Financial institutions face an expanding attack surface and increasingly sophisticated nation-state threats that exploit critical blind spots in endpoint-focused security strategies. Advanced persistent threat groups are bypassing traditional endpoint detection and response by targeting unmanaged devices - firewalls, VPN concentrators, network edge devices, IoT systems and building automation - to establish initial access before moving laterally to high-value assets. The Volt Typhoon, Salt Typhoon and Silk Typhoon campaigns demonstrate how adversaries now infiltrate supply chains and third-party IT management firms, stealing API keys and access tokens to pivot seamlessly between on-premises and cloud environments.

In this session, Vincent Stoffer, field CTO at Corelight, will share insights on:

• Why EDR fails against attacks targeting unmanaged edge devices and infrastructure;
• Encrypted traffic analysis techniques for detecting human activity and threat signals;
• Establishing baselines and detecting anomalies from advanced zero-day threats.