London (UK): As part of this year’s education programme at Infosecurity Europe, Amrit Williams, CTO at Lancope, Inc., a leader in network visibility and security intelligence, will present on how to detect and thwart the various stages of an advanced attacker’s kill chain. By implementing controls along the entire kill chain, organisations can stop an exploit or infection prior to data exfiltration. Further information on the presentation is available here.
The continuing rise of sophisticated, targeted attacks is prompting new thinking about the defence of computer networks. According to recent research, 85 percent of security incidents go completely undetected by the breached organisation, and 92 percent of uncovered incidents are discovered by a third party.i, ii According to another report, a typical zero-day attack lasts 312 days on average.iii Advanced threats not only bypass perimeter security technologies such as firewalls, IPS and email security, but also manage to stay undetected by internal security controls such as anti-virus and host-based IPS.
Borrowed from military jargon, the kill chain refers to the steps a sophisticated attacker goes through in order to execute a successful strike. In the presentation, Williams will discuss each stage of the kill chain and present a multifaceted approach for detecting and preventing attacks at each stage.
The discussion will enable attendees to:
• Understand why conventional controls are no longer enough to fend off advanced attacks
• Learn about each stage of the kill chain
• Know how to best apply existing security technologies to each stage of the kill chain
• Determine which additional tools and strategies may be needed within an organisation to
combat advanced threats
“Incident response is becoming the centrepiece of advanced threat defence,” explains Williams. “With companies taking an estimated 300+ days to identify that they’ve been compromised, malware has the chance to spread across the network and steal confidential data. Organisations need to augment traditional controls with better incident response teams, forensic capabilities and technologies that provide visibility into the state of their internal networks.”
The Lancope presentation, “Targeting the Kill Chain: A multifaceted approach to defence in depth,” will take place on Wednesday, 24th April 2013 from 12:40 - 13:05 in the Technical Theatre at Infosecurity Europe in Earls Court, London. As chief technology officer, Williams brings over 18 years of experience in security and technology to Lancope, and previously served as an analyst with Gartner Research. He holds CISSP and CISM certifications, and has obtained several technology patents