DeepINTEL 2013 – Preliminary Schedule
The preliminary schedule of the DeepINTEL conference is ready! We have selected the presentations carefully and tried to address in-depth threats to (y)our infrastructure and (y)our data. Here are the abstracts of the talks (in alphabetical order, according to the speakers name), that we are allowed to publish publicly:
- Compliance and Transparency of Cloud Features against Security Standards (Yury Chemerkin)
Nowadays cloud vendors provide a solid integration, virtualization and optimization in many fields (for example medical, business, and education) for online services. Such services operate with sensitive data which attracts attackers. There are quite different security controls and metrics for every Cloud service provider. It is generally known that several industrial organizations are focused on keeping an appropriate security level by offering solutions to improve the transparency of Cloud security controls among different vendors. Relying on best security practices and known standards is a way to attain a better state of protection. However such solutions are young and are not devoid of issues.
- Digital Energy Basic Persistent Threat (BPT) (Paul Coggin)
There are a great deal of conversations today regarding Advanced Persistent Threats (APT) and critical infrastructure networks for ICS/SCADA, smart grid and service provider networks. The basic persistent threat (BPT) issues are being ignored in many cases. How can the APT be mitigated when the BPT issues have not been resolved? Typically, the technical features and capabilities required to mitigate BPT issues are present in existing hardware and software on the network. Proper attention to information flows, trust relationships, integration and interdependencies are often not secured during a network architecture design and implementation. When the BPT issues are addressed an APT threat will find it more difficult to spread horizontally and vertically throughout a network. In this presentation common network BPT issues that are often discovered during security consulting engagements will be discussed. BPT network architecture mitigations including separation of services for control, management and data traffic as well as securing and monitoring trust relationships and interdependencies will be covered.
- What’s Context got to do with it? (Arron Finnon)
There can be little doubt the world of NIDS/NIPS is a jargon rich world. At the risk of falling into the category of hyping a word, what’s ‘context’ got do with detection? Is ‘context’ about to become the next big buzzword in the vendor fight for even more money from organisations? Does it even mean anything in today’s ever increasing onslaught against infrastructure? Will it just become another despised hyperbole? The answer to all three questions, is: probably! However many of us involved with looking after detection systems understand the importance on context. It’s not that we need more data, we need more meaning! We need better understanding of what happens before, during, and after strange and unusual behaviour happens on our networks. We need the ‘context’ of what and why an alert was triggered. The reality of it is we’re about to enter a world of vendors now selling ‘context’ products, when security professionals need the word the most! This talk looks at the importance of context in detection however from a neutral, and sometimes cynical standpoint. Quite simply the aim of the talk is to highlight that if we don’t understand the importance of getting better context detection, and we just let vendors use it as another sales pitch, then we all lose out. In addition it will be also discussed what organisations can do to obtain more meaning from the data they already have.
- Once a Target always a Target – collecting APT Intelligence to address the Security Gap (Avi Kravitz)
The game has changed. The greatest risk emanates decreasingly from opportunistic attackers. Determined adversaries target organizations with trained, high-skilled specialists, often with large financial budget and linked, opaque mafia-like structures aiming to steal your organization’s IP. Experience has shown that once an organization was breached by an APT in the past, they will be under recurring attack.
As there is no way to achieve 100% in security, there are two strategies for organizations to reduce the risk of becoming victim of APT. On the one hand, organizations have to raise the bar, so that attackers have to increase their effort to an extent where their goal becomes uneconomical. On the other hand a good and pro-active defense strategy is using the home field advantage: learn from past incidents, collect and analyze different APT-related intelligence information on a regular basis to get indicators of a compromise in time. It becomes crucial that organizations must build up or tune their CIRT capabilities and gather optimized intelligence information about their infrastructure in their SOC to pro-actively identify security breaches. Fast response times are essential in determining difference between a minor security incident and a major data breach with devastating business effects.
This talk will be focused on some key intelligence information gathered from corporate DNS servers, web traffic, several other host-based runtime information, VPN access points and next generation honey-pots, which helped our customers successfully identifying new breaches of their organizations.
- Commercial Threat Intelligence: The Good, the Bad and the Profitable (Wendy Nather)
In the past few years, security threat intelligence has become a market in its own right. However, the definition of “threat intelligence” varies widely, as do the sources, collection techniques, analysis methodologies, automation, pricing, and delivery. This talk is an overview of the commercial security threat intelligence landscape, its associated vendors, their products, and their business models. It includes behind-the-scenes intelligence on those same intelligence vendors.
- Psychological Profiling for Social Engineering Attacks (Stefan Schumacher)
Social engineering attacks exploit psychological behaviours and use tricks to make the victim do something for the attacker. The basic principles of these behaviours are extensively researched and well documented, for example by R. Cialdini: Influence Science and Practice. Social engineering attacks are easier and more successful if you scout the victim and his environment in the run and analyze his/her personality.
Based on this psychological profile, the attack can be better tailored or even custom-made. Therefore, the talk discusses several scientifically sound methods and tools to analyze the personality of the victim. Also some possibilities of organizational analysis are presented to analyse the closer environment. Finally, I will show which methods can be used electronically, for example in spear phishing.
- How Social Engineers Gather and Use Data (Valerie Thomas)
There are people who have the ability to bypass some of the most highly sophisticated security mechanisms in the world; awarding them access to control centers, safe houses, and sensitive data. How do they do it? They exploit the weakest area of the security program, the human. These people are known as social engineers. Social engineers have a unique view of data and its application. In this discussion social engineering is introduced, the information gathering process is explained, and there will be an illustration of how it’s used in real-life attacks.
Sounds interesting to you? The ticket sale for DeepINTEL is open. Please visit the online registration after you have contacted us for your pass code.