Learning from Breach Reports to Improve Cross-platform Endpoint Monitoring | SANS SOC Summit 2019

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=PNL3-0Si1U0


Duration: 32:15
525 views
17

There’s plenty of news about breaches, but the reporting is usually so vague that as defenders we don’t get good enough useful information about what actually happened to help us improve our defenses. However, in 2018, both the SingHealth (Singapore) and Equifax (United States) breaches resulted in significant, detailed reports. In this talk, we will look at significant findings from these reports and map them to the MITRE ATT&CK framework in order to understand if our defenses are effective. We will then look to see how we can monitor our systems with the open-source and cross-platform tool Osquery in order to detect such breaches on Windows, Mac, and Linux.

Guillaume Ross, Lead Security Researcher, Uptycs

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Institute


2020-03-18Deployment Kit for Securing Your Workforce at Home
2020-03-18Understanding SANS CyberCast - So Much More Than Live Virtual Training
2020-03-17OUTFIGHT: Leveraging Automation & Machine Learning
2020-03-17OUTMANEUVER: Changing the Attack Surface
2020-03-17OUTPERFORM: Strategies to Get in Front of Attacks
2020-03-17Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
2020-03-16Weaponizing the Deep Web | SANS OSINT Summit 2020
2020-03-09Serverless Security: Attackers and Defenders | SANS Cloud Security Summit 2019
2020-03-03This Will Never Work: Tales from Disappointingly Successful Pen Tests | SANS SOC Summit 2019
2020-02-25Rapid Recognition and Response to Rogues | SANS Security Operations Summit 2019
2020-02-18Learning from Breach Reports to Improve Cross-platform Endpoint Monitoring | SANS SOC Summit 2019
2020-02-13Cyber Threats to Electric Industry - What You Need to Know | STAR Webcast
2020-02-10Cloud Security Automation: From Infrastructure to App | SANS Cloud Security Summit 2019
2020-02-03Virtuous Cycles: Rethinking the SOC for Long-Term Success | SANS Security Operations Summit 2019
2020-01-31Build Effective Cybersecurity Team Skills | SANS Team-Based Training
2020-01-30The State of Cloud Security: How Does Your Organization Compare? | SANS Cloud Security Summit 2019
2020-01-27A SOC Technology/Tools Taxonomy – And Some Uses for It | SANS Security Operations Summit 2019
2020-01-24Who Done It? Gaining Visibility and Accountability in the Cloud | SANS Cloud Security Summit
2020-01-22SANS Institute & Trace Labs partner on an OSINT Missing Persons CTF challenge at SANS CDI 2019
2020-01-17Keep it Flexible: How Cloud Makes it Easier and Harder to Detect Bad Stuff | SANS Cloud Summit
2020-01-15SPECIAL WEBCAST: What you need to know about the Crypt32.dll / CryptoAPI Flaw


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
Guillame Ross
ATT&CK
endpoint monitoring