DeepSec Press Release: Analysis IT Security – DeepSec conference offers rich education for digital defence

Sanna/ November 2, 2022/ Conference, Press/ 0 comments

Defending one’s digital infrastructure has never been more important. The fundamental problem of many defensive structures is the lack of an overview. Penetration tests help little if you don’t know exactly how your systems are connected to the rest of the world. This year’s DeepSec security conference offers rich support and content to sustainably increase one’s own security. On board is our supporter, the company NVISO, focusing specially on companies and organisations in critical areas. Security landscape requires collaboration Modern information technology is based on complex and extensive architectures. How do you determine the state of your own security? Many companies are not familiar with the different approaches of testing methods. The term “penetration test” has already entered the minds of many, but what findings and facts are obtained during such tests is often

Read More

Press Release: Ransomware Attacks Are No Force Majeure

Sanna/ July 7, 2022/ Press/ 0 comments

DeepSec security conference reminds you of basic IT protection and secure system architecture. Malware attacks that encrypt data of victims seem to have increased recently. In fact, these ransomware attacks are only part of an evolution among the attackers. Attack software moves with the times. An important reason for the accumulation is the standstill in defense. This year’s DeepSec security conference offers exchange with experts and high-quality further training for protecting your own IT. Basic Misunderstandings Comparing the reports of incidents involving ransomware attacks, one might conclude that these are inevitable natural events. Of course, that’s not the case. If one sticks to the biological analogy of the virus, a favorable combination of prerequisites for the infestation of ransomware results. In the beginning, there is always a deception in the form of a fake

Read More

Murder Board Blog Series: Prequel

Sanna/ April 16, 2021/ Security, Stories

[This is the first part of a five-part article series describing analogies between the world of IT security and research in other fields. Analogies are often used to deflect and conceal missing arguments. Didactics uses analogies as a powerful tool to explore your own understanding and to help you use your knowledge from other fields. Please use the articles of the Murderboard series (our name for the five-part article) for educating IT-affine people about information security. It’s never bad to have allies who understand what to look for in time of trouble.] It was a warm summer day when I got a call from an acquaintance who wanted to hire me for data protection coaching with one of his clients. Besides crime writing, I also work in data protection, helping self-employed people and small

Read More

DeepSec 2017 Talk: OpenDXL In Active Response Scenarios – Tarmo Randel

Sanna/ November 15, 2017/ Conference

Automating response to cyber security incidents is the trend which is – considering increasing amount of incidents organizations handle and ever-increasing attack surface – already becoming mainstream. In this talk Tarmo explores the options of using OpenDXL in real life situation of mixed environments, legacy solutions and multiple vendors for connecting existing (and future) cyber security system components for coordinated information exchange and orchestrating incident response action. Tarmo is a researcher at NATO Cooperative Cyber Defence Center of Excellence, various research projects and developing for large scale cyber exercises. He’s also a developer at the Estonian eHealth Foundations, “Kickstarting” in-house development team. Tarmo’s creating supporting infrastructure, preparations and execution of plans for taking over selected external vendor development projects. He’s Head of Department at CERT-EE, Running Computer Emergency Response Team, Information security expert at CERT-EE,

Read More

DeepSec 2016 Talk: I Thought I Saw a |-|4><0.- Thomas Fischer

Sanna/ October 21, 2016/ Conference, Development, Security

Threat Hunting refers to proactively and iteratively searching through networks or datasets to detect and respond to advanced threats that evade traditional rule- or signature-based security solutions. “But what does this really mean?”, asks Thomas Fischer. “And what real impact does it have on the security team? Can we use threat hunting to provide a process to better detect and understand when you’ve been breached?” More and more security data is being produced and usually aggregated into a central location or body to hopefully take quick and informed decisions on attacks or compromises amongst a mountain of data. When you start to include data gathered from your endpoints the amount of data starts to explode exponentially. This level of data provides us with a large amount of visibility. But is having visibility enough? What

Read More