Abuse Operations is detection of and response to unwanted activity when everything is working "as designed". Classical security is interested in prevention, governance, and compliance, while abuse operations look at the wider picture of misuse, abuse, malice and crime. At any moment in time, multiple actors are bypassing detection and response systems masquerading as customers in order to take unfair advantage of your systems and services. Different from the full compromise scenarios we know and love, abuse is a slow simmering burn, where our customers can become a problem, and worse, your problem.
We will present how the Abuse Operations team uses collections of indicators to identify and track adversaries on one of the largest pure-play, remote-code-execution-as-as service platforms on the Internet: Heroku. We can detect when they change tactics, we can spot the number of people involved, and we can misdirect them to the point that they become even easier to track!
During our Black Hat webcast, we discussed the desire for a wider conversation about abuse across the Internet. We're interested to share more and learn from others that have similar challenges. Please join us on October 1st to have this conversation.
Spencer Cureton has a background in electrical engineering and started his career working in industrial control systems, providing services from support to live plant migrations. He managed to get into information security in 2016 and enjoys life as an Internet Mall Cop working on the Abuse Operations team at Heroku.
Allan Stojanovic has survived IT for over 25 years. He has worked in nearly every vertical doing may different roles, mostly in the Information Security field. A jack of all trades, he tries to know a little bit about everything, and is a self-proclaimed expert at nothing.
Lori Smith is part of the global product marketing team at Trend Micro. These days, Lori lives and breathes Trend Micro XDR, and is excited by her small part in helping to build an understanding and market momentum for extended detection and response. Boggled by the talents and expectations of security analysts, Lori has become a champion for trying to make their lives easier with tools that can solve their most pressing challenges. In those moments when Lori's not talking shop, she enjoys travel, starting (but maybe not finishing) home projects, and a good competitive game night! Reach out to Lori Smith at lori_smith@trendmicro.com