Cyber Intrusion Services Casebook 2016
Leveraging Next-Gen Endpoint Technology and Human Expertise To Identify and Eject Persistent Intruders
2016 has been a record year for incident response (IR) engagements for CrowdStrike Services consultants. Numerous companies, government agencies, nonprofits and political organizations turned to CrowdStrike as the go-to company for investigation and response to breaches discovered on their networks. Valuable adversary tradecraft intelligence and critical lessons learned from these engagements are detailed in the 2016 edition of the CrowdStrike Cyber Intrusion Casebook.
This CrowdCast will delve into this year’s casebook, focusing on in-depth digital forensics, IR and remediation work performed on behalf of actual CrowdStrike clients. Real-life examples drawn from notable CrowdStrike Services IR engagements in 2016 — including the now-infamous hack of the Democratic National Committee (DNC) — will be discussed, with an emphasis on best practices organizations can follow to identify and eject attackers before a devastating breach occurs.
Attendees will learn:
- How CrowdStrike’s Falcon OverWatch and professional services teams discovered and attributed the DNC intrusion to nation-state threat actors FANCY BEAR and COZY BEAR
- The specific tactics, techniques and procedures (TTPs) a range of nation-state and eCrime adversaries used to gain entry, and how they attempted to cover their tracks
- How third-party trust relationships, particularly in the franchisee business model, introduce significant risk to enterprise and customer data
- How CrowdStrike Services leverages unique Indicators of Attack (IOA) technology to uncover the latest adversary tradecraft
- The gaps in security processes and planning that your organization can address now to stop the next breach
About the Speakers
Dmitri AlperovitchCrowdStrike, Co-Founder and CTO
Dmitri Alperovitch is the Co-Founder and CTO of CrowdStrike Inc. A renowned computer security researcher, he is a thought-leader on cybersecurity policies and state tradecraft and has served as special advisor to Department of Defense. In 2016, Politico Magazine featured Alperovitch as one of “Politico 50” influential thinkers, doers and visionaries transforming American politics. In 2013, Alperovitch received the prestigious recognition of being selected as MIT Technology Review’s “Young Innovators under 35” (TR35), an award previously won by such technology luminaries as Larry Page and Sergey Brin, Mark Zuckerberg and Jonathan Ive.
Ryan McCombsCrowdStrike, Consultant
Ryan McCombs is a security consultant with CrowdStrike Services who focuses on digital forensics and incident response. Prior to CrowdStrike, Ryan worked for nearly a decade in various security roles, including cybersecurity engineer for the Space and Naval Warfare Systems Command (SPAWAR) and the U.S. Marine Corps as a Cyber Network Operator. With the Marine Corps he was responsible for incident response analyst duties including host-based interrogation of at-risk systems, malware analysis and triage, compromise scoping, environment stacking, and automated malware analysis design and deployment. He received a BSEE from SUNY at Buffalo and holds several security accreditations including CISSP.