Flash War: Tapering an Accelerating Attack Chain

Posted on in Presentations

The time that malicious code takes (latency) to move through the phases of the kill chain is accelerating, thanks to black-hat automation and swarm technology. Kill chain defence is largely manual today, and needs to step up to effectively taper this accelerating attack chain. House of mirror based deception techniques are just one way to achieve this, effectively diluting a large attack surface.

Learning Objectives:
1: Understand real-world examples of decreasing time to breach (latency) for automated threats.
2: Understand automated solutions for auto response, e.g. CTA STIX use cases and deception techniques.
3: Think of how to identify weak points in an organisation that are vulnerable to automated attacks.

Knowledge of threat landscape, network architecture and administration concepts. Familiarity with defence solutions including sandbox. No coding language is required; however, understanding of threats as they present themselves today would help (e.g. Ransomware, agile development methods, etc.). The talk will briefly walk through some history to refresh these concepts so there is no deep specific skill set which is required for this talk. It will cover concepts of offensive automation, AI and machine learning; however, it will not require knowledge of specific machine learning models as an example.

Derek Manky

Chief of Security Insights, Global Threat Alliances, Fortinet

Analytics, Intelligence & Response


Share With Your Community