As mobile devices become more and more prevalent in our lives, the clash between security and usability moves to the forefront. Apple integrated TouchID into its main mobile devices products (iPhones/iPads). In Apple’s controlled fashion, access to the TouchID was unavailable at first and has been expanded over subsequent releases. With this expansion is a new world of authentication possible?
In this talk, we will explore the architecture of TouchID and the how Apple is pushing biometrics into the forefront of consumer-based products. As companies start embracing biometrics, there are standard client-side authentication risks and TouchID Implementations risk. We will explore the architecture and common implementations, to understand possible hidden risks, and how to strengthen the implementations.
This example laden talk will show how common tools available in today's enterprise environments can be harnessed to enhance and transform an appsec program. This talk will have example attacks and simple config changes that could make all the difference. Devs, infrastructure sec, ciso, come one come all.
Since the introduction of public key cryptography by Diffie and Hellman in 1976, uses and infrastructure have grown in unimaginable ways. The security that has been afforded through Public Key Infrastructure (PKI) is now an integral and essential part of the internet. The proliferation of digital certificates, certificate authorities and PKI implementations creates a large and enticing attack surface. Most businesses rely heavily on PKI for their data security, yet few organizations could tell you how many certificates they have deployed, where they are and their current status. This presentation will discuss a few of the most critical PKI implementations and threats they face today. The talk will conclude with mitigation recommendations and practical ways you can improve the PKI in your organization.
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
Modern elastic cloud infrastructure is fundamentally breaking traditional security approaches. Public cloud has no natural perimeter and network segmentation leaving individual cloud servers exposed. In private cloud, malicious East-West traffic inside the network is a serious threat. As new workloads are added and retired dynamically, change control is difficult, and updating granular firewall rules and security policies becomes a risky, manual process. Join us and learn the 6 Critical Criteria to secure your public, private or hybrid cloud – on-demand, anywhere, at any scale.
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
The security practitioner's role is changing significantly. Trends like mobile, cloud, DevOps, and Zero Trust are creating new roles and erasing others. This presentation navigates these changes and makes some recommendations for folks wanting to keep up with the curve.
As mobile devices become more and more prevalent in our lives, the clash between security and usability moves to the forefront. Apple integrated TouchID into its main mobile devices products (iPhones/iPads). In Apple’s controlled fashion, access to the TouchID was unavailable at first and has been expanded over subsequent releases. With this expansion is a new world of authentication possible?
In this talk, we will explore the architecture of TouchID and the how Apple is pushing biometrics into the forefront of consumer-based products. As companies start embracing biometrics, there are standard client-side authentication risks and TouchID Implementations risk. We will explore the architecture and common implementations, to understand possible hidden risks, and how to strengthen the implementations.
This example laden talk will show how common tools available in today's enterprise environments can be harnessed to enhance and transform an appsec program. This talk will have example attacks and simple config changes that could make all the difference. Devs, infrastructure sec, ciso, come one come all.
Since the introduction of public key cryptography by Diffie and Hellman in 1976, uses and infrastructure have grown in unimaginable ways. The security that has been afforded through Public Key Infrastructure (PKI) is now an integral and essential part of the internet. The proliferation of digital certificates, certificate authorities and PKI implementations creates a large and enticing attack surface. Most businesses rely heavily on PKI for their data security, yet few organizations could tell you how many certificates they have deployed, where they are and their current status. This presentation will discuss a few of the most critical PKI implementations and threats they face today. The talk will conclude with mitigation recommendations and practical ways you can improve the PKI in your organization.
Sam Herath - Six Critical Criteria for Cloud Workload Securitycentralohioissa
Modern elastic cloud infrastructure is fundamentally breaking traditional security approaches. Public cloud has no natural perimeter and network segmentation leaving individual cloud servers exposed. In private cloud, malicious East-West traffic inside the network is a serious threat. As new workloads are added and retired dynamically, change control is difficult, and updating granular firewall rules and security policies becomes a risky, manual process. Join us and learn the 6 Critical Criteria to secure your public, private or hybrid cloud – on-demand, anywhere, at any scale.
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...centralohioissa
During this talk we will be discussing hardware reverse engineering and why this is becoming a new way for attackers to compromise company networks. We will discuss how vendors are now leaving potentially malicious code within firmware and how some attackers could exploit these vulnerabilities. We will also discuss why it is important for companies to spend time reviewing hardware for vulnerabilities prior to deploying the systems within your company’s network and outlining a process on how to perform this work.
The presenters will outline each phase of the hardware reverse engineering assessment, outlining how to exploit various vulnerabilities that you may discover and provide a list the software and tools that will be needed to support this work. Finally we will talk about how you should be documenting your findings for management and how to properly disclose the findings to the vendor once the test has been completed.
The security practitioner's role is changing significantly. Trends like mobile, cloud, DevOps, and Zero Trust are creating new roles and erasing others. This presentation navigates these changes and makes some recommendations for folks wanting to keep up with the curve.
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
Presentation given at the Rocky Mountain InfoSec Conference - May 10, 2017.
Gives an overview of Google's BeyondCorp project, why Zero Trust is the right framework to follow, and how to get started at your own company.
Learn more about BeyondCorp at: www.beyondcorp.com
Learn more about ScaleFT at: www.scaleft.com
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...centralohioissa
Continuous Integration, Continuous Delivery, and Continuous Deployment can include security! We will explore functional examples of CI/CD^2 toolchains using only open source software (OSS): What are the components? What activities do they support? What works well? What works... not so well? What is the cost of freely available OSS?
