Endgame Tech Talks @ RSA: Adding Substance to Form


Last week, Endgame’s malware researchers and data scientists provided a welcome break from the the chaos of the convention floor at RSA. Our four talks addressed the need for a multi-stage approach to detection given the sophistication and diversity of attackers, and the complexity of enterprise networks. Since no single detection methodology is fail-proof, multiple comprehensive detection capabilities are required to expedite and optimize the likelihood of detecting known and unknown attacks.  


With that in mind, our talks began with an overview of Faraday, Endgame’s globally distributed set of customized sensors that listens to activity on the Internet. This talk addressed the ability to differentiate targeted from non-targeted attacks, and some recent research on the Cisco ASA vulnerability. This was followed by the five most impactful malicious behaviors, what they are, how they have evolved over time and in sophistication, and how to counter them. Next, our data science talk covered the use of machine learning to automate malware classification, and contextualize it by determining capabilities. We concluded with the essential role of stealth to help defenders evade detection by adversaries. Together, our talks provided four unique aspects of our multi-stage approach to detection, which feed into the Endgame cyber operations platform and inform our hunting capabilities.


Take a look for yourself at each of these unique presentations and diverse approaches to detection.

Extracting the Malware Signal from the Internet Noise: Andrew Morris

Dynamic Detection of Malicious Behavior: Amanda Rousseau

Machine Learning for Malware Classification and Clustering: Phil Roth

Worst-Case Scenario: Being Detected without Knowing You’re Detected: Braden Preston