Micro versus Macro

BSides MSP 2016

Presented by: Megan Carney
Date: Saturday June 11, 2016
Time: 11:00 - 11:45
Location: Lecture Hall

Companies that specialize in endpoint security look for patterns across their customer base, then apply those signatures or heuristics to your environment. This is a good thing, even though it often results in false positives. Analysts dedicated to your environment know what’s normal and what’s not. This is also a good thing. In today’s world, you need both perspectives. Modern attackers use camouflage tactics to hide their activity because they’re focused on stealing information, for profit or for country. To combat this, you need to combine the macro perspective endpoint security companies give you with the micro perspective your analysts have. This is why you write your own alerts. This presentation will focus on a case study in how Yelp uses intelligence from our DNS resolver to find infected machines, based on deviations from normal patterns in our environment.

Megan Carney


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats