A year in the wild: fighting malware at the corporate level

Presented at BSidesSF 2016, Feb. 28, 2016, 3 p.m. (55 minutes)

Yelp as any large company has a problem with viruses, malware and organized phishing campaigns targeting our corporate network and our employees. We have assembled a set of tools and processes to stop the pests from infecting our network.From the moment of the threat detection, first response throughout the analysis, and the final resolution, we make sure that we can catch as many incidents as possible and properly sanitize the environment so that the potential problems are cut short. All this in an automated and orchestrated fashion, eliminating the manual repetition as much as possible thanks to the in-house built tools like AIR (Automated Incident Response), OSXCollector (Mac OS X forensics collection) and ElastAlert (alerting out of Elasticsearch). We also compliment the pipeline with some available open source tools, like osquery and other proprietary threat detection technologies. This adds up to a balanced ecosystem that helps us leverage the current assets, learn about the potential problems quickly and respond to them in a timely fashion.


Presenters:

  • Kuba Sendor - Software Engineer - Yelp
    Kuba Sendor (@jsendor) is working at Yelp security team where he automates malware incident response and together with his teammates makes sure that Yelp's infrastructure stays secure. Previously he worked at SAP in the Security and Trust research group where he participated in the initiatives related to access control and privacy in the digital world. He holds double MSc degree in Computer Science from AGH University of Science and Technology in Krakow, Poland and Telecom ParisTech/Institut Eurecom in Sophia Antipolis, France. In his free time he likes to cycle uphill and travel around the world or just back home, to Poland.

Links:

Similar Presentations: