Much of the time and attention dedicated to modern network security focuses on detecting the contemporary vulnerabilities and exploits which power the breaches that make the headlines. With almost all of the emphasis is placed around the endless cycle of new entry points, we are often overlooking what is perhaps one of the most profoundly interesting aspects of modern network breaches; the post-exploit communication of a compromised system to the attacker—known as command and control.
Once malware has compromised an end system, the tables are turned against the attackers; we go from being on defense, to being on offense. Attackers are constantly evolving their techniques and have become incredibly creative in attempting to hide their tracks, maintain control of compromised systems, and exfiltrate sensitive data. This presentation will explore how command and control channels have evolved against traditional defenses, where they are today, future predictions on their evolution, and most importantly, how you can go on the offense to protect your organization by identifying and disrupting command and control channels in your network.
Brad Woodberg is a Group Product Manager at Proofpoint Inc, leading the Emerging Threats product line. Prior to his current role at Proofpoint, he spent six years at Juniper Networks as a layer 7 security product manager and product line engineer. Prior to Juniper he worked for a security consulting company in Ann Arbor Michigan for four years delivering a variety of network security technologies and services. He is a four-time published author of network security books through O’Reilly and Syngress. He has spoken at several security conferences including DEF CON 19, CanSecWest 2011, SEMAPHOR and other regional talks. Brad is also an active mentor to up and coming security engineers who share a similar interest and passion in all things network security. Twitter: @bradmatic517