Lancope CTO to Present on Detecting “Kill Chain” Steps at Infosecurity Europe
– Presentation to help attendees thwart sophisticated, targeted attacks on enterprise infrastructure
LONDON, April 18, 2013 – INFOSECURITY EUROPE – As part of this year’s education programme at Infosecurity Europe, Amrit Williams, CTO at Lancope, Inc., a leader in network visibility and security intelligence, will present on how to detect and thwart the various stages of an advanced attacker’s kill chain. By implementing controls along the entire kill chain, organisations can stop an exploit or infection prior to data exfiltration. Further information on the presentation is available here.
The continuing rise of sophisticated, targeted attacks is prompting new thinking about the defence of computer networks. According to recent research, 85 percent of security incidents go completely undetected by the breached organisation, and 92 percent of uncovered incidents are discovered by a third party.[i], [ii] According to another report, a typical zero-day attack lasts 312 days on average.[iii] Advanced threats not only bypass perimeter security technologies such as firewalls, IPS and email security, but also manage to stay undetected by internal security controls such as anti-virus and host-based IPS.
Borrowed from military jargon, the kill chain refers to the steps a sophisticated attacker goes through in order to execute a successful strike. In the presentation, Williams will discuss each stage of the kill chain and present a multifaceted approach for detecting and preventing attacks at each stage.
The discussion will enable attendees to:
- Understand why conventional controls are no longer enough to fend off advanced attacks
- Learn about each stage of the kill chain
- Know how to best apply existing security technologies to each stage of the kill chain
- Determine which additional tools and strategies may be needed within an organisation to combat advanced threats
“Incident response is becoming the centrepiece of advanced threat defence,” explains Williams. “With companies taking an estimated 300+ days to identify that they’ve been compromised, malware has the chance to spread across the network and steal confidential data. Organisations need to augment traditional controls with better incident response teams, forensic capabilities and technologies that provide visibility into the state of their internal networks.”
The Lancope presentation, “Targeting the Kill Chain: A multifaceted approach to defence in depth,” will take place on Wednesday, 24th April 2013 from 12:40 – 13:05 in the Technical Theatre at Infosecurity Europe in Earls Court, London. As chief technology officer, Williams brings over 18 years of experience in security and technology to Lancope, and previously served as an analyst with Gartner Research. He holds CISSP and CISM certifications, and has obtained several technology patents.
Lancope will also exhibit its StealthWatch® System for advanced threat detection at the show. For more information on combating advanced threats with StealthWatch, go to: http://www.lancope.com/solutions/security-threats/.
[i] Gartner, “Innovation Drives Seven Dimensions of Context-Aware Enterprise Security Systems,” December 28, 2012, http://www.gartner.com/id=2290415
[ii] Verizon 2012 Data Breach Investigations Report, http://www.wired.com/images_blogs/threatlevel/2012/03/Verizon-Data-Breach-Report-2012.pdf
[iii] Symantec Research Labs, “Before We Knew It; An Empirical Study of Zero-Day Attacks in the Real World,” October 2012, http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today’s top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope’s StealthWatch® System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope’s security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team. For more information, visit www.lancope.com.