homepage
Open menu
Contact Sales

Scoping an Intrusion using Identity, Host, and Network Indicators

  • Wednesday, 28 Apr 2021 10:30AM EDT (28 Apr 2021 14:30 UTC)
  • Speakers: Chris Crowley, Dale OGrady

Second webcast of a two-part series, this webcast covers post identification activities. The techniques covered here could also be used for initial identification, but they're discussed here as though there is already an initial identification which can be used. The effort discussed herein, is to effectively determine the scope of an intrusion.

Defenders fail to discover the full extent of adversary infrastructure. Defenders claim \containment" without thoroughly searching for adversary. Defenders limit the scope of searching for adversary capability and infrastructure for only know items...instead of accepting that the adversary isn't limited to using the tactics and techniques we've discovered. In fact, it's in the adversary's interest to have heterogeneous capability to persist through discovery of one tactic or technique. Adversaries reuse infrastructure because there is a cost of resources and complexity to maintain multiple parallel infrastructures. A single infrastructure is frequently good enough since defenders aren't consistently thorough in intrusion scope discovery or eradication.

This webcast highlights techniques for scoping an incident once discovered, and the sources available on the network endpoints for identification of adversary infrastructure.

Register today to be among the first to receive the associate spotlight paper written by security expert Chris Crowley!

Login to Register

Sponsor

Vectra.png

Related Content

Blog
N2C_blog_image.png
Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)
A Visual Summary of SANS New2Cyber Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
cti_blog.png
Cyber Defense, Digital Forensics, Incident Response & Threat Hunting, Industrial Control Systems Security, Penetration Testing and Red Teaming
A Visual Summary of SANS CTI Summit 2024
Check out these graphic recordings created in real-time throughout the event for SANS CTI Summit 2024
370x370-person-placeholder.png
Alison Kim
read more
Blog
Top_10_SANS_Summits_Talks_of_2021.png
Cybersecurity Insights, Digital Forensics, Incident Response & Threat Hunting, Cyber Defense, Cloud Security, Open-Source Intelligence (OSINT), Cybersecurity Leadership, Security Awareness, Artificial Intelligence (AI)
Top 15 SANS Summit Talks of 2023
This year, SANS hosted 16 Summits with 209 talks. Here were the top-rated talks of the year.
370x370-person-placeholder.png
Alison Kim
read more