Sponsor: Tanium
Topic: Know your environment better than your adversary
Presenter: Jesse Harris, Director of Technical Account Management
Summary:
- Assumption of breach. We are existing in a world where the adversary is significantly better equipped than most security teams. Most only know what is supposed to be in the environment, the winning party will know what is actually in the environment
- Good Hygiene: 99% of breaches come from known vulnerabilities. Seek a source of truth for patching, privileged credentials, autoruns, processes with md5’s, etc.
- Know the outliers: applications, new files, changed files, 50 writes per second to a drive, etc
- Script well – VBScript, Python, Powershell, etc.
- IR at Scale – Basic anatomy of a mimikatz memory credential dump, how’d we get here??
- Building an IOC for scalability, MD5 (message digest algorithm 5)
- Our widgets have to play nice, don’t architect in silos, try to have a built in vs bolt on security architecture/strategy
- There is a light at the end of the tunnel, but we can’t reinvent the wheel. We need to focus on ways to reinvent the road.
Lunch is $15 for non members, cash or check only.
Professional Credit: 1.5 CPE
Hope to see you soon!
Vince Skinner, President
If you have any questions or need to cancel please email Rachel.
PLEASE RSVP 48 HOURS BEFORE THE EVENT SO WE HAVE AN ACCURATE HEAD COUNT FOR FOOD!!!
If you are a maybe please respond with a yes.