Rooting out advanced persistent threats

Johannesburg, 27 Mar 2018

ITWeb Security Summit 2018

Registration is open for the ITWeb Security Summit 2018 in Johannesburg and Cape Town. Ex-perts from around the world will be presenting, including global security expert Mikko Hypponen, who has been instrumental in uncovering and bringing down several infamous threats, and has assisted law enforcement agencies across the globe. In addition, several other top speakers will be sharing their knowledge, including Intel's Rodrigo Branco who will unpack blinded random block corruption attacks for the audience. Get involved in #SS18HACK and choose from three half-day workshops or a full-day boot camp, plus five training courses, and much more. For the agenda, click here.

#SS18HACK is open for registration - click here for more information.

Advanced persistent threats (APTs) pose some of the most serious risks to organisations today. Cyber criminals are increasingly cunning and sophisticated, using constantly evolving techniques to evade security solutions.

However, too many enterprises are relying on outdated security technologies to defend against these threats. Research has revealed that APTs can go undetected for weeks or even months, lurking on the company's network, performing reconnaissance, and exfiltrating sensitive information.

Jeremy Matthews, regional director for Panda Security, says the most effective way to root out advanced threats is to invest in new-generation endpoint technology that will both harden protection and enable full visibility of endpoint processes and behaviour.

He says IT departments need high levels of visibility and control to be able to anticipate the security problems caused by advanced threats. "These solutions help generate security intelligence that allows organisations to pinpoint attacks and anomalous behaviours as well as detecting internal misuse."

According to Matthews, advanced threat hunting requires a mixture of tools, solutions, people and procedures. "The industry's aim is to automate as much of this process as possible. Panda has been successful in stopping malware-based attacks with their 100% attestation system, but security is all about context. Putting a file in Dropbox might be a normal job function but it could be a fire-able offence in a different context - this is where people and procedures come into the equation."

Jeremy Matthews, regional director for Panda Security.

Speaking of how cyber-security threats have evolved over the years, he says they generally evolve with two primary objectives in mind - avoiding detection and increasing profitability.

Traditional AV solutions are becoming outdated, he says. Threat actors are increasingly employing fileless and script-based malware to achieve their goals. Malicious software sits undetected on the network for an average of around 100 days, and the more advanced targeted attacks are often missed entirely. "External threats aren't the only problem, insider attacks are also on the rise too."

Matthews will be presenting on 'Catch the intruder in his tracks - advanced threat hunting', during the ITWeb Security Summit, to be held from 21 to 25 May at Vodacom World in Midrand.

During his talk, delegates will earn about the anatomy of a cyber-attack - the cyber-kill chain, as well as how metadata can be used to establish indicators of compromise. It will also cover real world threat hunting: Operation "Oil Tanker", and he will share some real-world attack stories covering the internal employee threat, lateral movements, and malware-less attacks. Finally, he will share a view of the tools and techniques that can be used to catch an intruder in their tracks.