Detecting early signs of compromise by splunking windows sysinternal

Splunk_Power_Banner

OVERVIEW

The traditional way of detecting an advanced malware or threat compromise in a Windows environment using a signature-based anti-virus or malware product is difficult.  Most anti-malware solutions that are signature based rely on a known list of signatures:

  • Endpoint protection products don’t have a perfect list of threats to detect all signatures that exist or are known
  • Don’t apply to new types of threats that are executed as new executables at the endpoints because there is no known signature to compare against

This traditional approach is forcing organizations to constantly deal with security breaches that range from incidents that deal with data exfiltration, service interruptions and ransomwares that are all dealing with the inability to protect and detect the …

» Continue reading