Threat Hunting Intelligently

Although times are unprecedented, for threat actors, it is business as usual. Even as times change, good threat intelligence will always be a bedrock of cybersecurity. Join Senior Security Research Consultant and Secureworks’ Threat Hunting lead Ryan Cobb, as he shares what’s on the threat horizon and how the Secureworks team is there to keep […]

Read more

A Savvy Approach to Leveraging MITRE ATT&CK

MITRE ATT&CK has shifted the balance of power from attackers to defenders. For the past few years, defenders have been increasing their security tooling and are detecting more adversarial techniques than ever before. Detecting events in your environment is only the first step. Going forward the focus isn’t going to be on if you detect […]

Read more

PKI Well Revised: Common Mistakes Which Lead to Huge Compromise of Identity

All technologies and systems currently use cryptography and most use certificates at some point. Since their boom, internal PKI systems have not changed a lot nor have the problems that we observe during almost all pentests. It’s time to revise your knowledge about one of the cornerstones of enterprise security and learn a few tricks […]

Read more

An Introduction to Automotive Security in 2020

As cars continue to become more connected and autonomous, the security of these systems grows in importance. We’re now a decade away from the first public research on automotive security, and since then the challenges of securing these vehicles has increased due to new features. connectivity, and automation. In this talk, we’ll provide an introduction […]

Read more

Escaping Virtualized Containers

Containers offer speed, performance, and portability, but do they actually contain? While they try their best, the shared kernel is a disturbing attack surface: a mere kernel vulnerability may allow containerized processes to escape and compromise the host. This issue prompted a new wave of sandboxing tools that use either unikernels, lightweight VMs or userspace-kernels […]

Read more

Practical Defenses Against Adversarial Machine Learning

Adversarial machine learning has hit the spotlight as a topic relevant to practically-minded security teams, but noise and hype have diluted the discourse to gradient-based comparisons of blueberry muffins and chihuahuas. This fails to reflect the attack landscape, making it difficult to adequately assess the risks. More concerning still, recommendations for mitigations are similarly lacking […]

Read more

Identifying and Defending the Perimeter With Attack Surface Management

The need to operate online has driven businesses toward a digital transformation with cloud adoption at its core. The pace of this transformation sped up drastically as COVID-19 dispersed entire workforces and business operations around the world. In a matter of days, operating a business with an entirely “at home” workforce became the norm. And […]

Read more

Using Threat Metrics for Better Information Security Program Efficacy – Leveraging MITRE ATT&CK

Information Security leaders face a problem: to prove the value equation of their security investments. Security efficacy is often brought up as a key challenge – not just how to leverage technology, but how to measure what results it delivers. Enumerating how many detections were surfaced by a malware defense platform or if a perimeter […]

Read more

Security Transformed

Preceding the outbreak of COVID-19 was a trend across industries to transform the traditional IT stack into a new form of computing, one that was focused on enabling agility and innovation while also delivering cost reduction. This shift sought to leverage public cloud and cloud-like development methods as well as infrastructure design. The effort to […]

Read more

How to Automate Security Validation and Reduce Enterprise Security Risk

Cybersecurity software has evolved by leaps and bounds in the past decade. However, one domain was neglected and has fallen behind – security validation. Today, the measurement of a network’s cyber posture is done in a manual, non-scalable way, through costly 3rd-party pentesting service providers. As a result, a huge gap has been created between […]

Read more

Lateral Movement and Privilege Escalation in GCP; Compromise any Organization without Dropping an Implant

Google Cloud’s security model in many ways is quite different from AWS. Spark jobs, Cloud Functions, Jupyter Notebooks, and more default to having administrative capabilities over cloud API’s. Instead of defaulting to no capabilities, permissions are granted to default identities. One default permission these identities have is called actAs, which allows a service by default […]

Read more

Demystifying Modern Windows Rootkits

This talk will demystify the process of writing a rootkit, moving past theory and instead walking the audience through the process of going from a driver that says “”Hello World”” to a driver that abuses never-before-seen hooking methods to control the user-mode network stack. Analysis includes common patterns seen in malware and the drawbacks that […]

Read more

Defending Containers Like a Ninja: A Walk through the Advanced Security Features of Docker & Kubernetes

Today, with a few commands anyone can have containers running on their machine; at this point, they seem to be neither complex nor complicated to secure. However, the story dramatically changes when the ecosystem grows exponentially and now we have thousands of nodes that fulfill different roles, with different resources, running different applications, in different […]

