SANS Course Focuses on Silent Attackers

Wednesday, June 3, 2015 @ 02:06 PM gHale

Once a bad guy gets in to a network there is a strong stealth-like capability where he or she can go undetected for years.

Stuxnet was a perfect case in point. As ISSSource reported, Stuxnet was a comprehensive U.S.-Israeli program designed to disrupt Iran’s nuclear technology. This joint program first surfaced in 2009 and worked in concert with an earlier U.S. effort that consistently sabotaged Iran’s purchasing network abroad. The virus ended up detected in 2010, but had been on the Iranian system for at least a year prior.

New CFSE Cybersecurity Certifications
Employee Training Boosts Security
Cyber Attacks Top Continuity Threat
Complex Security Should be Easy

But the SANS Institute says hold on mister. They are adding a new security training course that provides security professionals with the tools and skills needed to frustrate, deceive and catch the bad guys lurking around your system. SEC550: Active Defense, Offensive Countermeasures and Cyber Deception course will explore proven anticipatory and active defense techniques that are missing from most security programs today.

“Traditional defenses are failing organizations. While firewalls, intrusion detection systems, end-point security suites and other traditional defenses provide a critical first line of defense, they are no longer enough. Advanced persistent threat (APT) groups bypass traditional defenses as a course of business,” said Bryce Galbraith, SANS instructor and contributing author of the course.

“The SEC550 course is unique in many ways and is specifically designed to empower defenders to take their defenses to the next level as they systematically and deliberately thwart, frustrate, and deceive their adversaries,” Galbraith said. “Students will learn techniques that are designed to ruin adversaries’ day.”

Students participating in this new course will learn:
• How to force an attacker to take more moves to attack a network — moves that in turn may increase a defender’s ability to detect that attacker
• How to gain better attribution as to who is attacking and why
• How to gain access to a bad guy’s system
• How to do the above legally

SEC550: Active Defense, Offensive Countermeasures and Cyber Deception ends up based on the Active Defense Harbinger Distribution live Linux environment funded by the Defense Advanced Research Projects Agency (DARPA). This virtual machine ends up built from the ground up for defenders to quickly implement Active Defenses in their environments.

The course uses hands-on activities focusing on active defenses which students will be able to quickly and easily implement in their own network environment, and it will make its debut at SANS San Jose 2015 in late July.