Rapid Recognition and Response to Rogues | SANS Security Operations Summit 2019

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=euczPBW_VSw


Duration: 24:23
160 views
3

The need to detect rogue devices on a network is part of the first control listed in the CIS Top 20 Critical Security Controls (Actively Manage Inventory and Control of all Hardware Assets). There are many solutions to monitor, detect, and respond to rogue devices on enterprise networks. These include commercial, open-source, and home-grown capabilities. Each solution uses different methods of determining what a rogue device is. In this talk we will cover several of those methods along with their strengths and weaknesses. Weโ€™ll also discuss the pros and cons of different responses that enterprises can take when rogues are found. But we will focus on using different techniques to show how a simple detection, which is usually just an IP address, can be enhanced to provide enough details to the analyst to speed up response decisions and even automate some responses based on business logic. Weโ€™ll demonstrate this by using one rogue detection tool to tackle a simple detection of a suspicious IP, add information to the event to make analysis easier, and show how that enhanced event can be used for automated responses.

Craig Bowser (@reswob10), Senior Security Engineer, U.S. Department of Energy

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Institute


2020-03-18Detecting and Defending Social Engineering Attacks
2020-03-18Deployment Kit for Securing Your Workforce at Home
2020-03-18Understanding SANS CyberCast - So Much More Than Live Virtual Training
2020-03-17OUTFIGHT: Leveraging Automation & Machine Learning
2020-03-17OUTMANEUVER: Changing the Attack Surface
2020-03-17OUTPERFORM: Strategies to Get in Front of Attacks
2020-03-17Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
2020-03-16Weaponizing the Deep Web | SANS OSINT Summit 2020
2020-03-09Serverless Security: Attackers and Defenders | SANS Cloud Security Summit 2019
2020-03-03This Will Never Work: Tales from Disappointingly Successful Pen Tests | SANS SOC Summit 2019
2020-02-25Rapid Recognition and Response to Rogues | SANS Security Operations Summit 2019
2020-02-18Learning from Breach Reports to Improve Cross-platform Endpoint Monitoring | SANS SOC Summit 2019
2020-02-13Cyber Threats to Electric Industry - What You Need to Know | STAR Webcast
2020-02-10Cloud Security Automation: From Infrastructure to App | SANS Cloud Security Summit 2019
2020-02-03Virtuous Cycles: Rethinking the SOC for Long-Term Success | SANS Security Operations Summit 2019
2020-01-31Build Effective Cybersecurity Team Skills | SANS Team-Based Training
2020-01-30The State of Cloud Security: How Does Your Organization Compare? | SANS Cloud Security Summit 2019
2020-01-27A SOC Technology/Tools Taxonomy โ€“ And Some Uses for It | SANS Security Operations Summit 2019
2020-01-24Who Done It? Gaining Visibility and Accountability in the Cloud | SANS Cloud Security Summit
2020-01-22SANS Institute & Trace Labs partner on an OSINT Missing Persons CTF challenge at SANS CDI 2019
2020-01-17Keep it Flexible: How Cloud Makes it Easier and Harder to Detect Bad Stuff | SANS Cloud Summit


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training
Craig Bowser
SOC
Security Operations