91% of attacks start with an email* and the "human firewall" is flawed—users make mistakes and IT is held responsible.
Join this presentation to learn exactly how people in your organization are targeted by cyber criminals, hackers and even state-sponsored threat actors; and learn how email is at the heart of this new threat. Come see a live example of tools attackers leverage to expose your organization with a combination of technology, psychology, and the simplest of methods to "Hack a Human."
Threat hunting is evolving. Many organizations still carry out threat hunting in an adhoc manner without a defined and repeatable process. Yet some organizations are now looking at new machine learning driven approaches to accelerate their maturity and success. This session will review the current approaches to threat hunting and explain how Splunk can support & accelerate your threat hunting maturity.
You will learn:
· The current spectrum of approaches to threat hunting
· How Splunk Enterprise Security (ES) can help optimise your approach to effective threat hunting
· How Splunk User Behavioral Analytics (UBA) provides advanced capabilities for anomaly based threat hunting
Threat hunting describes a more proactive approach to threat intelligence analysis and identifying business risks. The threat analyst must be unburdened from the task of having to identify which threat intelligence indicators of compromise (IOCs) are relevant. Anomali's threat intelligence platform will automatically read your company's log data as it's being written to your SIEM looking for potential IOCs. Those identified are fed back to the SIEM supporting existing investigation workflows. The advantages are an intelligence driven SOC, scale to support retrospective analysis of a year's worth of data, and a focus on the threat intelligence that's relevant to your organization.
Traditional enterprise security measures are clearly no match for advanced adversaries who are routinely exploiting vulnerabilities that remain undetected by vulnerability assessments and penetration testing teams.
To beat a hacker, you have to think like a hacker – to protect your enterprise, you need to do more than just think like one, you have to ignite hundreds of the world's best ethical hackers into rapid action. Here, we will discuss how Synack's crowdsourced, hacker-powered security testing solution is helping enterprises diminish cyber risk by identifying and mitigating critical vulnerabilities – before criminal hackers get in first and permanent damage is done.
Development teams are moving faster and more iteratively to deliver software functionality to market. They have adopted methodologies such as Agile and DevOps. In order to not slow down time to market, application security needs to fit into the software development pipeline and become highly automated. This presentation will cover the challenges and contain solutions so that security can be integrate with DevOps to become DevSecOps.
At Black Hat Europe, attendees will hear from speakers who have discovered vulnerabilities in applications, hardware, networks, mobile, and IoT devices, just to name a few. But how does an attacker choose the right vector to use for a particular target? In this panel discussion, security researchers offer some insight on when to use some of the newest approaches to online attack, and when to stick with the tried and true.
Overview of the challenges that Endpoint security solutions have to solve when faced with chaotic threat models.
With an ever changing threat and computing landscape, modern security teams must bring together the people, process and technology to enable Threat Hunting.
Detect and Alert strategies need to be revamped to shift from reactive forms of incident response to proactive threat hunting.
Join Rick McElroy Security Strategist for Carbon Black as you learn how to enable your hunt.
EIT Digital promotes business opportunities by bringing to market trustworthy and transparent innovative ICT technologies bridging the privacy and security gaps between available techniques and practice and leveraging the recognized expertise and creativity of European players. Selected innovation projects in the areas of privacy protection, cyber security, and federated ID management will be highlighted. Cyber security solutions for the European Trusted Cloud for storing digital data and contents and the related ecosystem will be described. In particular, EIT Digital partner Communication Valley Reply will present its solutions for security monitoring in public IaaS environments, addressing the Trusted Cloud security challenges.
In this talk we will uncover the inner workings of a ransomware-as-a-service franchise. As a test case, we will delve into one of the most sophisticated and widespread ransomware today: Cerber. Recently we have been able to trace and follow Cerber's entire operation, from its business model to its money flow and even break its encryption. We will demonstrate Cerber's activity and technical capabilities, and explain how we managed to dissemble its entire operation. We will offer the insights we gained by analyzing Cerber, and suggest solutions which can allow us to stop such ransomware-as-a-service operations.
