Enterprise-Wide Intrusions Involving Advanced Threats
Dan McWhorter and Steve Surdu - Mandiant Corporation
Oct 12, 2011Size: 443.0MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractSince early 2010 Google, Sony, Epsilon CitiBank, International Monetary Fund, RSA, various law enforcement agencies and many other organizations have been compromised by different attack groups. These groups include hacktivist organizations like Anonymous, Eastern European organized crime and state-sponsored teams referred to as the Advanced Persistent Threat.
Mandiant will draw upon investigations it has conducted over the last eighteen months to:
- Illustrate major differences among the attack groups
- Describe the tactics attackers use to breach their victims
- Outline the investigative approaches required to contain active attack groups
- Detail remediation techniques that are most successful at removing attackers from the networks.
The information covered will not be theoretical. All the material will anonymously reference actual cases Mandiant has conducted – some of which have not received media attention to date.
About the SpeakerDan McWhorter is responsible for Mandiant's Professional Education services. Mr. McWhorter has been a part of the Mandiant team for over five years. Over that time he has contributed to dozens of initiatives. He has led and managed incident response investigations, developed and delivered course curriculum, and helped design and implement an automated methodology for evaluating software assurance in source code. He has also supervised Mandiant's team of Consulting Technical Directors, oversaw process improvement within Consulting, and managed a complex matrix-staffing methodology for Consulting projects.
Mr. McWhorter is a graduate of the National Security Agency's (NSA) three-year Cryptologic Mathematics Program. Mr. McWhorter has worked toward his doctorate in mathematics at the University of North Carolina, has a Masters of Science in mathematics from the University of Cincinnati, and has a Bachelors of Science in mathematics from Mount Union College.
Steve Surdu has responsibility for Mandiant's Professional Services organization. He has spent his career providing information technology consulting services or software product integration services to large organizations. He has been an application programmer, systems programmer, tech support team lead and project manager. For the last 14 years he has focused primarily on computer security. He has deployed security infrastructure, lead complex vulnerability assessment teams and participated in dozens of incident response investigations. He graduated from the University of Michigan with a business degree in 1980.
MANDIANT Corporation is a private company with offices in Washington DC, New York City, Los Angeles and San Francisco. MANDIANT specializes in investigating and resolving large scale active network breaches involving hundreds or thousands of compromised systems. It also helps organizations to improve their security postures so they can avoid breaches. Lastly, Mandiant delivers malware analysis, network traffic analysis, wireless security and incident response courses to law enforcement and corporate clients.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.