Presenter: Matthew Plummer – Public Sector CTO, Gigamon
Room: Redwood Room, EMU 214, Level 2
Presentation: Slide deck pdf
Time: 02:00p – 02:30p

Every sophisticated cyber attack has a similar pattern of events regardless of the method.  Once access into the target network is obtained, further scanning and escalation of permissions, as well as lateral movement in the network, is continued into the sustainment phase.  The time that it takes to detect malicious actors who have accessed target networks has been reported to last on average weeks to months.  This “dwell time” is used by adversaries to exfiltrate data, discover more exploit opportunities, and then to launch complex attacks on the target environment.  The migration of workloads to virtualization, container and public cloud platforms creates additional ‘blind spots’ that reduce effectiveness of standard security toolsets.  Increasing visibility across physical, virtual and cloud environments will augment an organization’s security posture in hybrid cloud environments.  By using security tools that reduce the dwell time of malicious actors in hybrid networks, SOCs can set the conditions to identify escalating threats and take proactive measures against adversaries in the network.