used to create an audit trail of network activity that can be analyzed, both automatically and by skilled investigators, to uncover anomalous traffic.

Lancope will demonstrate how to these records can be used to:

  • Discover active attacks in each phase of the attacker's "kill chain."
  • Determine the scope of successful breaches and document the timeline of the attacks

Speaker Bio

Tom Cross

Tom Cross is Director of Security Research at Lancope. He has over a decade of experience as a security researcher and thought leader. Tom was previously manager of the IBM X-Force Advanced Research team. He is credited with discovering a number of critical security vulnerabilities in enterprise class software and has written papers on topics including security issues in Internet routers, securing wireless LANs and protecting Wikipedia from vandalism. He frequently speaks on security issues at conferences around the world.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.