Meeting – Thursday Sept. 17th, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

08.13.09 - 02:37pm

 

Thursday Sept. 17th, 2009 3:00 – 5:00 PM at Con Way (2055 NW Savier St. Portland)

Bots PhD (Piled Higher and Deeper) – Detection

Craig Schiller, CISO, PSU

This session will dig deeper into the technology of bots and in particular
the technology used to protect the bots and the botherders.  We will examine
fast flux DNS, dynamic DNS and other concealment and obfuscation techniques.
Attendees will examine botnet communication technology to improve their
ability to detect them in the field.  Finally we will describe current
botnet detection technology.

What actions we can take to prevent infections, protect systems from bots,
collect intelligence about bots, and recover from their infestations?  What
steps can I take to prevent some botnets from infecting my systems? 

The nature of bots makes the profiles and signatures of many anti-malware
products less effective.  Behavior is the key to detecting and reacting to
bots.  Since behavior is dynamic we must gather information constantly to
recognize the signs of bot-like behavior.  Similarly, user and
enterprise-level behavior can increase or decrease the susceptibility to bot
attacks.  We will revisit the 5 reasons users believe they don’t have to
worry about bots.  The session will cover enterprise-wide policies and
practices that will make your systems less attractive to botherders.  Mr
Schiller will demonstrate the use of sandbox technology to analyze live
malware.

Category: Chapter Meetings, Events | Tags: