Attack Driven Defense presented at OWASPAppSecCalifornia 2014

by Zane Lackey,

Summary : Traditionally, defense has been approached without enough emphasis on countering real world attack behaviors. This presentation will cover new network defense techniques from an attack perspective, specifically focusing on building detection systems around initial compromise, persistence/C2, and lateral movement. It will discuss practical methods of alerting on both host and network level persistence, what works (and what doesn’t!) with network traffic anomaly analysis, and useful approaches for correlating weak and strong attack signals. Finally, this presentation will demonstrate effective ways to reduce organizational attack surface, simulate realistic adversaries, and increase cost for attackers.