In this talk we will explore the activities that are involved with successful Continuous Integration, Continuous Delivery, and Continuous Deployment. We’ll do this by discussing how traditional software security activities like SAST, DAST, manual code reviews, and ethical hacking work together and independently to strengthen your program.
How Zero Trust Changes Identity & AccessIvan Dwyer
Presentation given at the BeyondCorp SF Meetup organized by ScaleFT on Mar 9th 2017.
Learn more about BeyondCorp at: www.beyondcorp.com.
Learn more about ScaleFT at: www.scaleft.com
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
A successful API strategy requires a strong partnership between the business, IT, and security functions. Rather than as a hindrance, security increasingly is viewed as a business enabler, with CISOs and CSOs playing a critical role in implementing “guardrails” for safe, secure and compliant API services and security architectures free of unnecessary complexity.
Ultimately, a secure API platform enables developers and DevOps to focus on innovation—by improving the mobile user experience and deploying apps in the cloud, with appropriate security controls built-in. In this webcast, Apigee’s Subra Kumaraswamy and Saba Software CSO Randy Barr will explore how CISOs and CSOs partner with IT and business leaders for a safe and secure journey to cloud, SaaS, and mobile services.
Join to learn about:
- The role of the security officer in helping IT and business meet objectives
- How smart and secure API guardrails remove friction in consuming APIs while protecting sensitive data exposed via APIs.
- Best practices that work for an API centric enterprise
Download podcast: http://bit.ly/1B6h3TR
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
The integration between Red Hat OpenShift and CyberArk Conjur Enterprise enables development organizations to both strengthen and simplify secrets management security for application containers. The approach utilizes native capabilities, including authenticators, to improve an organization’s overall security posture and reduce risk. This is accomplished without disrupting operations or impairing development velocity.
In this webinar, we’ll demo the new capabilities and explain the benefits of using CyberArk Conjur as a centralized solution for managing secrets in OpenShift container environments.
Learn how to:
Enable segregation of duties – to free developers from most security concerns, while giving security the tools they need to ensure the security requirements are met
Simplify how developers secure container environments
Enable security teams to enforce policy-based access controls with strong authentication
Free developers and operations teams from the burdens of meeting audit requirements
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
Recently there has been a realization that traditional methods of segmentation like VLANs and Firewalls are not suitable for today’s rapidly changing enterprise environments.
In this webinar come learn about how modern software-defined segmentation solutions:
Start with visibility.
Provide enterprises with easy ways to identify and label workloads.
Provide easy to implement, granular enforcement that goes way beyond IP address and port but is able to lock down by process, user and domain.
Enables DevOp automation, provisioning and management.
Is decoupled from and works in an agnostic fashion across every enterprise platform.
Provides unparalleled security while enabling compliance and ongoing compliance validation.
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
This eBook discusses network access control (NAC) limitations offering details on why a Software-Defined Perimeter delivers better network security for today's enterprise.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ISE and TrustSec
Recent breaches have demonstrated that insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization. As a result, it has become necessary to implement security policies inside the network. This webinar describes a data intelligence-driven approach to dynamically segmenting the network to control threats and protect the enterprise through the use of NetFlow and Lancope’s StealthWatch® System in combination with Cisco ISE and TrustSec.
This webinar will cover:
• design and deployment scenarios
• use cases
• best practices
• configuration examples
• forward-leaning vision
The primary takeaway of this webinar is a methodology for leveraging StealthWatch to drive segmentation policies and control threats on the network interior.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
The increasing mobility of professional users has brought an end to the traditional corporate security perimeter. Google has reinvented its security perimeter around devices through its groundbreaking "BeyondCorp" initiative. In this talk, two Google security leaders will share how this transformation took place, where it's headed and how you can apply this approach to your organization.
(Source: RSA Conference USA 2017)
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
As companies evolve their IT stack, traditional security approaches/architectures need to be reconsidered. This session will review some of the new risks introduced by SaaS/IaaS adoption and show how to mitigate these risks using new approaches to security architecture. Presenters will also review the transition of security architecture itself to the cloud.
(Source: RSA USA 2016-San Francisco)
BeyondCorp - Google Security for Everyone ElseIvan Dwyer
Presentation given at the Rocky Mountain InfoSec Conference - May 10, 2017.
Gives an overview of Google's BeyondCorp project, why Zero Trust is the right framework to follow, and how to get started at your own company.
Learn more about BeyondCorp at: www.beyondcorp.com
Learn more about ScaleFT at: www.scaleft.com
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...centralohioissa
Continuous Integration, Continuous Delivery, and Continuous Deployment can include security! We will explore functional examples of CI/CD^2 toolchains using only open source software (OSS): What are the components? What activities do they support? What works well? What works... not so well? What is the cost of freely available OSS?
In this talk we will explore the activities that are involved with successful Continuous Integration, Continuous Delivery, and Continuous Deployment. We’ll do this by discussing how traditional software security activities like SAST, DAST, manual code reviews, and ethical hacking work together and independently to strengthen your program.
How Zero Trust Changes Identity & AccessIvan Dwyer
Presentation given at the BeyondCorp SF Meetup organized by ScaleFT on Mar 9th 2017.
Learn more about BeyondCorp at: www.beyondcorp.com.
