INTRUSION DETECTION ALONG THE KILL CHAIN: WHY YOUR DETECTION SYSTEM SUCKS AND WHAT TO DO ABOUT IT

Black Hat USA 2012

Presented by: John Flynn
Date: Wednesday July 25, 2012
Time: 15:30 - 16:30
Location: Palace II
Track: Defense

The field of intrusion detection is a complete failure. Vendor products at best address a narrow part of the problem and more typically are completely worthless at detecting sophisticated attacks. This talk discusses the fundamental problems in the field and why the state of the art isn't good enough. We then introduce the concept of the attacker plane and the kill chain how to use them to make a much more sophisticated intrusion detection system. Finally we cover ways of putting them into action. Even veterans of the field will find something new here.

John Flynn

John "Four" Flynn is an expert in Information Security with over 10 years of experience in the field. At Google, he was the founder and lead architect of Google's innovative Intrusion Detection group which led to the successful detection of the Aurora attack in December 2009. Four also led Google's Security Operations team where he pioneered innovative approaches to Enterprise IT Security. He is a technical advisor to both a prominent political campaign and a top tier Venture Capital firm. Four holds a Masters in Computer Science and Information Assurance from George Washington University as well as a Bachelors in Computer Engineering from the University of Minnesota. Currently he works as a Security Engineer at Facebook and maintains a blog at SecInt.org.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats