One of the most challenging aspects of working for a security vendor, is triyng to 'catch everything' while simultaneously not inundating SOC teams with more alerts than they can realistically handle. It's a delicate balance of striving toward high-efficacy detections and reducing false positives. Even with high fidelity alerting, attackers are consistently developing new ways to subvert security controls, and remain hidden. Often in plain sight.
After completing this session, the learner will: - Learn how criminals and red teams are actively subverting core security technologies, such as firewalls, SIEM, AV, EDR, IDS, etc. and what detection engineering entails. - Learn how to detect and respond to highly sophisticated attacks without being inundated with alerts, and limited risk of missing critical data. - Attendees will learn how to effectively hunt for bad actors, and how to truly validate threat indicators. - We're going to have fun. I have some intriguing datasets to walk through around a very active malvertizing campaign targeting Macs with zero-day attacks. - Look behind the scenes at how Carbon Black's Threat Analysis Unit maps out adversarial infrastructure.
Greg Foss is a Senior Threat Researcher with Carbon Black's Threat Analysis Unit (TAU) where he focuses on detection engineering, security efficacy, and product bypasses. In previous roles, Greg led a Threat Research team, built and ran a Global Security Operations program, consulted in penetration testing, and worked as an analyst for the federal government.