Andrew Brandt

Andrew Brandt, Solera's Director of Threat Research, is both a seasoned news reporter and a cybercrime researcher, and brings both disciplines to bear on the problem of Security Intelligence and Analytics for Solera Networks. For nine years, he edited security coverage and wrote an award-winning column about online privacy for PC World. He then changed gears and jumped into the world of malware analysis, working for antivirus vendor Webroot as their Lead Threat Research Analyst, and eventually, blogger. At Solera, Brandt contributes to a drive to further innovate the groundbreaking DeepSee platform, while calling out the bad guys (and making fun of them, whenever possible).

AusCERT2012 Presentation

Preparing for the Inevitable: Combatting Advanced Targeted Attacks with Security Intelligence and Big-Data Analytics

Flow-based retrospective analysis might provide information on who the actors are in a security breach, but that's about it. It's like reviewing a phone bill and seeing who talked to whom, at what time, and for how long. However, what is missing is the actual conversation. When it comes to incident response, Security Intelligence and Big-Data Analytics gives you the full network conversation so you have the complete picture of any security event. Answer the difficult post-breach questions like 'who or what caused the breach?'; 'what systems or data were compromised?'; and ‘are we sure its over?’ Full packet capture, combined with high-speed deep packet inspection, indexing and reconstruction gives you the full context that limited flow-based analysis just can't provide. Don't be left without the content - in it you will find answers. Having access to all content, flows, artifacts and files of all collected data enables context-aware security and effective cyber intelligence - hastening incident response and protecting your organisation.

AusCERT2012 Presentation in PDF format