Security Artifacts – The Hunt for Forensic Residue

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Security Artifacts – The Hunt for Forensic Residue-6 Next

Proactive Threat Hunting

Proactive threat hunting is key to reducing similar intrusions in the future.

Taking a reactive approach to security – responding to attacks and/or breaches – is not an effective approach to security. In order to detect unusual activity, an organization must first know where their sensitive data is stored. Once they have documented where that data is and what machines it is running on, the organization can prioritize its network defense. Moving forward, one best practice is to periodically investigate a different endpoint in the network. By taking a proactive approach to examining artifacts, organizations can spot threats earlier on – helping mitigate the potential damage that they cause.

A quiet, underground revolution is taking place in the security industry as companies shift from focusing on the perimeter to capturing and analyzing the residue left on endpoint devices by hackers and cyber attacks. Several years ago, a community of forensic researchers began reverse engineering the innards of operating systems. Their efforts led to finding "artifacts," which reveal almost all users and application interaction with the operating system. These breadcrumbs can be found deep within file systems, memory and OS system files. Unlike clearing log files, artifacts are nearly impossible to manipulate.

The residue or artifacts left behind can provide clues about an intruder to IT security professionals. For example, RAT (Remote Access Trojan) residue was important in investigating the cause of the Office of Personnel Management's (OPM) breach. OPM's intrusion prevention system essentially logged data that was being exfiltrated without detecting any of the breadcrumbs that attackers left behind.

Today's incident response and endpoint detection tools use forensic artifacts that have accumulated on endpoints. Advanced rootkits, zero-day attacks and command and control incidents leave an abundance of artifacts. Avoiding leaving a forensic trail is almost impossible.

In this slideshow, Paul Shomo, senior technical manager, Strategic Partnerships, Guidance Software, looks at forensic residue and how it can help organizations better protect themselves from security threats, both inside and outside the organization.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.