Email administrators use DNS-based Block Lists (DNSBLs) to keep spam from inboxes. When email is delivered, DNS requests containing IP addresses of email senders’ is submitted to the DNSBL. The DNSBL server replies, indicating the IP address status in the block list, and based on this, decisions are made by the email admin about routing emails.
This presentation looks "behind the scenes" of SpamCop’s Block List (SCBL) showing the DNSBL admin’s perspective and insights gleaned from SpamCop queries. We’ll cover abnormal DNSBL SpamCop queries, bots spamming other bots, bots looking up themselves, use of the SCBL by non-mailservers and more.
Hackers probe your perimeter constantly, using automated tools to exploit the vulnerabilities they find. Yet enterprises, burdened with inflexible systems, outdated processes and limited resources, are forced to treat perimeter security as a monthly or quarterly project. This session will lay out a blueprint for creating a continuous security practice spanning the entire lifecycle, from discovering assets to prioritizing issues and mitigating exploits. In particular, it will demonstrate the use of Qualys’ new Continuous Monitoring cloud-based solution to perpetually audit your perimeter so you can baseline your environment, set appropriate rules, receive exception-based alerts and act quickly.
Business that didn’t care about DDoS two years ago are paying attention today. Barrett Lyon, a pioneer of DDoS mitigation, examines how the bad actors have forced the evolution of DDoS defense. He will show what DDoS defense looked like in the past, what it is today, how it is going to change and what that change will look like: a new DDoS architecture that includes advanced signaling and intelligent traffic management to unify on-premises defense and volumetric cloud mitigation.
As the market moves towards more flexible, intelligent and programmatic networks, Juniper is delivering network security solutions for service providers and enterprises cloud builders who need uncompromising performance and availability—and low tolerance for intrusions. In this session, you’ll learn about Juniper's dynamic, intelligent firewall solution, including the use of deception techniques to thwart miscreants in the reconnaissance phase of an attack.
There is a flood of big data in the infosec industry in the hopes that organizations can better recognise when attacks occur. How can organizations effectively use big data and lessons learned from the Verizon Data Breach Investigations Report to be better prepared for attack and reduce IT risk. This talk will examine the state of security data analysis by dissecting the publications and demonstrating how small data still has big things to teach us.
Typical organizations leave gaping holes in their security by relying on incomplete patch management programs and periodic scans for vulnerabilities on a monthly or even quarterly basis. They also have gaps in coverage with their malware defenses, event management and employee monitoring. Tenable’s CEO, Ron Gula, will describe how Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk and ensure compliance. Attendees will learn how enterprise vulnerability scanning, log analysis and network monitoring can address risk and threats from mobile, cloud, virtual and end user systems.
Attackers are constantly adapting their tools, techniques, and procedures as they seek to exploit new technologies and new vulnerabilities. This session takes an up-to-date look at the underbelly of cybercrime and current threat actors based on recent insight from RSA’s Research and Threat Intelligence teams: who are the latest targets, how are they perpetrating their attacks and how can you calibrate your defense strategies to incorporate up-to-date intelligence for more proactive defense.
With a porous perimeter, APTs like pass-the-hash, the use of contractors, ineffective firewalls/anti-malware/anti-virus software, and with the assumption of intruders already within your environment, we will discuss best practices to minimize persistent access by intruders. This session will explain how privileged identity management and privileged access management are used to minimize lateral motion in the environment, time limit the value of credentials, and control scope of access for authorized users with real reasons for access. Lieberman Software will discuss its solutions privilege management at this session.
Sophisticated cyber espionage and cyber crime have made security a board-level issue. This talk will review the latest approaches attackers are using to compromise organizations and, more importantly, what the most innovative security teams are doing to stay ahead. Drawing on data and anecdotes from hundreds of organizations, Mr. Merkel will outline how leading security teams have reorganized, re-architected and realigned their security strategies.
