As organizations deploy Endpoint Detection & Response (EDR) solutions, testing them becomes imperative. The efficacy of these products depends on their correct configuration and deployment.
Often teams don’t know how to test or choose poor testing plans. In order to conduct these tests, we have developed a free Open Source framework called Atomic Red Team. The framework is designed to provide teams with small, discrete tests that are vendor agnostic and representative of actual adversary behavior. Security teams can then rely on these standard tests when evaluating if EDR products are viable for their organization and comparing what provides the best coverage.
This talk will explore the Atomic Red Team framework and demonstrate basic tests, chaining tests, and opportunities for security teams to contribute to the framework. Our aim is to put a testing framework in the hands of large and small security teams to confirm that they have the coverage needed to face modern adversaries. The work draws from Software Engineering principles on testing to help ensure EDR tools are ready to face actual adversaries. Instead of waiting for something horrible to happen to realize that their solution isn’t working, security teams will walk away with a plan to test on a regular basis that their systems are operational.
Presentation will be held by Casey Smith (@subTee). Casey is the Director of Applied Research at Red Canary. He has a passion for testing and understanding the limits of defensive systems and are one og the world leader authority in the field.
You should not miss this session if you want to learn how to deploy Endpoint Detection & Response (EDR) solutions correct in your organization so you get actual security.
Meld deg på: https://hackcon.org/aktiviteter/hackcon13.