SLAITConsulting EndPointFirstlineofdefense InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com WhyaretheGoodGuyslosing? o EvolvingThreats(Badguysaregettingbetter) o ProgramMaturity/InvestmentChallenges o SecurityStaffingChallenges o Over-relianceonsecuritytechnologies o AlertFatigue(Informationoverload) InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com YouareSpecial Yourbusiness really isspecial • Differentthreat landscape • Differenttech stack • Differentbusiness processes Knowthethreat Knowthetech InnovativeSolutions For Forward Thinking Companies Knowthe business www.slaitconsulting.com Hunting means: • Understanding yourbusinessspecificthreatsandmotivations • Understanding yourtechstackand blind spots • Understandsthebusiness and what’s“normal” Letsfacethefacts Attackersarewellfunded and sophisticated Increaseintargetedattacksin 2013 Launching Zero-Dayattacks aremoreaccessibleand common Ofexploitkitsutilize vulnerabilities lessthantwo yearsold Targetedattackscanonlybe solvedontheendpoint OfBreachesinvolveatargeted userdevice InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com WhatdoImeanwhenIthinkendpoint? • • • • • Symantic Kaspersky Bitdefender Sophos McAfee AntiVirus, Whitelisting, AntiSpam, IPS, Patchmanagement InnovativeSolutions For Forward Thinking Companies • • • • SLAITSecurity Crowdstrike FireEye (Mandiant) Fidelis Activehunting capable,NoBlocking, DVR, Liveresponsecapable,includesthreat intelligence, Sandbox,Securityanalytics www.slaitconsulting.com TypicalvulnerabilitiesontheEndpoint? Endpoint =Desktop, Laptops,Servers,IoT (anything withanOS) • OperatingSystem(Windows,Linux,OSX) • Browser • Application InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com Whytheendpoint? • • • • • Visibilitywithoffnetworkactivity Solvesencryptionproblem Attacksurface(endpointisthepreferredtarget) VPNtounauthorizednetworks(loggingnetworkconnections) Datacreationandtransmissionpoint InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com Why“Huntingattheendpoint”? o Activehuntingvs.passivealerting o Searchforadversarieswithoutexplicitwarnings o BYOBreachNotifications o Reduce“DwellTime” o Controlthemessagingandresponse(Firsttoknow) o Effective“offnetwork” InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com Howdoyouhuntforthreats? o AddEndpointvisibility o Utilizethetoolsyouhave o SEIM/Splunk o PaloAltoWildfire/FireEye o IDS/IPS/HIDS o CentralizedA/V o Find“context” ineveryalert o Customizealertsforyourenvironment InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com HuntingMethodology Behavior Baselines Threat Intelligence Malware Analysis Investigations InnovativeSolutions For Forward Thinking Companies BehavioralBaseline LookingatOperatingSystemactivitytodiscover potentialsecurityincidents ThreatIntelligence Determiningifexistingactivitymatches“known bad”indicators MalwareAnalysis Takeeveryexecutedapplicationwithinthe enterpriseanddeterminingifthebinaryshows anypotentialhigh-riskbehaviors Investigations AllsuspiciousactivitiesareputintotheSLAIT investigationframeworktodeterminepotential impacttotheclient www.slaitconsulting.com Let’stalktech… o EndpointDetection&Response o AdvancedPrevention o Network o OpenSource InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com Top10placestolookforBadness o o o o o o o o o o Processes Persistence UserAccountBehavior IP/Domainconnections AdminToolorExfiltrationfiles Geographyofnetworkconnections NetworkActivity/Volume AVLogs DriverStack AdvanceMalwarelogs InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com Bringingithome o Figureoutwhat’snormalinyourenvironmentand buildanomalyalerting– addcontext o Startwithtrackingdownalertsoreventsyoualready have– integratethreatintel o Attacksusuallystartwithendpoints o Beproactive!Don’twaitforsomeoneelsetonotify youofacompromise- reduce“threatpersistence/ dwelltime”window o Integratewithdefensiblesecurityprogram InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com SLAITThreatManage ManagedServices– IncidentResponse § Provides fullmanagementofClientIRandSecurityOperationssolutions fromtheSLAITServicesteam ThreatIntel Sourcing § IncludesActiveHunting &PassiveMonitoring § Sharedconsoleandsharedthreatintelligence § Scaleseasily– everydatasetadds valuetosystem Communication &Support § Assumes day-to-dayoperationswithfocusonimprovement § ExpertteamofIRandThreatHuntingstaff Alert Investigation § Utilizes“best-of-breed”endpoint technology Ø Ø Ø Ø Secure,specialized,scalable Discover&hunt Detect&alert Volatilecollection&analysis Stop, Triage,Destroy&Recover Triage& Remediation ThreatHunting LetSLAITassumethecomplexity,difficulty, andriskofanenterprise-levelthreatoperationswhileproviding advancedthreat intelligence&expertise TrueIR-as-a-Service InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com ThreatFeed:CB ThreatFeed: Facebook ThreatFeed:VT ThreatFeed: FileHash ThreatOpsArchitecture Managed Devices ThreatFeed: ThreatOps Network Logs Alerts: FireEye Alerts: PaloAlto Client Agents Collection Tools Alerts: BlueCoat LiveResponse IRTickets Client Dashboard CollectionData InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com Questions? [email protected] InnovativeSolutions For Forward Thinking Companies www.slaitconsulting.com
© Copyright 2026 Paperzz