Topic: Last Call for Attackers – You Don’t Have to Go Home, But You Can’t Stay Here
Summary:
It’s no secret that most targeted organizations are compromised for months or years before they discover for themselves, or are notified by an outside party, that an intrusion has occurred. But once the lights go on, how long should it take to kick out the bad guys?
These attackers are constantly evolving their TTPs using strategies to circumvent common defenses such as IDS/IPS, whitelisting solutions, DLP, and two-factor authentication VPN solutions. To make matters worse, they usually hide in plain site, using legitimate credentials.
The CrowdStrike remediation team has developed strategies to combat these adversaries and will share some of those countermoves in this session. We’ll discuss real word cases we’ve recently worked and show you the defensive strategies we used to counter Bears and Pandas and Kittens in the wild.
Presenter: Christopher Scott
Director CrowdStrike Services
twitter: NetOpsGuru
Christopher Scott has over 15 years experience working with the Department of Defense and Fortune 500, and Defense Industrial Base companies to develop business and network security processes and procedures. He has particular expertise in targeted threat detection and prevention. As a Director at CrowdStrike Services, Christopher specializes in developing and implementing remediation plans for clients. In addition, he supports a variety of other engagements including conducting security reviews, leading incident response teams, performing insider threat analysis and engineering threat detection systems, business continuity and disaster recovery processes. Christopher has presented several times to peers at closed-session DoD and DIB conferences. He frequently collaborates on techniques and processes to detect some of the most advanced targeted attacks companies face today.