Published By: Preempt
Published Date: Nov 02, 2018
Attackers and malware are increasingly relying on a common set of tools to compromise identities and spread within a network. Tools like Mimikatz accompanied with common administrator tools like PsExec and WMI have become a standard part of an attacker’s arsenal to turn a single machine compromise into a full network breach. In this webinar we will take a look at why some of these tools are traditionally difficult to control, and introduce new countermeasures that let you fight back. In this webinar we will cover:
- An analysis of recent malware and attacks and the tools they used to spread through the network.
- A closer look at the underlying protocols supporting these tools, and the traditional challenges to controlling them.
- Introduce new controls that allow organizations to control NTLM in real-time, block pass-the-hash techniques, and adaptively control the use of NTLM in the network.
- How to gain visibility into PsExec, WMI, and RPC in general and how to create controls t
Despite increased awareness and focus on defending against targeted attacks from both business and security leaders, organizations continue to be breached and suffer the consequences. Many of today’s security investments are simply not aligned to defend against these targeted threat vectors. Advanced threat detection and response should not be a point solution but rather a combination of technologies and core competencies. Detecting and responding to advanced threats should involve tight integration of multiple security technologies, network analysis and visibility (NAV) tools, the ability to automatically generate content such as security rules and signatures, context on attacker history, and overall customization and flexibility to ensure that the solution is fine-tuned for your specific IT environment.
It’s widely accepted that Security Information and Event Management (SIEM) systems are excellent tools for regulatory compliance, log management and analysis, trouble-shooting and forensic analysis. What’s surprising to many is that this technology can play a significant role in actively defending networks. This whitepaper explains precisely how real-time analysis, combined with in-memory correlation, and automated notification and remediation capabilities can provide unprecedented network visibility, security and control.
In this on-demand webinar, John Kindervag, Senior Analyst at Forrester Research, defines "zero-trust architecture," outlines the 5 steps needed to make this model actionable, and explains how his clients are adopting a "zero-trust architecture."