Expectations of one's defense in depth strategy do not always align with reality and its true capability. In this session, we will present the timeline of events from an attacker’s perspective and discuss the failures in our security controls along the way. In this real-world incident that happened to a small business, poor choices in security configurations, in order to "make it easier on users," was the primary cause of the attack's success -- and yet other security controls also failed in identifying and stopping the bad behavior.
The presentation will finish with a description of the tactical modifications needed to reduce the risk of reoccurrence, as well as detection mechanisms that have more longevity.
Learning Objectives:
Reconsider your own security controls and dig more deeply into their appropriate configuration and use.
Better understand the use of tactical indicators of compromise and their value after an incident occurs.
Have a better appreciation for behavior-based indicators that have a longer lifespan than traditional IOCs.