Learn more about ScaleFT at: www.scaleft.com
Arshan Dabirsiaghi, Contrast Security
Matt Austin, Contrast Security
Nothing in the security industry has moved the needle like Data Execution Prevention and it's sister protections like ASLR.
The availability of secure APIs, the training of developers around the world, and the efforts of security practitioners all produced practically nothing compared to the practical gains produced by DEP, ASLR and other "automatic" protections provided by the tool chain and OS itself.
Where is the equivalent in the Application Layer? Can we use these same techniques and approaches to stop SQL Injection and Deserialization attacks? Can we give developers a "secure stack by default" for any application?
In this talk we'll show you the promising results of our research into this space using binary instrumentation, including the release of free tools that developers can use to protect their applications today from several bug classes, instantly, and without any code changes.
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
A successful API strategy requires a strong partnership between the business, IT, and security functions. Rather than as a hindrance, security increasingly is viewed as a business enabler, with CISOs and CSOs playing a critical role in implementing “guardrails” for safe, secure and compliant API services and security architectures free of unnecessary complexity.
Ultimately, a secure API platform enables developers and DevOps to focus on innovation—by improving the mobile user experience and deploying apps in the cloud, with appropriate security controls built-in. In this webcast, Apigee’s Subra Kumaraswamy and Saba Software CSO Randy Barr will explore how CISOs and CSOs partner with IT and business leaders for a safe and secure journey to cloud, SaaS, and mobile services.
Join to learn about:
- The role of the security officer in helping IT and business meet objectives
- How smart and secure API guardrails remove friction in consuming APIs while protecting sensitive data exposed via APIs.
- Best practices that work for an API centric enterprise
Download podcast: http://bit.ly/1B6h3TR
Centralize and Simplify Secrets Management for Red Hat OpenShift Container En...DevOps.com
The integration between Red Hat OpenShift and CyberArk Conjur Enterprise enables development organizations to both strengthen and simplify secrets management security for application containers. The approach utilizes native capabilities, including authenticators, to improve an organization’s overall security posture and reduce risk. This is accomplished without disrupting operations or impairing development velocity.
In this webinar, we’ll demo the new capabilities and explain the benefits of using CyberArk Conjur as a centralized solution for managing secrets in OpenShift container environments.
Learn how to:
Enable segregation of duties – to free developers from most security concerns, while giving security the tools they need to ensure the security requirements are met
Simplify how developers secure container environments
Enable security teams to enforce policy-based access controls with strong authentication
Free developers and operations teams from the burdens of meeting audit requirements
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
Recently there has been a realization that traditional methods of segmentation like VLANs and Firewalls are not suitable for today’s rapidly changing enterprise environments.
In this webinar come learn about how modern software-defined segmentation solutions:
Start with visibility.
Provide enterprises with easy ways to identify and label workloads.
Provide easy to implement, granular enforcement that goes way beyond IP address and port but is able to lock down by process, user and domain.
Enables DevOp automation, provisioning and management.
Is decoupled from and works in an agnostic fashion across every enterprise platform.
Provides unparalleled security while enabling compliance and ongoing compliance validation.
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
This eBook discusses network access control (NAC) limitations offering details on why a Software-Defined Perimeter delivers better network security for today's enterprise.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ISE and TrustSec
Recent breaches have demonstrated that insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization. As a result, it has become necessary to implement security policies inside the network. This webinar describes a data intelligence-driven approach to dynamically segmenting the network to control threats and protect the enterprise through the use of NetFlow and Lancope’s StealthWatch® System in combination with Cisco ISE and TrustSec.
This webinar will cover:
• design and deployment scenarios
• use cases
• best practices
• configuration examples
• forward-leaning vision
The primary takeaway of this webinar is a methodology for leveraging StealthWatch to drive segmentation policies and control threats on the network interior.
The Offensive Cyber Security Certification will upgrade your skills to become a pentester, exploit developer. You will learn multiple offensive approaches to access infrastructure, environment, and information, performing risk analysis and mitigation, compliance, and much more with this program.
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
The increasing mobility of professional users has brought an end to the traditional corporate security perimeter. Google has reinvented its security perimeter around devices through its groundbreaking "BeyondCorp" initiative. In this talk, two Google security leaders will share how this transformation took place, where it's headed and how you can apply this approach to your organization.
(Source: RSA Conference USA 2017)
Take It to the Cloud: The Evolution of Security ArchitecturePriyanka Aash
As companies evolve their IT stack, traditional security approaches/architectures need to be reconsidered. This session will review some of the new risks introduced by SaaS/IaaS adoption and show how to mitigate these risks using new approaches to security architecture. Presenters will also review the transition of security architecture itself to the cloud.
(Source: RSA USA 2016-San Francisco)
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...Mail.ru Group
Алексей рассказал о Cisco PSIRT, жизненном цикле управления уязвимостями и взаимодействии Cisco PSIRT с пользователями. Также докладчик разобрал два кейса: «Heartbleed» и «Програмный имплант в Cisco IOS».
OnDemand Webinar: Key Considerations to Securing the Internet of Things (IoT)...Great Bay Software
IoT has evolved beyond a hyped-buzzword into available technologies on the market that can significantly improve customer outcomes & deliver benefits. However, the reality of IoT as an interlinked set of hardware, software, & ubiquitous connectivity is that it creates new security challenges & exacerbates legacy security problems.