Are you informed about potential malware attacks that are under preparation or an ongoing attack aimed specifically against your organization? By knowing more about these security risks, it makes it possible to actively prevent potential damages or at least to implement the necessary measures to mitigate them. The Intelligence Reports help in recognising the security threats and provide information about malware and its configurations, which is actually used or would be utilised in attacks against specific organizations or their customers (e.g. targeted threats). At the presentation you will hear about the intelligence and information on targeted malware within your reach.
The demand for IT security professionals has never been greater than it is today. How can today's security pro take advantage of this unprecedented opportunity? In this panel, top security recruiters and hiring professionals will discuss the current hiring environment and the opportunities for security pros to improve their status, salaries, and prospects for new positions. The experts will discuss training and certification requirements, the demand for specific security skills, and methods to find a new job or move ahead in your current company.
So, you've two and a half thousand printers on you network, or so you think, and you've managed to change the default administrator password and lock down a few more device configuration parameters. That's a start, but do you really know what your cyber-risk is? HP will give you a few pointers in how to build an integrated security roadmap for the printers on your network.
An intrusion doesn't equal a breach and the risk associated with loss of reputation, customer data and business interruption hinges on your ability to detect, prioritize and neutralize cyber threats in real time.
We will walk you through how to benchmark your organization using our clearly defined Security Intelligence Maturity Model and assess your current capability to detect, react and respond to intrusions before they become breaches. Gather a clear understanding of how you can move your organization closer to nation state protection by introducing Next-Gen SIEM security analytics and automated response.
Amid frequent headlines of cyber breaches, how do you protect your organisation from external malicious threats or insider risks from within your organisation?
Bob Anderson (ex-FBI) explains how to address the risks through an intelligence-led approach:
• Cyber security should not be judged in terms of sums invested, as software alone isn't sufficient to defend against malicious threats
• External hackers may cooperate with employees inside your organisation
• Build up a picture of the threats you face drawing on information deep inside the Dark Web
• In the event of a breach, speed of response is critical to limiting the consequences for your organisation
This talk highlights the biggest changes and challenges in web vulnerabilities over the past decade and provides the most accurate picture of website security as it stands today.
• Analyse this year's trends in web vulnerabilities, their overall prevalence and how effective organisations are at fixing them, broken down by class and industry.
• Learn which technologies, frameworks, and so-called "best practices" are actually (statistically) the most and least vulnerable.
• Understand how to apply this knowledge to your own organisation and what methods of scaling security inside your own enterprise will work best.
Indicators of Compromise (IOCs) are forensic artifacts that are used to identify compromised and infected systems. In this talk we introduce an automated system we developed that extracts IOCs from a high-interaction honeypot and validates them by means of machine learning algorithms. Machine learning helps reducing the number of false positives and overcoming the limitations of traditional scanners used to detected, for example, compromised URLs (e.g. static code analyzers). In fact, while not all compromises are necessarily harmful for a user (e.g. affiliate program campaigns), it is important to detect those cases and inform a
user that certain resources cannot be trusted. Also in the case of more traditional drive-by-downloads, IOCs allow for a preventive detection and correlation of infection, even before they get blocked by traditional scanners. Our experiments show that our system helps in detecting compromises that remain under the radar of existing detection techniques for months, and finally in improving early detection.
There are many attack vectors by which a hacker can gain access to a computer's network to exploit system's vulnerabilities – drive by downloads, social engineering and exploits to name but a few. Attend this presentation to see these threat vectors in action in particular around malvertising and Ransomware and to see how Malwarebytes adds value at each layer of the attack chain.
Finding vulnerabilities, compliance exceptions or web application risks in any organization is easy; making them go away is a much more difficult task. While the theoretical 'Fix-It' button may be stuck in the up position, we will share real experiences of how to lubricate the workflow of risk mitigation with the people, process and technology conundrum; sharing examples of how Qualys' AssetView and ThreatPROTECT services can further simplify processes to achieve success.
