SEC550: SANS Amsterdam January 2022

Provided by

Enquire about this course

What You Will Learn

Traditional defensive controls are failing us. The time it takes for an attacker to go from initial compromise to lateral movement is rapidly decreasing while the time it takes to detect and effectively respond to breaches is measured in weeks or even months. Making the situation worse, studies such as the 2020 Ponemon Institute Cost of a Data Breach Report show a direct correlation between the time it takes to detect and respond to a breach and the cost of that breach to an organization; the longer it takes, the more a breach costs. To reduce risk, defenders need better ways to quickly detect adversary activity while also collecting information to facilitate faster and more effective response. Cyber deception is the solution for reducing this response time and minimizing cost.

The majority of detective controls in use today focus on looking for evil while attackers do a great job at appearing harmless or even invisible. Technologies such as anti-virus, application whitelisting, DLP, and firewalls can be circumvented with relative ease. A common solution is to change the detective strategy from looking for evil to looking for abnormal, however, attempting to normalize even fairly small computing environments can be both challenging and time consuming. Fortunately, there are alternatives.

Instead of attempting to normalize a production environment, what if we placed resources in that environment that have no production value or use? These resources could be user accounts, credentials, services, open ports, computers, or even complete networks. Because these resources are not part of normal production operations, normal can be defined as no interaction or no use. Because there is no reason for legitimate interaction with these deceptive resources, any interaction is abnormal and there are very few false positive alerts, creating a high fidelity, low noise detection solution. Furthermore, because the deceptive resources can be monitored and/or configured to generate logs, defenders can collect significant amounts of actionable threat intelligence and attack attribution information facilitating faster and more effective response. Better yet, this all occurs while the attacker is busy attempting to hack deceptive systems, distracting them from actual production resources.

SEC550: Cyber Deception - Attack Detection, Disruption and Active Defense will give you an understanding of the core principles of cyber deception allowing you to plan and implement cyber deception campaigns to fit virtually any environment. During this hands-on class, you will not only learn deception theory and concepts, you will play an active role working with deception technology through over 15 hours of guided exercises. By the end of the class, you will not only understand the value of cyber deception, you will have practical experience you can immediately implement in your own computing environment.

You Will Learn:
  • Why cyber deception completely changes the information security game
  • How to use cyber deception to detect attackers on your network as much as 90% faster than traditional detection technologies
  • How to collect actionable threat intelligence and attack attribution information through the use of deception
  • How to create an environment where attackers need to be perfect to avoid detection, while you need to be right only once to catch them
  • How to actively engage attackers in real time
  • How to thwart attacks before attackers send a single packet towards your network
  • How to take back the advantage from attackers

Enquire

Start date Location / delivery
24 Jan 2022 Amsterdam Book now

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...