In this presentation, guest Forrester Senior Analyst Merritt Maxim will summarize:
- Key IoT & biomedical device trends
- Outline the current IoT & biomedical attack surface
- Provide guidance on how organizations can protect & defend against IoT based threats while meeting desired IoT business objectives
Layered Security / Defense in Depth
One area that I have found that even seasoned security professionals have a problem with articulating is layered security (defense in depth). Most are familiar with their area of expertise (servers, networks, pen testing, etc.), but have never viewed security as a heterogeneous process. In my presentation I use a layered diagram to highlight what controls are in what layers, what controls interact across layers, and what a complete layered security model would look like vs. what a more typical company security model does look like.
Nathan Shepard
CISSP, CISM, CRISC, CISA
33 Years in IT.
21 Years in Information Security.
Information Security consulting at the corporate governance level.
Information Security management for outsourced InfoSec delivery.
Job aids for initiating, planning, executing, controlling, and closing projects for project team members and project managers.
The project management presentation for the 23rd Annual Southeast ASQ FDC/FDA Conference held February 12, 2010.
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
The security industry moves fast and is already a crazy place that's tough to keep up with. What happens when you get a window into the early-stage security startup market? You realize the rabbit hole goes, much, much deeper.
Presentation by Ismael Valenzuela from Intel Security about ransomware and how enterprises can design their IR responses to mitigate ransomware threats.
Security in the age of open source - Myths and misperceptionsTim Mackey
As delivered at Interop ITX 2017.
The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
These are the slides from Misha Seltzer's talk at Product of Things Conference in Tel Aviv on July 2018:
Who this talk is for: this talk is for product managers that want to avoid common design flaws that lead to easily hackable IoT devices.
After this workshop you will be able to:
Spot and eliminate security design flaws early
Know where you, as a PM, can get involved to improve your product's security
Learn from mistakes done by others, and not repeat them
What is covered:
RTOS as well as Linux-based IoT protection
Rules of thumb for basic IoT security
Unexpected areas from which security flaws might creep into your products.
In the land of IoT, with so many different companies/manufacturers competing for the same space, it's essential to have a good reputation. One embarrassingly hackable product can not only hurt sales but kill the company altogether.
In this talk, we'll go over a couple of cases of embarrassing IoT security flaws, learn how/where those mistakes were made, and what can you, as PMs, do not to repeat those mistakes.
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
Our security practices need to evolve in order to address the new challenges propped up by the rapid adoption of technologies and products to enable the world to WFH. The mantra of the attacker remains consistent -- attack that which yields maximum result -- and that is usually something used by a very very large number of users. This webinar will discuss the Top 10 Security Gaps that CISOs should be aware of as they brace for long WFH periods.
What will you learn :
-New Attack techniques hackers are using targeting WFH
-How to handle decentralisation of IT and technology decisions?
-Application risks as enterprises pivot to online/new business model(s)
-New risks in the Cloud and due to Shadow IT
-Security risks due to uninformed employees & their home infrastructure
-How to handle Misconfigurations & Third party risks
-How to build a robust breach response and recovery program?
Full video - https://youtu.be/bQLfnmhDnQs
Jon Noble. Jon will give a brief overview of why you should consider security as part of your CloudStack deployment, why your approach to security needs to be different than in a traditional environment, and also talk about some of the motives behind the attacks – why they attack you and what they do once they have compromised a system.
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
It's 2019 and we still don't know if we have a complete inventory of our assets. It is impossible to guarantee that they are all safe. The last penetration test resulted in a bloodbath. Every day we worry about whether today is the day they hack us. This cycle of stress and worry MAY break, but each stage of securing system has its complexities and challenges. We will analyze these challenges, these difficulties, and provide strategies to address them.
From asset discovery to system tightening to vulnerability management - this presentation will show you how to build lasting trust in the security we provide to our organizations.
Corona| COVID IT Tactical Security Preparedness: Threat ManagementRedZone Technologies
Work from Home - Practical Advice on Operations and Security Impact and what to do about it.
DR and BCP Planning Ideas
Widening Attack Surface Solutions
Managing Threats Solutions
Threats have increased exponentially. Current indicators show a massive increase in threat vectors as a result of COVID-19. What makes this more unsettling is the fact that most ransomware will remain dormant for months before activating. Check out this presentation with ATC provider, TPx. Topics covered during this virtual event include: firewall security, firewall software, endpoints, malware, backups and DR, managed security services and TPx MSx.
The extent and impact of recent security breaches is showing that current security approaches are just not working. But what can we do to protect our business? We have been advocating monitoring for a long time as a way to detect subtle, advanced attacks that are still making it through our defenses. However, products have failed to deliver on this promise.
Current solutions don't scale in both data volume and analytical insights. In this presentation we will explore what security monitoring is. Specifically, we are going to explore the question of how to visualize a billion log records. A number of security visualization examples will illustrate some of the challenges with big data visualization. They will also help illustrate how data mining and user experience design help us get a handle on the security visualization challenges - enabling us to gain deep insight for a number of security use-cases.
Most people think a successful data product requires just three things: data, the
right algorithm, and good execution. But as anyone who’s tried to create one
knows, an effective product requires much more. In this talk, Dr. Correa Bahnsen
will share his successes—and failures—in building data products for information
security, and why an isolated data science team is a recipe for failure.
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Adrian Sanabria
In decades past, cybersecurity professionals spent a lot of their time warning organizations away from bleeding-edge technology. As a group, we’re inherently nervous around new technology. It’s unproven, it has bugs, there’s no basis for trust, and sometimes it violates or pushes back on traditional boundaries and best practices.
Traditionally, you were a fool to rush into new technology, but these days… would you be a fool not to?
Modern businesses are hyper-aware of the competitive advantages emerging technology can give. While every new technology doesn’t become an advantage, organizations in many industries can’t afford to wait and see before experimenting with it.
This talk will explore the cybersecurity professional’s role in each of the five stages of adoption, from innovators to laggards. The talk will also explore what we can do to better guide our employers and clients to make safer and more informed decisions as they try to balance the growth and stability of their businesses.
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesC...Adrian Sanabria
### Part 1 (20 min) - Avoiding Bad Stats
Bad and even fake statistics are commonly found in mainstream media, but did you know that they're even more common in InfoSec? Cybersecurity vendors and media can often be found using statistics that are poorly interpreted, come from bad data, or are even entirely fabricated! I'll cover some high-profile examples of bad and fake stats. Then, I'll walk through some strategies and tools you can use to spot and debunk bad stats yourself! This skill isn't just useful for your InfoSec day job, either - these same approaches will work for bad stats you come across in any field.
### Part 2 (20 min) - The Benefits of Playing Live Trivia with Friends
Now that you understand how to spot and validate bad stats, I'll talk about how doing weekly live trivia with friends can improve your self-awareness, confidence, and humility. We'll talk about how trivia can help you spot and avoid your own cognitive biases and some fallacies that often lead us down dangerous paths.
Lies and Myths in InfoSec - 2023 Usenix EnigmaAdrian Sanabria
In InfoSec, many closely held beliefs, commonly accepted best practices, and accepted ‘facts’ are just wrong. These myths and lies spread quickly. Collectively, they can point security teams in the wrong direction. They can give rise to ineffective products. They often make their way into legitimate research, clouding results.
"Sixty percent of small businesses close within 6 months of being hacked."
There's a good chance you've seen this stat before. It has no basis in reality. The available evidence suggests quite the opposite.
"Attackers only need to get it right once, defenders have to get it right every single time."
This idea has been repeated so often in InfoSec that it has become generally accepted as a true statement. It isn't just wrong, it's demotivating and encourages defeatist thinking that can sink the morale of a security team.
Most of the myths and lies in InfoSec take hold because they seem correct, or sound logical. Similar cognitive biases make it possible for even the most preposterous conspiracy theories to become commonly accepted in some groups.
This is a talk about the importance of critical thinking and checking sources in InfoSec. Our industry is relatively new and constantly changing. Too often, we operate more off faith and hope than fact or results. Exhausted and overworked defenders often don't have the time to seek direct evidence for claims, question sources, or test theories for themselves.
This talk compiles some of the most interesting research I’ve done over the past decade. My goal is to convince you to treat vendor claims, commonly accepted industry statistics, and best practices with healthy skepticism. You don't need to be a data scientist or OSINT expert to test theories and discover the truth - you just need to sacrifice a bit of your time now and then. I'll show you how.
Indistinguishable from Magic: How the Cybersecurity Market Reached a Trillion...Adrian Sanabria
The phrase low-hanging fruit is an apt metaphor to explain how security market growth and cybercrime success have mirrored each other. For early humans, it made sense to go for maximum calories with the least effort. As with most things in security, traditional logic doesn't always apply.
We got the budget we asked for.
We got the shiny products.
We got the training.
We got the staff.
We got breached.
Something is clearly still missing in security.
This won't be a vendor-bashing, anti-products talk. In fact, I'll argue that products are the least of the problem. In nearly ever breach I've analyzed, the target had all the products and people they needed to prevent, detect, and stop the attack.
What's missing is more nuanced. While it isn't low hanging fruit, it isn't rocket science either. What's missing isn't even unique to security - other disciplines and industries figured it out long ago (usually the hard way, after a lot of accidental deaths).
We’ve made a lot of progress over the 20+ years I’ve been involved in the industry, but to make the next leap in maturity, we have to shift our focus a bit. This talk will argue we need to shift some of our focus to things like resilient processes, more feedback loops, and improving response through team practice.
You've got security issues to solve. Should you build a solution or buy something pre-built? If you choose to buy, what should your selection criteria be? What questions should you ask the vendor? How should you run a POC? How do you put a security product through it's paces?
You can view a recording of this presentation here: https://www.youtube.com/watch?v=SPFam1FtPRY
What do you remember about the Equifax? Something about someone forgetting to patch Struts, and then the bad guys were able to get in and steal all the data? What actually happened was much more nuanced, and there's much to learn by diving into the details.
Endpoint threats aren't threats if proper defenses are in place. Listen and learn from Adrian on how to set up proper defenses for endpoints in your organization.
Presentation made for HexCon21
Everybody decries the state of the industry. Everyone hates the over-hyped headlines, the obvious FUD and the shameless snake-oil.
So why do we have so much of it?
This talk aims to examine several of the dark-patterns that have become perfectly acceptable in infosec and then aims to drill down to their root causes. With any luck, we will also get to discuss some options to chart our way out of this mess.
One of the more common IoT, "cloud-based" device mistakes is one that leaves 100% of customer devices at risk. I share an example I discovered while doing due diligence in the course of my job back in 2012.
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Adrian Sanabria
There are over 100 endpoint security products that claim to stop malware and other attacks against Windows. Nearly every major security incident or breach that has made media headlines had two things in common: Windows running one of these 100 products. This workshop won't spend any time bashing vendors, however. In fact, many of these products can be valuable assets when part of a more comprehensive endpoint protection strategy.
Part one of this workshop will address the anatomy of malware and why it succeeds so often.
The second part will dive down into practical defensive strategies, including passive prevention, detection, response, and remediation.
- Passive prevention is effectively free and ideal
- Prevention will always fail a percentage of the time, so detection is essential
- Response, if practiced and efficient, has a chance of stopping attacks before they reach their goal
- Remediation, because someone has to clean up this mess...
Every successful security strategy includes planning to handle failure quickly and effectively.
The remainder of the workshop will be hands-on.
Part three will review the native defensive capabilities in Windows and the pros/cons associated with using them.
For the finale, brave and trusting attendees will be invited to run neutered malware on the virtual Windows systems provided for this workshop to test out our newfound defensive skills. If not, there's no shame in watching your neighbor infect themselves with ransomware as you take notes.
Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?
At a time when some say users pose the biggest threat, new tools are emerging that give users more freedom than ever.
451 Analyst, Adrian Sanabria speaks on this bold new approach to application control in our latest webinar.
KEY TOPICS
1. Learn from the past: valuing User Experience, IT workload & business/IT relations.
2. Take off the training wheels: it’s possible to trust users to make the right choices, but still have options if they don”t.
3. Drop unreasonable goals: more restrictions ≠ more security.
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...Adrian Sanabria
Enterprise security teams are facing numerous challenges because of evolving threat vectors bypassing existing technology, deluge of alerts, and lack of skilled resources to stop advanced threats. Even if enterprises have a budget to bring in outside incident response and forensics teams to stop the bleeding, by then, damages and loss have already occurred.
Security teams must change the shape of their security program to stop threats at the earliest and all stages of the attacker lifecycle. Join 451 Research Senior Analyst, Adrian Sanabria, and Director of Products at Endgame, Mike Nichols, talk about how earliest prevention and instant detection can change the shape and outcome of enterprise security program.
This talk will outline strategies for:
• Prioritizing the alerts and events that really matter
• Identifying parts of the investigation workflow that can be automated
• Building a detection methodology that creates confidence and continuously improves defenses
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
In recent years, endpoint security has evolved well beyond signature-based antivirus which proved unable to keep pace with the speed and volume of evolving threats. With the onslaught of new security technologies available, it can be difficult to determine where to begin. In this webinar, 451 Senior Analyst, Adrian Sanabria and Cylance Product Marketing Manager, Steve Salinas will discuss a proven approach to securing your endpoints.
Adrian and Steve will present the fundamental steps to securing endpoints:
• Step 1: A Better Malware Mousetrap
• Step 2: More Resilient Endpoints
• Step 3: Stopping Non-Malware Attacks
• Step 4: Full System Visibility with Endpoint Detection and Response
• Step 5: Dynamic Defense with User Behavior
• Step 6: Data Visibility
• Conclusion: Malware is Solved! What Now?
Endpoint security can be complex. Join us for this webinar to learn how applying a reasoned, results-based approach can help you can take control of your endpoints and silence attackers.
Endpoint threats have entered a new era, and the security industry has been rushing to catch up. The result is a highly fragmented and confusing market that has doubled in size to over 70 vendors in the last four years. We're in the midst of the second great endpoint security consolidation and will discuss precisely what that means. We'll discuss six progressive stages endpoint security will work through as this market continues to mature over the next five years or so.
You’ve heard about security startups on the bleeding edge and you’ve heard early adopters sharing success stories at conferences. Meanwhile, legacy security paradigms have been falling (and failing) around us. This session will discuss building a continuous program for evaluating startups and new technologies (on a budget) while avoiding unnecessary risk and instability to existing infrastructure.
Cloud, DevOps and the New Security PractitionerAdrian Sanabria
First presented at Cloud Security World in Boston on June 15th, 2016.
Once upon a time, walls were erected between the Linux/UNIX crowd, Windows admins and the mainframers. Each architecture had its place and its experts, and they rarely mixed. This time around, we didn’t just get a new domain, we got a new way of doing IT and running businesses. Cloud has created new opportunities and DevOps has capitalized on them. The result of this combination is so unrecognizable that it isn’t uncommon to see IT organizations split down the middle by the new and old approaches. As DevOps continues to gain in popularity, the same split is occurring in the security workforce. Will the traditional security practitioner be in danger of becoming obsolete?
Hybrid Cloud Security: Potential to be the Stuff of Dreams, not NightmaresAdrian Sanabria
A presentation I gave at 451's inaugural Digital Infrastructure Summit in May 2015. The basic premise is that security can actually be easier, not more difficult in the cloud. I also explain why security is often listed as a top concern with using cloud providers.
The video is also available, though I had to cut my presentation time by a third, so it doesn't go quite as deep as some of the slides might suggest. The following YouTube link drops you about 65 minutes in, which is when my talk begins.
https://youtu.be/tHkVTSfTZtA?t=3903
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
3. Disclaimer
Judicious use of sarcasm and humor
I’m not laughing at you.
I’m not poking fun at your InfoSec program.
I’ve been there.
I’m cringing right along with you.
3
4. What does an analyst do?
In short: We’re the FAQ or missing manual to clients for our respective markets.
Who are our (451’s) subscribers?
1. Vendors
2. End users (enterprises, practitioners)
3. Investors (VCs, PE firms, Investment bankers, etc)
4
5. What does analyst research look like?
Get ready for brain overload…
5
10. The pace of the security industry… is staggering.
• 9 new security startups… every month
• 5 new security categories... every six months
• 1223 enterprise security companies in our vendor database as of 11/2/15
• 102 security M&A deals so far in 2015…
• …worth over $8.3 billion…
• …with a median value of $69 million.
• Perspective: We estimate security product revenue to be at $18 billion
10
11. Eight $&%^#* BILLION? What? How?
• 15 of these deals were worth $100m or more
• The top 15% of the deals account for 90% of the value
11
1. Bain bought Blue Coat ($2.4bn)
2. Raytheon bought Websense ($1.3bn)
3. Cisco bought OpenDNS ($635m)
4. Beijing Jinxing Rongda bought FL
Mobile (?!?) ($626m)
5. Cisco bought Lancope ($452m)
6. Thales bought Vormetric ($400m)
7. Trend Micro bought TippingPoint
from HP ($300m)
8. Microsoft bought Adallom ($250m)
9. Etc…
12. I mentioned 5 new categories every 6 months…
...and promised 10 categories you’ve never heard of...
BS? Let’s find out.
12
13. #1 – How do you secure infrastructure in the cloud?
1. Exactly the same way I do in the traditional datacenter!
2. I… thought it was secure because it was in the cloud. It is, isn’t it?
3. ???
13
14. #1 – Cloud Infrastructure Security
The idea: Workloads in the cloud don’t
work with traditional security products
and need their own purpose-built
solutions.
The customer: Anyone running
production workloads in the cloud
How does it work? Half the market uses
tiny agents and VMs that can be
automatically provisioned – the other
half are agentless - API-only.
14
The vendors:
• Jumpcloud
• Palerra
• CloudPassage
• Alert Logic
• Illumio
• Dome9
• FortyCloud
• Conjur
• BitSight
• ThreatStack
• AWS
• Evident.io
• Splunk (app for AWS)
• CloudCheckr
15. #2 How do handle data in the cloud?
1. I have data in the cloud?
2. I block the cloud
3. I find a private place to curl into a ball and weep
4. ???
15
16. #2 – Cloud App Control (aka ‘CASB’)
The idea: NGFWs gave us the ability to
allow/deny use of SaaS apps, but we still
need visibility into what users are doing
in those apps.
The customer: Anyone that has SaaS
app use within an organization and is
concerned about security (pretty much
everyone).
How does it work? Kinda like a firewall
for SaaS app features, but much much
more than that.
16
The vendors:
• SkyHigh
• Netskope
• Adallom (MSFT)
• BitGlass
• Skyfence (Imperva)
• FireLayers
• CloudLock
• Managed Methods
• Intermedia
• CensorNet
Pseudo-CAC
• CipherCloud
• Perspecsys
• Vaultive
• IBM CSE
• Palo Alto (Aperture)
• Zscaler
• CloudMask
• Palerra
• Harvest.ai
• Saviynt
• StratoKey
• Avepoint
17. #3 – How do you stop browser infections?
1. Block all plugins?
2. Force all users to use Opera or some browser attackers don’t care about?
3. Patch things VERY, VERY QUICKLY
4. Secure web gateway, known-bad blacklisting
5. ???
17
18. #3 – Browser Isolation
The idea: Most of the malware infections come in
through the web browser – if we move browsing
sessions off the endpoint, we remove a ton of risk
The customer: Any vertical without strict browser
requirements looking for a low-maintenance way
to cut down on infections.
How does it work? The browser session lives on
a highly locked down server on premise or in the
cloud. Only a stream of the session reaches the
endpoint (think publishing an app using Citrix
MetaFrame)
18
The vendors:
• Spikes Security
• Authentic8
• Light Point Security
• Niantic
• Menlo Security
• Armor5 (Digital Guardian)
19. #4 – What can we do about WAF evasions?
1. Keep tabs on all known evasions and update/configure WAF to deal with
every single one. It works for IDS/IPS, right?
2. Start drinking
3. Fetal position; weep
4. ???
19
20. #4 – Endpoint Security for Web Apps (RAST)
The idea: Network security is always easier to
evade, making the most ideal scenario to put the
security control as close to the focus of the threat
as possible. Think ‘web app HIPS’.
The customer: Enterprises that feel their network
WAF isn’t doing a good enough job, or requires
too much work to maintain.
How does it work? The agent/engine either lives
on the same host as the webapp, and inspects
requests. Unlike traditional IDS/IPS, most of these
build behavioral models and look for anomalies.
20
The vendors:
• Shape Security
• Immunio
• Prevoty
• HP App Defender
• Contrast Security
• Waratek
21. #5 – The Internet and users are HUGE THREATS
How can we deal with problems this big?
1. Get rid of the users
2. Take away all users access to everything
3. Let someone else run our websites and applications – liability shift
4. ???
21
22. #5 – Software-Defined Perimeter (SDP)
The idea: Manage users like any other host coming
from an untrusted network (like the Internet). Have
little to no Internet attack surface.
The customer: Anyone that feels like they’re
fighting a losing battle keeping endpoints secured
and under control.
How does it work? Like the idea of NAC, users have
no access by default. Access is granted to apps from
anywhere and any device through an authentication
gateway. Successful authentication creates an IPSEC
tunnel or reverse proxy to the app.
22
The vendors:
• Soha
• Verasynth
• Vidder
• CryptZone
• Safe-T
Kinda/not really
• FortyCloud
• Pertino
• Hamahi
• Unisys Stealth
24. #6 – The attacker got in. What now?
1. Call an IR/Forensics team to clean up
2. Take everything offline, kill the Internet egress and start rebuilding
3. To the SIEM! (80 hours of querying later, go to #1)
4. Game over, man!
5. ???
24
25. #6 – Detection through Deception (D&D)
The idea: Seed fake hosts, credentials and/or data
throughout your network to discover attacks.
The customer: Anyone looking for ways to discover
attacks that don’t use malware or evade typical
detection (especially insider threats).
How does it work? This ‘fake’ infrastructure (think
honeypots/honeynets) never has any valid reason to
be touched or used. 100% of alerts coming from this
infrastructure should indicate a true threat (as long as
you are aware of all authorized pentest activity)
25
The vendors:
• TrapX
• Guardicore
• Attivo Networks
• Shadow Networks
• Illusive Networks
• Thinkst Canary
• Perception Point
• ForeScout
26. #6 – Detection through Deception (D&D)
26
Stolen from https://canary.tools/#how-it-works
27. #7 – Incident response work is eating up all resources/time
1. Hire more people?
2. Outsource?
3. Buy more/better forensic tools?
4. ???
27
28. #7 – Incident Response Automation
The idea: Incident response doesn’t
have to be an entirely manual affair,
especially with incidents that are false
alarms or routine infections that must be
dealt with, but aren’t real threats.
The customer: Companies that spend
an inordinate amount of time in “IR
mode”.
How does it work? Network and
endpoint agents that integrate with
other products to automate remediation
workflows.
28
The vendors:
• Hexadite
• CSG Invotas
• Resilient Systems
• Phantom Cyber
• Cybersponse
• Dell SW ECIR
• Proofpoint Netcitidel
• ForeScout
Automated
Endpoint
Remediation:
• Hexadite
• Triumfant
• Webroot
• Guidance
Software
Snagged from
http://www.hexadite.com/wp-
content/uploads/2014/11/Hexadite-3-
29. #8 – Attackers know how to recon. What can we do?
1. Brace for impact!
2. Do more preparation
3. Buy more prevention
4. Practice IR skills/plans
5. ???
29
30. #8 – Automated Public (OSINT) Threat Assessments
The idea: Discovering, quantifying and
prioritizing threats to your business that
are outside your network and control.
The customer: Anyone with brand
reputation concerns or issues. Anyone
that stands to lose big if a breach occurs.
How does it work? Largely using OSINT
data and sources, determine if brand is
being abused or used for fraud. Hash
corporate sensitive data and determine
if it has been leaked to known
dark/deepweb, forums, paste sites or
other likely places for stolen data to turn
up. Some vendors do anti-phishing
takedown assistance also.
30
OSINT-focused:
• RiskIQ
• Area 1 Security
• ZeroFox
• Palantir (Kinda)
• Maltego (manual)
• BrandProtect
• Recorded Future
• Intrigue.io
• DarkWebID
• Surfwatch
DataLoss Detection
• Digital Shadows
• Terbium Labs
• Survela
31. #9 – How do you know your defenses work?
You bought all the things and plugged them all in. Do they work?
1. EICAR?
2. Watch for China?
3. ???
31
32. #9 – Incident Response Testing
The idea: In theory, our annual pentests
should be the key opportunity to
determine how good we are at detecting
attacks. Once a year isn’t enough for
training and continuous improvement
though…
The customer: Anyone serious about
really getting good at incident response.
How does it work? These products
simulate real attacks, allowing your IR
team to practice responding; fix gaps in
awareness, monitoring, alerting; do
more effective proof-of-concept testing
on new products; verify products are
working correctly; etc.
32
The vendors:
• Stratum Security
• vThreat
• SafeBreach
• AttackIQ
More exploit or anti-
phishing focused
• Metasploit
• Pwnieexpress
• Wombat
• PhishMe
Lifted from
https://vthreat.com
33. #10 – MDM/EMM/BYOD is hard.
The employees own the devices, but have corporate data on it.
Head, meet wall.
1. Wipe it?
2. Partial wipe?
3. Lock it down?
4. Issue corporate phones, forcing them to carry two smartphones at all times?
5. ???
33
34. #10 – Virtual Mobile Infrastructure
The idea: Separating work and personal on a mobile
device is still a challenge. Two phones fixes this, but is
physically inconvenient. Why not virtualize your work
phone?
The customer: Companies that don’t like existing
MDM/container options or have had little success with
them.
How does it work? Like with browser isolation, a
virtualized Android instance houses all your work stuff,
and you stream it remotely to your personal
iPhone/Android/whatever.
34
The vendors:
• Hypori
• Remotium (Avast)
• Nubo
• Raytheon
• Trend Micro
• SierraWare
35. #10 – Virtual Mobile Infrastructure
35
Lifted from https://nubosoftware.com/vmi.html
36. Crazy one-off bonus round: Power Fingerprinting
1. “You can’t put software on those systems”
2. “You can’t put anything on the network, either”
3. ???
36
37. Crazy one-off bonus round: PrivateCore
1. Service providers encrypt our data when stored.
2. What if someone dumped RAM in a multi-tenant environment?
3. ???
37