RSA 2017 is in full swing this week and there are a number of sessions that we are classifying as “must see”. We anticipate deception based detection technology to be covered both in formal meetings and information discussions during the conference. However, since our ThreatMatrix platform now addresses so many vertical markets (financial, healthcare, IoT, SCADA, retail and hospitality) as well as new problems around phishing, cloud security, ransomware, unified swift collaboration in cybersecurity incident response, and assistance through our partners that can help with threat hunting and remediation, we’ve included some of those. We’ve found some top talks for you but before you begin
By Dr. Edward G. Amoroso, Former SVP and CSO of AT&T; Current CEO of TAG Cyber, LLC.
Imagine this: You are an evil cyber intruder, part of a criminal group targeting enterprise businesses for customer medical and financial records. Your goal is to quietly steal without getting caught. During surveillance, you notice that your victim’s system administrators have made bad decisions, leaving unnecessary ports open, and advertising to the Internet many unnecessary services – some apparently by default. You exploit these weaknesses to initiate a northbound break-in. This is followed by simple lateral traversal inside the firewall, also exploiting bad administrative decisions such as weak access settings on SharePoint sites. And finally, after you’ve found the sensitive files you wanted, you easily exfiltrate the data through wide-open outbound Internet access. The offense wins this battle.
The scary part is that 783 breaches only represent what was reported. Undoubtedly many more incidents occurred but were never publically disclosed. Whether you count the disclosed or undisclosed number, it would be hard to argue the fact that cyber-attacks are growing in frequency and are getting increasingly more complex. Current security solutions are proving ineffective, and breaches continue to be a deadly threat to enterprises where valuable data can be compromised, often generating millions of dollars for the attackers.