A demo showing how CrowdStrike detects and mitigates key Sunburst TTPs
As evident from the recent Sunburst attack, dynamic IT environments and digital transformation initiatives are vulnerable to bad actors that use a variety of tactics, techniques and procedures (TTPs) to launch a highly targeted attack through traditional IT processes.
Enterprises should focus on mitigating the most recent Sunburst post-exploit activities while also preparing to detect, mitigate and prevent future threats that use similar TTPs.
In this CrowdCast, Andrew Harris, CrowdStrike’s Public Sector Technology Strategist, will demonstrate how CrowdStrike Falcon detects and prevents:
- The Sunburst attack and key learnings on Sunspot and other entry point malware
- Lateral movement, including leveraging the use of service accounts
- Golden SAML (Security Assertion Markup Language) credential dump of an Active Directory Federation Services (AD FS) server
Featured Speakers
Andrew Harris
Sr. Director, Public Sector Technology Strategy
Andrew Harris is currently the Senior Director for Public Sector Technology Strategy at CrowdStrike. He is responsible for driving innovation and technical alignment for the Public Sector vertical, ensuring CrowdStrike continues to deliver best-of-breed capabilities to its customers, in a compliant and integrated manner so customers can confidently consume its services. Prior to joining CrowdStrike, Andrew worked at Microsoft as a Principal Program Manager, where he focused on engineering solutions across 50+ engineering teams for major government contracts. He served as the CTO for the Customer Experience Engineering (CxE) team for Microsoft Azure’s security products and services, both internal and external, helping drive strategy and deliver customer enablement capabilities. Andrew led the Recovery team at Microsoft for Incident Response and helped NIST write the playbook on SP 800-184, “Guide for Cybersecurity Event Recovery.” In addition, Andrew served as a Special Advisor to the White House, U.S. House of Representatives, Pentagon and various Fortune 100 companies. Prior to Microsoft, Andrew was a U.S. Department of Defense (DoD) civilian where he spearheaded multiple enterprise-wide capabilities.