DeepSec Press Release: Analysis IT Security – DeepSec conference offers rich education for digital defence
Defending one’s digital infrastructure has never been more important. The fundamental problem of many defensive structures is the lack of an overview. Penetration tests help little if you don’t know exactly how your systems are connected to the rest of the world. This year’s DeepSec security conference offers rich support and content to sustainably increase one’s own security. On board is our supporter, the company NVISO, focusing specially on companies and organisations in critical areas.
Security landscape requires collaboration
Modern information technology is based on complex and extensive architectures. How do you determine the state of your own security? Many companies are not familiar with the different approaches of testing methods. The term “penetration test” has already entered the minds of many, but what findings and facts are obtained during such tests is often not the appropriate information for the right defence. Before one can sensibly start simulating attacks, a survey of the implemented measures is necessary. For this, experts have to evaluate them. For the actual tests, one enters the world of simulation games. A security test must have a defined goal, which must be aligned with the tasks of the company. Attackers pursue a very specific intention, which should be covered by the test. So you have to plan a goal or a scenario, and then check exactly the relevant processes for their security.
For the implementation, there is a framework in Europe for the so-called Threat Intelligence-Based Ethical Red Teaming (TIBER-EU). It was designed based on requirements in the financial system so that penetration tests do not miss the threats. The target group is primarily banks, insurance companies, financial market infrastructures and all companies that provide services in these areas. TIBER-EU thus sets clear guidelines that can be used in all checks. With its Adversarial Risk Emulation and Simulation (ARES) platform, NVISO offers important support for all those who are not sure whether their own company’s information technology can withstand attacks. With ARES, customised audits are possible that can simulate realistic attacks and test the response to them.
Recognising domino effects in time
The term “kill chain” comes from the military and describes the procedure to eliminate a threat. Specifically, it is a sequence of actions that attack linked dependencies of the target. It exists in the digital domain as well. Structurally the “cyber kill chain” is composed of the phases of reconnaissance, choice of means, the attack itself, the creation of a beachhead and the actual takeover of systems. The “hacker attack”, which is often cited without comment, comprises a multitude of activities and actions that only develop their effect when combined. The advantage in defence is that it is possible to intervene in all phases of the attack. In order for this to succeed, one must, in turn, concern oneself with building up one’s own infrastructure and processes. ARES, among other things, also offers suitable procedures for this, which make the potential attack surface transparent. This is an important step for a successful defence against threats. Ultimately, every company has individual building blocks that can be lined up to form a series of dominoes. The question of the consequences if one component falls over must be answered by every management before disaster strikes.
Key information in lectures and trainings
The DeepSec conference, which takes place annually in Vienna, was founded in 2007 and focuses on a mixture of lectures on attack and defence. Only those who know both sides can effectively counter threats. This requires an exchange of experience and expertise. The current programme includes topics such as risks for software development tools, attacks on communication systems of vehicles, unsecured transmission of health data via mobile radio, securing programming interfaces or dangers for communication with satellites in earth’s orbit. The presentations are an important point for knowledge exchange, as all experts are available for answers before and after their presentations. This also includes the staff of our partner, NVISO.
Also in the programme are several two-day training sessions that have immediate benefits for your own defence. Attacks against modern desktop systems are presented, which can be effective in all work areas. Furthermore, one can book a training on securing complex web applications, which highlights all layers of an application. In addition, two video courses are available as a supplement to this workshop, which can be consumed online at any time. The topic of software development is also examined in another training course. It deals with the current state of secure coding and how to check one’s own development process in this respect. The contents can apply to any programming language.
A major topic is the recognition and detection of attacks in networks. No attack can take place without communication. Traces on data storage devices can be covered, but often the network component remains because malware reacts to external commands. Michael Meixner, forensics expert, explains how to secure and correctly interpret traces in the network. Different operating systems and the systematic procedure in case of incidents (keyword Incident Response) will be dealt with. There will also be suggestions for defending one’s own systems, for example, how an Active Directory system can be concretely secured against attacks.
Expertise is not in short supply if you take the time to consume it at forums like the DeepSec conference.
Programmes and booking
The DeepSec 2022 conference days are on 17 and 18 November. The DeepSec trainings will take place on the two preceding days, 15 and 16 November. All trainings (with announced exceptions) and presentations are intended to be face-to-face events, but may be partially or fully virtual due to future COVID-19 measures. For registered participants there will be a stream of the lectures on our internet platform.
The DeepINTEL Security Intelligence Conference will take place on 16 November. As this is a closed event, we ask for direct enquiries about the programme to our contact addresses. We will provide strong end-to-end encryption for communication: https://deepsec.net/contact.html.
Tickets for the DeepSec conference and trainings can be ordered online at any time via the link https://deepsec.net/register.html. Discount codes from sponsors are available. If you are interested, please contact us at deepsec@deepsec.net. Please note that we depend on timely ticket orders because of planning security.