DeepINTEL 2012 – Preliminary Schedule
This is the preliminary schedule of the first DeepINTEL seminar taking place in September 2012. We have more talks in the pipeline and the final decision won’t be long. Bear in mind that we will receive some additional information for some of the abstracts soon. The registration for DeepINTEL is online, too. If you are interested in attending DeepINTEL, please get in touch with us (you know, the vetting process and such).
Please note that all further updates will be published at the main DeepINTEL web site. You will also find the speaker’s biographies there.
Preventing and Detecting Mass-Malware and Advanced Threats (Tom “c-APT-ure” Ueltschi)
Your organization has firewalls, network IDS/IPS, anti-virus on multiple layers, maybe even HIPS, hardening and patching done and feels pretty safe and secure. But lots of companies and organisations who got breached had all that too. So maybe that’s not enough for today’s threats any more? This speech should give you lots of new intelligence resources to know who are the different threat actors, what are their motivations and techniques, what vulnerabilities are exploited by what threat actors, and some (maybe more or less unconventional) methods for prevention or detection of these threats. Most resources used are freely available, some need free registration and some are from personal work experience.
Better Breach Disclosure = Better Risk Management (Andrew Barratt)
The focus is to enable open discussion about what sort of information should be shared in relation to security breaches, how this could be shared and to solicit ideas from the community about how this could work in proactive for the information security industry. Many other industries are capable of sharing incident data, insurance companies can easily see how many car accidents there are every year and all the stats that relate to the root cause. The healthcare industry is capable of giving a n% chance of obtaining cancer, or certain deformities or other illnesses. This is all possible because professionals in those sectors are capable of sharing information that relates to the cause of the issue in the first instance.
The presenter will share personal experiences in relation to RISK in general and aim to show that the information security industry can work together to collate this data and extrapolate sensible values and likelihood data for risk management purposes.
Intelligence Gathering in a Changing Strategical Framework (Günter K. Weiße)
Based upon the recent decision made by the Government of the United States of America to shift their main political and military interests from Europe to the Pacific and the increasing significance of the Peoples Republic of China and their military and economical influence in this region,Europe must reconsider its military and economic vulnerabilities in light of multi – threats , posed by International Terrorism,International Organized Crime and Cyber Operations against Critical Infrastructures , military and other conflicts in the vicinity of Europa and their possible implications. Therefore,the gathering of Intelligence will be an imperative aspect of the future architecture of Intelligence and Security Agencies among the European States in times of shrinking military and civilian budgets.
- Present threats to Europe
- The actual status of Intelligence gathering within the States of the European Union
- Future developments of Intelligence structures and capabilities among selected States
Wargames in the Fifth Domain (DI Karin ‘kyrah’ Kosina)
Ms Kosina presents a critical look at the cyberwar debate (the result of her master thesis). “The United States is fighting a cyber-war today, and we are losing”, Mike McConnell, former US Director of National Intelligence, has claimed. Well, sir, I don’t think so. The term “cyberwar” is way over-used in the media. But if you look at the cyber incidents that we have seen from the perspective of the law of armed conflict, none of them qualifies as an act of war. Rather than focusing on military cyber defense (and offense), we need to work on a better civilian response to the (very real) IT security threats we are facing. The militarisation of the debate does nothing to address the actual problems, and creates a whole range of new problems instead.
Cybercrime – Who are the offenders? (Dr. Edith Huber)
During the past years typologies of crime and offenders have changed enormously as well as rapidly. State-of-the-art techniques increasingly find their way into criminal investigations. New types of criminal phenomena tend to substitute the well-known types of crime. Common crimes range from the classical online fraud to cyber terrorism. Online crime has come to be a million dollar business.
Within the frame of this paper three aspects will be examined by reference to a meta survey based on the whole german spekaing area. As first step the penologic options fighting online crime will be considered. Then the different types of crime will be illustrated as well as the consequences of their exposure. The objective is to depict offender profiles as precisely as possible.
Massive Storage (freed0 of Shadowserver.org)
Shadowserver has been collecting data in ever growing quantities over the last seven years. We have seen the growth of megabytes to terabytes of security related data and now are faced with having to store and analyze petabytes of data. This talk will lead you through the history of the different storage and growth methods we have suffered through up until today. We will review what is the most current for us and where we see storage going to in the future. We will offer specific technology suggestions and rules of thumb on deployment of that technology. Learn from our mistakes on what it took to plan to handle and plan for Petabytes of data and still get value and reports out of the data.
SexyDefense – maximizing the Home-Field Advantage (Iftach Ian Amit)
Offensive talks are easy, I know. But the goal of offensive security at the end of the day is to make us better defenders. And that’s hard. Usually after the pen-testers/auditors (or worst – red team) leaves, there’s a whole lot of mess of vulnerabilities, exposures, threats, risks and wounded egos. Now comes the money time – can you fix this so your security posture will actually be better the next time these guys come around?
This talk focuses mainly on what should be done (note – not what should be bought – you probably have most of what you need already in place and you just don’t know it yet). Methodically, defensively, decisively. Just like the red-team can play ball cross-court, so should you!
Next Generation Forensics Through Visualization (Ollie Whitehouse)
This presentation will demonstrate a new approach to typical disk based forensics. A new approach is demonstrated to an old problem of relationship identification, time lining, data mining of forensically acquired data and combining this data with other intelligence sources. Recx has developed new middle-ware between an existing forensics product used heavily by United States government departments and a leading open source intelligence tool. The presentation will first discuss the problems before showing the possible benefits of such visualization in large case and multi case situations.