From Commodity to Advanced (APT) malware, are automated malware analysis sandboxes as useful as your own basic manual analysis?

Presented at DerbyCon 6.0 Recharge (2016), Sept. 23, 2016, 7 p.m. (50 minutes).

According to Mandiant M-Trends, their customers average Mean Time to Discovery (MTTD) for breaches in 2012 was 416 days, 2014 was 205 days and 2015 was 146 days. In 2015 for those Mandiant customers that detected a breach themselves was 56 days! Unfortunately, the average days for a third party to report your company has been breached is 320 days. As an industry we still need to vastly improve since companies get compromised within an hour and the entire organization within a day and valuable data begins to leak shortly thereafter. We CAN do better! So how do we reduce our detection time? How can we save serious $$$ by either not using an IR firm and doing it ourselves or saving $$$ by reducing how long the IR firm is on site? Many of us cannot afford an IR firm at a DROP of a TABLE. The ultimate goal and challenge to all of us is to learn how to discover a compromise ourselves and avoid a breach. We as an industry must get better at discovery, detection and response and do it faster, much faster. This talk will share how, where to begin and a new tool for Windows to help us do it ourselves. Learn from those of us that have been through it because the criminals can own you in a day and it is still taking a year to receive the OH SH*T call.

Presenters:

Similar Presentations: