CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Enterprise-Wide Intrusions Involving Advanced Threats

Mandiant Corporation

Dan McWhorter and Steve Surdu - Mandiant Corporation

Oct 12, 2011

Size: 443.0MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Since early 2010 Google, Sony, Epsilon CitiBank, International Monetary Fund, RSA, various law enforcement agencies and many other organizations have been compromised by different attack groups. These groups include hacktivist organizations like Anonymous, Eastern European organized crime and state-sponsored teams referred to as the Advanced Persistent Threat.

Mandiant will draw upon investigations it has conducted over the last eighteen months to:


  • Illustrate major differences among the attack groups

  • Describe the tactics attackers use to breach their victims

  • Outline the investigative approaches required to contain active attack groups

  • Detail remediation techniques that are most successful at removing attackers from the networks.



The information covered will not be theoretical. All the material will anonymously reference actual cases Mandiant has conducted – some of which have not received media attention to date.

About the Speaker

Dan McWhorter is responsible for Mandiant's Professional Education services. Mr. McWhorter has been a part of the Mandiant team for over five years. Over that time he has contributed to dozens of initiatives. He has led and managed incident response investigations, developed and delivered course curriculum, and helped design and implement an automated methodology for evaluating software assurance in source code. He has also supervised Mandiant's team of Consulting Technical Directors, oversaw process improvement within Consulting, and managed a complex matrix-staffing methodology for Consulting projects.

Mr. McWhorter is a graduate of the National Security Agency's (NSA) three-year Cryptologic Mathematics Program. Mr. McWhorter has worked toward his doctorate in mathematics at the University of North Carolina, has a Masters of Science in mathematics from the University of Cincinnati, and has a Bachelors of Science in mathematics from Mount Union College.

Steve Surdu has responsibility for Mandiant's Professional Services organization. He has spent his career providing information technology consulting services or software product integration services to large organizations. He has been an application programmer, systems programmer, tech support team lead and project manager. For the last 14 years he has focused primarily on computer security. He has deployed security infrastructure, lead complex vulnerability assessment teams and participated in dozens of incident response investigations. He graduated from the University of Michigan with a business degree in 1980.

MANDIANT Corporation is a private company with offices in Washington DC, New York City, Los Angeles and San Francisco. MANDIANT specializes in investigating and resolving large scale active network breaches involving hundreds or thousands of compromised systems. It also helps organizations to improve their security postures so they can avoid breaches. Lastly, Mandiant delivers malware analysis, network traffic analysis, wireless security and incident response courses to law enforcement and corporate clients.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.