Global Attack Patterns to Improve Threat Detection

The Internet is flooded with traffic from web crawlers, port scanners, and brute force attacks. Data analyzed from a unique network of sensors allows us to observe trends on the Internet at large. This presentation by Endgame Software Implementation Engineer Curt Barnard covers:

  • How to identify if malicious traffic directed at your network service is part of a larger CNO campaign.
  • How to get advanced warning of new attacks and malware seen in the wild but not yet reported on.
  • How network defenders can better protect themselves against attacks that occur at scale.
  • How Endgame identifies malicious hosts that are attempting to leverage exploits such as the Shellshock vulnerability at scale.

This presentation was originally delivered at RSA 2015.

About Curt: Curt Barnard is a network security professional with expertise in advanced methods of covert data exfiltration, steganography, and digital forensics. As a Department of Defense employee, Curt focused on analysis and operations to counter some of the most advanced cyber threats. At Endgame, Curt continues this research, coaxing malicious actors into revealing their TTP’s and creating defensive measures based on real-time threat data.