The hunt is on: Engineering the NextGen Cyber Threat Detection System. Attackers, it’s not so easy to hide anymore! (Short Version)

Presented at BruCON 0x0A (2018), Oct. 4, 2018, 10:30 a.m. (120 minutes).

The cyber attack landscape has changed. Malicious adversaries continue to enhance techniques used to exploit enterprise networks. A key ingredient missing from our cyber experts is a better way to hunt for adversarial presence. The purpose of this talk is to show how to engineer a brand new Cyber Threat Intelligence Detection System (CTDS) and release a new frameworks called Excalibur TIE Mark I, and Themis Network Analyzer that allows investigators to better way to hunt for new threats in real-time. This technical talk dives straight in to show how to engineer the intelligence engine and create autonomous network sensors that extract and analyze thousands of artifacts both from each host machine and directly from the enterprise network. This system develops real indicators of compromise (IOC) from large data sets and then applies these IOCs to better protect your enterprise network from new attacks. Novel approaches are presented with algorithms used to analyze, correlate, and produce IOCs allowing the investigator to better hunt for new threats, populate uniform data sets best for information dissemination and analysis, and create new visualization graphs used for the human to derive meaning from vast amounts of data aggregation. Finally, this talk applies everything we’ve learned and shows how to create new distributed network sensors and deploy IOCs discovered from the Threat Intelligence Engine to better protect the enterprise network. Rest assured, lots of live demos are included in this talk. And of course, this talk comes with a new open-source tool release for the community to use! Attacks of tomorrow will no longer be as effective if we have the right tools to better hunt for the adversary. This involves a new set of thinking. Threat Intelligence will be the next paradigm in computer security. Allow me to show you how to engineer the entire framework and deploy it on your network.

Presenters:

  • Solomon Sonya
    Solomon Sonya (@Carpenter1010) is an Assistant Professor of Computer Science at the United States Air Force Academy. He has a background in software development, malware analysis, covert channels, steganography, distributed computing, computer hacking, information protection paradigms, and cyber warfare. He received his Undergraduate Degree in Computer Science and has Master’s degrees in Computer Science and Information System Engineering. Solomon’s current research includes computer system exploitation, cyber threat intelligence, digital forensics, and data protection. Previous conferences Solomon has spoken at include: BruCon Belgium, SecTor Canada, Hack in Paris, France, HackCon Norway, BlackHat USA, ICSIS - Toronto, ICORES Italy, Hack.Lu Luxembourg, Shmoocon DC, DerbyCon Kentucky, SkyDogCon Tennessee, HackerHalted Georgia, Day-Con Ohio, and TakeDownCon Connecticut, Maryland, and Alabama, AFCEA – Colorado Springs.

Links:

Similar Presentations: