Contact Us
0 Results Found
              Back To Results
                Close Contact Us

                Windows Management Instrumentation Threats

                Good tools gone bad

                Speaker:Lee Lawson, Special Operation Resercher, Secureworks Counter Threat Unit
                Recorded: September 12, 2017
                Duration: 60 Mins

                What you will learn:

                • Why WMI is so risky
                • Tips to identify malicious use of WMI
                • How threat actors hide their tracks and how you can unmask them
                • WMI threats identified by Secureworks researchers
                • How you can avoid becoming a victim to this growing threat vector

                Windows Management Instrumentation (WMI) is a Microsoft Windows administrative tool that has access to all system resources, making it powerful for both legitimate and illegitimate use.

                Via WMI you can do things like execute, delete and copy files; change registry values; and identify what security products are installed to aid in bypassing them.

                The malicious use of WMI and other legitimate tools continues to grow and was identified as a top trend in a recent SecureWorks Threat Intelligence Executive Report. Like PowerShell, WMI is often used to create file-less attacks that are difficult to identify and stop with technology alone. This makes WMI the perfect tool for threat actors to use as camouflage while acting inside your organization.

                View Your On-Demand Webcast

                All fields are required.
                Watch Now

                We generate around 2 billion events each month. With Secureworks, we are able to crunch down that number to 20-30 high fidelity alerts — and that makes my team's job much easier.
                Sunil Saale, Head of Cyber and Information Security, Minter Ellison
                Red Cloak™ Threat Detection and Response isn’t just the next generation of SIEM, it’s an evolution.
                David Levine, CISO, Ricoh Group

                Why Secureworks®?

                The old approaches to cybersecurity are no longer adequate. It’s time for something new. Layered defenses can create almost as many problems as they solve, and security teams struggle to keep up with the threat. What you need is context across all your layers of defense with the right people, processes, and technology working together in concert. That’s how Secureworks can help. Using 20+ years of industry knowledge, advanced analytics, industry-leading threat intelligence, and the network effect of more than 4,000 customer environments, we provide world-class cybersecurity solutions to customers around the globe. This unmatched experience empowers our customers to be Collectively Smarter. Exponentially Safer.™

                Our Managed Detection and Response (MDR) solution is comprehensive, powered by our cloud-native software Red Cloak™ Threat Detection and Response that uses AI and machine learning to deliver better outcomes for your security operations. MDR unifies telemetry from your existing security technology to maximize visibility, reduce complexity, and enable you to move at the speed of the threat. Learn more about how Managed Detection and Response uses contextualized visibility to improve your organization’s security posture.

                Related Content