Loading…
View analytic
Thursday, October 4 • 12:00 - 13:00
$SignaturesAreDead = “Long Live RESILIENT Signatures” wide ascii nocase

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Signatures are dead, or so we're told. It's true that many items that are shared as Indicators of Compromise (file names/paths/sizes/hashes and network IPs/domains) are no longer effective. These rigid indicators break at the first attempt at evasion. Creating resilient detections that stand up to evasion attempts by dedicated attackers and researchers is challenging, but is possible with the right tools, visibility and methodical (read iterative) approach. 

As part of FireEye's Advanced Practices Team, we are tasked with creating resilient, high-fidelity detections that run across hundreds of environments and millions of endpoints. In this talk we will share insights on our processes and approaches to detection development, including practical examples derived from real-world attacks.

Speakers
avatar for Daniel Bohannon

Daniel Bohannon

 Matthew Dunwoody (@matthewdunwoody) and Daniel Bohannon (@danielhbohannon) are Applied Security Researchers with FireEye’s Advanced Practices Team, where they research attacker activity and developing effective detection signatures and processes (among other things). Matthew previously... Read More →
avatar for Matthew Dunwoody

Matthew Dunwoody

Matthew Dunwoody (@matthewdunwoody) and Daniel Bohannon (@danielhbohannon) are Applied Security Researchers with FireEye’s Advanced Practices Team, where they research attacker activity and developing effective detection signatures and processes (among other things). Matthew previously... Read More →


Thursday October 4, 2018 12:00 - 13:00
01. Westvleteren University

Attendees (57)