Beyond Sandboxing presented at ISSAinternationalcon 2014

by Livio Ricciulli,

Summary : Trends in mobility, peer to peer protocols, and virtualization are dissolving our defense perimeter.
Without a well-defined perimeter we cannot inspect all inbound content through a sandbox, thus
causing gaping security holes. We show how advanced correlation techniques can exploit the
intersection of Intrusion Detection and Flow Analysis to result in effective heuristics that uniquely detect
compromised assets. Like sand-boxing, these heuristics require virtually 0 prior knowledge of the threats
but can find and shut down compromised machines. We will provide some case studies on the
effectiveness of such heuristics across a great variety of Enterprises.