How to Hunt for Lateral Movement on Your Network

DerbyCon 7.0 - Legacy

Presented by: Ryan Nolette
Date: Saturday September 23, 2017
Time: 12:00 - 12:50
Location: Track 2 - Fix Me

Once inside your network, most cyber-attacks go sideways. They progressively move deeper into the network, laterally compromising other systems as they search for key assets and data. Would you spot this lateral movement on your enterprise network?

In this training session, we review the various techniques attackers use to spread through a network, which data sets you can use to reliably find them, and how data science techniques can be used to help automate the detection of lateral movement.

Ryan Nolette

Ryan is Sqrrl's primary security technologist and expert. He has previously held a variety of roles including threat research, incident response consulting, and every level of security operations. With over a decade in the infosec field, Ryan has been on the product and operations side of companies such as Carbon Black, Crossbeam Systems, SecureWorks and Fidelity. Ryan has been an active speaker and writer on threat hunting and endpoint security.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats