Black Hat USA 2019, which is only one month away, offers scores of training courses and research briefings, so every week we’re picking a session we believe Qualys customers will find valuable. This week’s selection is the training course Adversary Tactics — Detection.
This course focuses on abnormal behaviors and attackers’ “tactics, techniques, and procedures” (TTPs). It teaches participants how to create hypotheses based on TTPs to perform threat hunting operations and detect attacker activity. Students will also learn how to use free and open source data collection and analysis tools to gather and analyze large amounts of host information to detect malicious activity.
Key takeaways from the course will include learning how to conduct effective, continuous hunt operations; run an end-to-end hunt operation; and develop metrics that measure the effectiveness of detection capabilities. Designed for defenders wanting to learn how to hunt in enterprise networks, this four-day course will be taught by experts from SpecterOps, a security firm that provides adversary-focused services.
Why we’re recommending it
It’s clear that a solid, holistic security strategy must go beyond prevention. Regardless of how sophisticated your prevention methods are, your organization is bound to suffer breaches.
That’s why organizations must beef up their detection and response capabilities, in particular threat hunting, so that they can proactively identify weak links in the environment that could be exploited, and search for evidence of stealthy compromises.
“Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated,” cyber security journalist Robert Lemos wrote.
Silent breaches in particular must be discovered and addressed right away. That way, you can limit the time intruders spend lurking in your network and slash their chances of exfiltrating data and doing other damage.
“An attacker may have a foothold in an environment but is not tripping any expected alarms the security team is used to responding to,” SANS Institute instructor Matt Bromiley wrote. “Or worse, the attacker exists in an area where there is no visibility, and thus has inadvertently evaded detection.”
Of course, doing threat hunting effectively is easier said than done, given the increased sophistication of attackers. Requirements include knowing what you’re looking for, how to look for it and how to tell if it’s there, according to security consultant Howard Poston.
“This requires access to the right tools for the job and an understanding of your environment, adversaries and the tools and techniques you will use,” he wrote.
Thus, we believe this course is a good one for Qualys customers looking to sharpen their threat hunting skills and be in a better position to discover and address intrusions that slipped silently by their prevention systems.
Qualys at Black Hat USA 2019
A Diamond Sponsor, Qualys will again have a major presence at Black Hat USA 2019, which runs from Aug. 3-8 at the Mandalay Bay in Las Vegas. We’ll be there explaining how we can help organizations protect their hybrid IT environments without slowing down their organizations’ digital transformation.
We invite you to stop by our booth (#204), enjoy a cup of coffee from our Nespresso bar, and chat with our product managers and technical account managers. We’ll raffle hi-tech prizes and give out tote bags after each presentation, including:
- Exclusive product previews, including of our new Threat Detection and Response Platform
- Best practices presentations from leading enterprises
- An overview of how Qualys Cloud Platform, our end-to-end security and compliance solution, gives you a real-time, holistic view of your threat landscape, and comprehensive capabilities for attack prevention and incident response