Fingerprint banner


Google: The APT You Have

Todd Heberlein

SANS San Francisco

Aug 2, 2012

File: pdf

"Practice, practice, practice." That should be the subtitle for this presentation because it is about how to prepare yourself for the advanced threats that will inevitably make their way into your network. Google's software update process can make a good proxy for a Command & Control agent running inside your network, and this talk discusses our analysis of its activities. This presentation also looks at the history of intrusion detection in general, from the early days when everyone did anomaly detection and why it never caught on as it should have, to the advent of string-based matching in network connections (early use of indicators of compromise), and back to thinking "beyond signatures" as this detection strategy seems to be failing these days.

Download Apple's Keynote doc with animations: SANS_2012.key

Related papers: The Advanced Persistent Threat You Have: Google Chrome and The Making of "The Advanced Persistent Threat You Have: Google Chrome"

copyright Net Squared, Inc., 2008-2010