Understanding the key components necessary to build a successful threat hunting program starts with visibility, the appropriate tools and automation. Skilled, experienced analysts, engineers and incident responders with analytical minds who can apply concepts and approaches to a variety of different tool sets are also instrumental to the process. Join Raytheon Foreground Security as we describe and discuss some of the most common challenges, recommended best practices, and focus areas for achieving an effective threat hunting capability based on lessons learned over the past 15 years.
Ransomware is rampant. It's the #1 choice of malware for cyber criminals to make easy money and it's constantly evolving often using aggressive and persuasive language pushing the victim to pay up, using underhand techniques to extort payment quicker and with cunning social engineering techniques that prey on human weaknesses; delivery mechanisms often flit between malspam campaigns and exploits mostly served by Exploit Kits (EKs) with little discrimination however, recently, some campaigns have shown more interest in enterprise networks or other specific targets knowing they can tailor ransom demands based on the data they encrypt, the data's location or even the data's owner.
From a historical perspective, there are very few examples of sieges that did not eventually succeed. It might have taken decades and tremendous resources, but the perseverant besieger eventually won.
Cyber security is no different. Security prevention alone is no longer enough and if we want to avoid the high-profile breaches of late, then additional solutions are needed. Combining security prevention with security detection solutions, it is possible to build a security architecture that detects anomalous behavior and reacts immediately. But, most importantly, it can provide the vital evidence to understand what happened when the dreaded breach occurs.
Machine learning is a discipline which can be used for a wide variety of topics in security. As an example, machine learning will be applied in order to approach the problem of determining the size of an XOR key. In addition, machine learning will be used to optimize the process of searching for the XOR key used to encrypt the data. This will act as a quick example of how to apply machine learning to problems in security.
A Leidos cybersecurity expert shares practical, real-world experience on tackling the myths encountered while working with Fortune 500 organisations to build a comprehensive cyber defense. The presentation will uncover the truths which debunked these myths and attendees will leave with a clear direction on how to apply lessons learned from the anecdotes shared.
What keeps security professionals awake at night? What are their plans for 2017, and what are their top challenges? These are some of the questions that will be answered in this panel discussion, which features newly-published data from the 2016 Black Hat Attendee Survey and the 2016 Dark Reading Strategic Security Survey. Dark Reading editors will join industry experts to discuss the attitudes and plans of IT security professionals, as well as some of the reasons why IT security initiatives fail. Attendees will get the latest insight on issues such as IT security budgets, staffing, and threat perceptions.
With the advent of organized cybercrime, malware authors are constantly looking for new strategies to defeat AV solutions. The increase in adoption of polymorphism, code obfuscation and packing, as well as the rise in sophistication of drive-by-downloads and C&C server communications, has made traditional AV industry's technologies less effective. In this talk, we propose a new system based on machine learning for real-time detection of new malware downloads, including files and URLs from which these files originated from. Our system uses a combination of system- and network-level information collected at endpoint to build a tripartite graph and to implement a graph-based machine-learning classifier. The content-agnostic approach and statistical-based classifier overcomes the limitation of existing solutions like static and dynamic code analysis, and allows fast and real-time identification on new threats.
Cybercrime has become big business. Today's attackers can hire out botnets, buy rootkits, and bring in specialists to write new malware - all for a price. In this fascinating panel session, experts discuss how an adversary can acquire the tools, services, and skills needed to attack your enterprise - and how you can use that knowledge to help improve your defenses.
Detected breaches are often classified as either "targeted" or "untargeted". This quick classification of a breach as "untargeted", and the following de-prioritization for remediation, often misses a re-classification and upgrade process several attack groups have been conducting.
As part of this process, assets compromised as part of broad, untargeted "commodity" malware campaigns are re-classified based on the organizational network they're part of to determine their value in the market. The higher value ones are upgraded and taken out of the "commodity" campaign to prepare them for a sale, for buyers planning a targeted attack.
This session will cover the analysis of endpoint and network data captured during these re-classification operations, demonstrating the techniques used by attack groups as they migrate compromised endpoints from the "commodity" threat platform to the valuable-target's platform.