As analysts interpret and prioritize threats using intrusion detection systems, firewalls, and other boundary protection devices, they discover anomalous data that is often associated with external threats. This session looks through the eyes of a SOC Analyst to diagnose the anatomy of current breaches, including how adversaries successfully gain unauthorized access, infiltration techniques used, and how they maintain access to accomplish their objectives.
Lately, concerns regarding Pass-the-Hash and other credential theft and abuse techniques have risen, but there is little real-world data available on the threat exposure of networks. This session will demonstrate this exposure along with data collected from multiple real-world networks. See where hashes reside, what percentage of accounts threaten machines on the network, how many steps it typically takes an attacker to get from machine-to-machine and more. This statistical analysis will be of interest both for ethical hackers, in understanding the networks that they test, and security officers, in enabling them to better prioritize and focus their efforts.
Join us to hear a distinguished panel of industry experts discuss how smart data derived from human and machine intelligence, can protect intellectual property and reduce insider threats. This panel will discuss how practical applications of Actionable Risk Intelligence™ can transform today’s security practice. Relevant topics will include: context based anomaly detection, behavioral analytics, recognizing the identity as a threat surface, machine learning algorithms and how business-user engagement can revolutionize enterprise risk reduction.
Function inlining has been used as an obfuscation mechanism in malware to thwart reverse engineering. This makes the resulting function bodies larger and increases the time spent on analysis. This session presents a method to automatically identify inlined functions within the body of a function and an implementation of the method as an IDA plugin. Once inlined functions are identified within a function body, they can be replaced by function calls (either visually or through binary rewriting) to help accelerate analysis. An extension to the IDA graph viewer is demonstrated that allows viewing and interactive editing of equivalencies and compacting instances of inlined functions.
Several high-profile attacks based on malvertising in the past year have drawn some long-overdue scrutiny to the security risks posed by the wild world of web advertising. Security folks want to keep their users safe; IT folks don't want to break the Internet. Where do we draw the line? This talk will explore how malvertising attacks work, and discuss the pros and cons of drawing the line in different places.
If you want to swim with sharks, you better have the hardware to protect yourself.
The rapid adoption of Web services, cloud computing and mobility are eroding enterprise networks, placing its users in uncharted waters. The traditional approach to "swimming with sharks" is to place the user in a cage, which limits their freedom. Instead, what if we could cage every shark, so our users could swim unhindered?
This presentation will explore the architecture for secure mobility that can make any device secure by design, on any network when accessing any application.
This talk discusses how a tool to secure people can be turned against them, and the results of random people, leaking data about their computers, and themselves, harvested to build profiles and assumptions about who they are.. This is all done with publicly available enterprise security tools, just implemented in uncommon ways. PLEASE NOTE: This presentation contains unfiltered data and may be offensive in content and language.
): If stealing intellectual property is the goal, how do advanced attackers get there? It starts with exploiting vulnerable endpoints to gain an initial foothold on an enterprise network. Once the attacker controls the endpoint, they can deliver malware, control more and more of the network, and move through the “squishy center” of an organization towards their goal. This initial exploitation can happen in many ways – through spearphishing emails, drive-by downloads, and much more – but it will always end up on the endpoint itself.
Join Palo Alto Networks as we take you through a true-to-life “attacker versus endpoint” demo, and showcase live endpoint exploitation prevention with our groundbreaking next-generation endpoint solution.
We will demonstrate a tool that decrypts and examines encrypted traffic, such as SSH and RDP. For years, there has been a continuous push for environments to protect themselves with encryption. Consequently, even with the most prevalent and robust auditing solutions commonly used today, blind spots remain. Historically, the ability to replay sessions captured at the network layer, as well as examine encrypted data leaving the environment, has been limited. This presentation will cover not only how CryptoAuditor can capture sessions, but also deny specific channels, such as tunneling and SFTP, giving it the ability to act as an Advanced Firewall. Our demonstration showcases CryptoAuditor’s functionality as a stand-alone solution, but also its interoperability with other third-party systems, such as Data Loss Prevention (DLP) /Intrusion Detection Systems (IDS) / Antivrus (AV).