Part 1 - The Achilles Systems Hack Assessment Series: Breach or Blueprint?

Channel:
United States SANS Institute
Subscribers:
64,200
Published on ● Video Link: https://www.youtube.com/watch?v=5Ab1ixAcIsI


Duration: 52:34
450 views
10

Achilles Systems, a fictitious IT service provider to human resources teams in medium and large businesses, has fallen victim to an attack in which sensitive customer data and, potentially, customer networks, have been compromised. Achilles has a small security team who has historically focused on basic controls and compliance. However, it seems clear this attack was the work of a sophisticated adversary capable of circumventing the controls in place.

Much of Achilles' security has not been maintained since an initial push many years ago, and newer controls were bypassed or disabled by the attacker. Some examples of these are multi-factor authentication, which the attacker bypassed in part by impersonating a Achilles executive in a call to the Service Desk. Later in the intrusion, the attacker disabled Achilles' endpoint detection and response agents while moving through the internal network. Once the attacker achieved access, they quickly moved to systems containing sensitive data and parts of the network where direct customer access was possible.

As Achilles works to recover from the attack and regain customer trust, it seeks to invest in a more advanced defense able to withstand a more capable and determined attacker. Achilles management is committed to revisiting its security controls, devising better ways to proactively identify and remediate vulnerabilities, and investing in ongoing efforts to identify and respond to attacks before the damage is done.

Part 1 of 4

In this webcast, we will quickly review the breach at Achilles Systems and discuss why their existing security capabilities weren't enough to prevent the attack from being successful. We will then discuss a blueprint for continuous detection and response via security operations, and how Achilles might leverage the lessons learned from this breach to combat even the most sophisticated attacker in the future. We will cover topics such as:

SOC planning and functional design including people, process, and technology
Using intelligence to build collection, detection, and response capabilities
Incident detection and response

This webcast supports concepts from LDR551: Building and Leading Security Operations Centers. Learn more: https://www.sans.org/cyber-security-courses/building-leading-security-operations-centers/

Learn more about the Operational Triad: https://www.sans.org/cybersecurity-leadership/triads/



Other Videos By SANS Institute


2024-07-18Understanding the New NIS2 Directive: Compliance for EU Businesses
2024-07-10Infrastructure Architecture & Protection | The 8 Domains of the Cloud Security Maturity Model | Pt 7
2024-07-09Understanding Ransomware Threats to ESXi: Essential Insights
2024-07-01Cyber Wars: The Legal Force Awakens
2024-06-30Detection and Response | The 8 Domains of the Cloud Security Maturity Model | Part 6
2024-06-26Understanding the New NIS2 Directive: Compliance for EU Businesses
2024-06-25Understanding the New NIS2 Directive: Compliance for EU Businesses
2024-06-20Application & Workload Protection | The 8 Domains of the Cloud Security Maturity Model | Part 5
2024-06-11Dr. Ullrich on Today’s Cyber Threats: SANSFIRE 2024 Insights
2024-06-10Part 2 - The Achilles Systems Hack Assessment Series: Revisiting Enterprise Controls
2024-06-10Part 1 - The Achilles Systems Hack Assessment Series: Breach or Blueprint?
2024-06-10Security Assurance | The 8 Domains of the Cloud Security Maturity Model | Part 4
2024-06-06For the Win: Aligning Security Initiatives with the Business
2024-06-06Managing Risk in an AI-powered Future
2024-06-06Keynote | Challenges and Opportunities for Modern CISOs
2024-06-06Fireside Chat | Leading Cybersecurity: Risks, Relationships, and Resilience
2024-06-06Leading Without Authority: Leadership Beyond Titles
2024-06-06Navigating the AI Security Horizon: A CISO’s Guide to Sustaining Cyber Resilience
2024-06-04Supply Chain Compromises Pt. 1 | The Incident Commander Series Ep. 3
2024-06-03Top Five Trends in CISO Leadership
2024-05-29Security Governance | The 8 Domains of the Cloud Security Maturity Model


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training