My session @ Flocon 2018 US
During a Flocon 2018 in Tucson, AZ, I had a pleasure to talk about various network exfiltration methods and techniques (DNS, ICMP, TCP, UDP, HTTP, RDP, Cloud-app based and others). During a short, 30 minutes talk I described that without:
- Excellent Network Visibility Based on Multiple Collectors (PH, DNS, TLS, HTTP, Logs, SNMP, Netflows, others)
- Network Behavior Analytics powered by Hybrid Supervised/Unsupervised Anomaly Detection
- Active Response Module which supports all your existing security HW/SW
you are doing your Network Security just wrong.