Defending Against Tomorrow's Attacks Using Today's Tools
Today’s evolving threat landscape continues to challenge defenders’ ability to keep pace with attackers’ innovation. Economies of scale for commodity attacks have led to alert fatigue in SOCs. Specialization in the offensive marketplace enables savvy threat actors to outsource steps in the attack lifecycle outside their expertise or profitability margin. And the tools and services available to defenders have increased in quantity, complexity and sophistication. This presentation will highlight several notable trends in the offensive and defensive threat landscapes that the speaker has observed and helped develop over his ten years as a security researcher and practitioner at Mandiant, FireEye, Microsoft and now Permiso Security. Particular focus will be given to discussing advancements in attacker tradecraft, shifts in defensive tooling and capabilities (in detection, prevention and response) and the maturing mindset of the Advanced Persistent Defender that should inform our industry how to use today’s tools to defend against tomorrow’s attacks.
Daniel Bohannon is a Principal Security Researcher at Permiso Security, a Palo Alto-based cloud security startup in the CDR (Cloud Detection & Response) space. He has 13 years of professional IT and cyber security experience working as an incident response consultant, threat hunter, detection engineer and security researcher at Mandiant, FireEye and Microsoft. Mr. Bohannon is an international conference speaker and trainer, having presented his open source tools, research and workshops at 27 security conferences in 18 countries including Black Hat USA, Black Hat Asia and DEF CON. His primary research areas include obfuscation, evasion and methodology-based host-, network- and cloud-based detection techniques applied at scale. Mr. Bohannon holds a Bachelor of Science in Computer Science from The University of Georgia (2010) and a Master of Science in Information Security from the Georgia Institute of Technology (2013).