Written by SANS instructor Matt Bromiley
Despite our best efforts, security practitioners are finding the same attacker return to their systems at least twice. Why is this happening? Are our detection methods working and if not, why not? This SANS whitepaper will look at the evolution of attackers, whether existing defenses are working and how to improve our stance.
Readers will learn techniques used to identify, remediate and eradicate attackers as well as tips for successfully using deception techniques, including traps and lures. A case study will illustrate key recommendations.
Matt Bromiley is a SANS Certified Digital Forensics and Incident Response instructor, teaching Advanced Digital Forensics, Incident Response, and Threat Hunting (FOR508) and Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (FOR572), and a GIAC Advisory Board member. He is also a principal incident response consultant at a major incident response and forensic analysis company, combining experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.