The cyber security industry is successfully cashing in on the fight against commodity malware by commoditizing technology designed to catch that kind of automated attack. But if you could successfully detect and disrupt 100% of commodity malware-based attacks, what about attacks where you are deemed such a valuable target that one or more human attackers are directed against you? Such attacks are conceivably harder to detect and certainly less predictable. In terms of risk, such targeted human-directed attacks may not impact thousands of systems within minutes like the most aggressive automated attacks but a human attacker may have very specific targets in mind and cut far deeper. Automated attacks based on commodity malware are like a blunt instrument while human attackers correspond to a long thin stiletto aimed at the heart.
There are several technologies instrumented to detect (and sometimes block) known threats on the endpoint, but do you know how much they are missing or how effective they are against a human attacker? In this real-training-for-free event, I’m excited to have security researcher Wade Woolwine, from Rapid7, who will share his team’s latest research, discussing tactical ways security teams can monitor for threats that slip through the defenses to better protect their environments.
During the last quarter, most of the threats detected by Rapid7’s MDR team fell into MITRE ATT&CK’s “Execution” tactic grouping. Within this tactic, most threats were either leveraging the “Third-Party Tool” or “Scripting” techniques. Wade says “This led us to perform additional analysis on PowerShell usage by attackers. We found a number of commonalities in command line switches, command obfuscation, and overall usage that defenders can leverage to better detect and contain PowerShell-based attacks. Additionally, Rapid7’s MDR team continued to see attackers happily ‘living off the land’ by using built-in Microsoft Windows operating system tools to perform their nefarious activities. These findings can help defenders differentiate attacker activities from regular systems administration activities.”
In this real training for free event you’ll also learn:
- How to tackle modern threats to the endpoint like attackers using Powershell, built-in operating system tools against victims, lateral movement using valid accounts, and other “living off the land” attacks.
- What various sources of evidence you should monitor, the indicators to look for, and techniques for managing the alert load.
Then briefly, Rapid7 will show you how InsightIDR can help you reliably detect these stealthy attacks and identify risk across your environment.
Please join us for this real training for free event.