Detecting and Reducing Advanced Threat Dwell-Time with User Behavior Analytics presented at ISC2SecureSummit 2019

by Alexander Attumalil,

Summary : Advanced threat actors are no longer detected by traditional signature based defenses. As detection mechanisms for traditional attack vectors have advanced and organizations are taking data protection seriously, advanced actors have shifted from the use of traditional, yet noisy smash and grab methodologies. They infiltrate and stay persistent using advanced techniques like “Reel-Phish” & “Domain-Fronting”, hiding in the noise. They emulate and invoke privileges of a trusted insider to gain access and stay hidden. My discussion will start with an overview of traditional detection methodologies. Will dive into residual gaps and how user and network behavior augmentation would address these gaps and reduce dwell time.