Please note we have recently updated our Privacy Policy, effective May 24, 2018. You may view the updated Privacy Policy here.
By using this website, you consent to the use of information that you provide us in accordance with the Privacy Policy.

On-Demand Webinar

Connecting the Dots Between Indicators of Compromise to See the Whole Attack

Indicators of compromise are more accurately indicators of possible compromise. When you see a likely DGA (domain generation algorithm) DNS query pop-up, a hit on your threat-intel list, a weird process lineage combination from host logs, an unrecognized DLL loaded, or PowerShell being run by an end-user – you’re seeing indicators of possible compromise.

It takes investigation to determine if it’s just innocently weird or if it’s part of an actual attack? That one event is just one of a cascade of connected events, and to determine if it’s an actual attack you need to be able to follow that deterministic chain of events in both directions of time. What happened before and after event?

In this webinar, we will present a sophisticated but typical attack that begins with a spearfishing email, installs a remote-administrative tool, and then uses pass-the-hash and related techniques to spread laterally to other systems, all the while communicating with its C&C server.

Cyber Attack A10

Watch Webinar