Leveraging Proactive Defense to Defeat Modern Adversaries
Thursday, September 17, 2015
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A
Brought to you by:
Leveraging Proactive Defense to Defeat Modern Adversaries - by Andrew Case
Leveraging Proactive Defense to Defeat Modern Adversaries - by Jared Greenhill, RSA
The current state of network defense is reactive and largely dependent on detection through mistakes by adversaries or benevolent 3rd parties alerting organizations to breaches within their network. This approach to detection is simply inexcusable and leads to attackers having control of a network for months or years before they are noticed.
In this presentation, threat hunting, which is the active seeking of threats throughout an environment, is presented. Through threat hunting, organizations can move from a reactive and hopeless state of defense to a proactive stance that ensures attackers will have few places to hide and only persist for short periods of time before detection. Only through proactive threat hunting and the benefits it brings can organizations hope to gain the upper hand on modern threats.
Andrew Case is a senior incident response handler and malware analyst. He has conducted numerous large-scale investigations that span enterprises and industries. Andrew's previous experience includes penetration tests, source code audits, and binary analysis. Andrew is the co-developer of Registry Decoder, a National Institute of Justice funded forensics application, as well as a developer on the Volatility memory analysis framework. He is a co-author of the highly popular and technical forensics analysis book "The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory". He has delivered trainings in the fields of digital forensics and incident response to a number of private and public organizations as well as at industry conferences. Andrew's primary research focus is physical memory analysis, and he has published a number of peer-reviewed papers in the field. He has presented his research at conferences including Black Hat, RSA, SOURCE, BSides, OMFW, GFirst, and DFRWS..
Jared Greenhill is an incident responder for RSA's Incident Response practice where he performs network- and host-based forensics, memory analysis and reverse engineering of malware. Prior to joining RSA, Jared was a forensic analyst for US-CERT’s Digital Media Analytics team where he performed malware analysis and provided digital forensic support. He has spoken at several industry-recognized conferences including RSA Conference, Security BSides New Orleans and the Open Memory Forensics Workshop. Jared will be teaching a graduate-level memory forensics course in the spring of 2016 in George Mason University's Computer Forensics Program, the same program he holds a Master’s degree from.