Upcoming webinar

ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack

icon-calendar
icon-globe
EMEAAmericas
icon-clock
9:00 a.m. PT, 6:00 p.m. CEST

Hosted by

Apoorva Joshi

Elastic

headshot-craig-Chamberlain-300x300.jpg
Craig Chamberlain

Security Research Engineer

Elastic

Highlights

When it comes to malware attacks, one of the more common techniques is “living off the land.” Attackers utilize standard programs and processes to execute these attacks, blending into an existing environment to avoid detection.

ProblemChild aims to help detect these attacks by identifying rare parent-child process chains and suppressing commonly occurring ones, since processes that are rarely spawned in an environment (and more-so from a specific parent process) could indicate malicious activity. Flagging rare malicious processes further helps security/malware analysts prioritize events for analysis. The ProblemChild framework identifies these anomalous chains by leveraging multiple machine learning capabilities in the Elastic Stack.

In this webinar, we will provide:

  • An overview of how we implemented ProblemChild in the Elastic Stack
  • A deep dive into case studies that leverage the ProblemChild framework
  • Results that show the effectiveness of ProblemChild at identifying living-off-the-land attacks

Additional Resources

Register to attend

Can't make it? Register and we'll send you the recording. You'll also receive an email with related content.