Read more

Policy Implications of Faulty Cyber Risk Models and How to Fix Them

Bad security data leads to bad security policies; better data enables better policies. That, in a nutshell, is the thesis of this talk. To back that up, we’ll share a FUD-free and data-driven analysis of the frequency and economic costs of tens of thousands of historical cyber incidents, with a special focus on events that […]

Read more

The Paramedic’s Guide to Surviving Cybersecurity

The security world is fraught with cases of mental health issues, burnout, substance abuse, and even suicide. We live in a world of threats and responses that trigger the deepest parts of our psyche; with the barriers between “”online”” and the physical world constantly crumbling. While some deal in theory, many of us deal with […]

Read more

My Cloud is APT’s Cloud: Investigating and Defending Office 365

As organizations increase their adoption of cloud services, we see attackers following them to the cloud. Microsoft Office 365 is becoming the most common email platform in enterprises across the world and it is also becoming an increasingly interesting target for threat actors. Office 365 encompasses not only Exchange, but also Teams, SharePoint, OneDrive, and […]

Read more

Detecting Access Token Manipulation

Windows access token manipulation attacks are well known and abused from an offensive perspective, but rely on an extensive body of arcane Windows security internals: logon sessions, access tokens, UAC, and network authentication protocols, such as Kerberos and NTLM, to name a few. Furthermore, some of this information is not easily found and can be […]

Read more

Lamphone: Real-Time Passive Reconstruction of Speech Using Light Emitted from Lamps

Recent studies have suggested various side-channel attacks for eavesdropping sound by analyzing the side effects of sound waves on nearby objects (e.g., a bag of chips and window) and devices (e.g., motion sensors). These methods pose a great threat to privacy, however they are limited in one of the following ways: they (1) cannot be […]

Read more

Intelligent Network Security: A Paradigm Shift in Cybersecurity!

Cyberattacks are ever-evolving, increasingly using automation to morph and elude detection. Add to this an ever-expanding attack surface, the rapid growth of both cloud adoption and remote users, and a flood of new, hard-to-secure IoT devices. Clearly, the enterprise threat landscape has never been more challenging. Traditional manual and reactive security approaches are simply over-matched. […]

Read more

Level Up Your SOC: Meet CyBot, Our Open Source Threat Intel Chat Bot

Threat intelligence chat bots are useful friends. They perform research for you and can even be note takers or central aggregators of information. However, it seems like most organizations want to design their own bot in isolation and keep it internal. To counter this trend, our goal was to create a repeatable process using an […]

Read more

A Decade After Stuxnet’s Printer Vulnerability: Printing Is Still the Stairway to Heaven

In 2010, Stuxnet, the most powerful malware in the world revealed itself, causing physical damage to Iranian nuclear enrichment centrifuges. To reach Iran’s centrifuges, it exploited a vulnerability in the Windows Print Spooler service to gain code execution as NT AUTHORITY\SYSTEM. Due to the hype around this critical vulnerability, we (and probably everyone else) were […]

Read more

Mitigate Organizational Risk With Integrated Cyber Resilience

Threats have changed over the years and so have the targets. It’s not just your perimeter that is at risk, it’s your customers, your supply chain, your employees and your business reputation that could be easily tarnished with just one breach. In this session, we’ll discuss how and why you should consider an integrated approach […]

Read more

From Security Operations to COVID-19: Security AI State of the Nation, 2020

Many businesses are at a disadvantage when it comes to combating the bad guys. In cybersecurity today, there are too many threats, complex tools, and false positives– not to mention the lack of experienced security professionals – to defend your whole enterprise properly. Fortunately, technologies such as AI and analytics are here to help. However, […]

Read more

Dissecting Pandemic-Themed Malware and Threat Tactics

Threat actors have always played the game of emotions. Fear is the emotion they are using right now to lure users to click on an email or manipulate them to install an application. In the last four months, cyber criminals have used fear as their main weapon to compromise users by using pandemic-related themes to […]

Read more

Measuring Risk in 2020 – The Enterprise of Things Security Report

While cybersecurity teams work to address operational and functional gaps, cybercriminals develop attacks targeting the top areas of risk for a company. Using the Forescout Device Cloud, the world’s largest repository of connected device data, Forescout Research Labs analyzed the risk posture of more than 8 million devices to uncover detailed information about the greatest […]

Read more

Trends in IOT/OT/mIOT

Non-traditional operating systems are driving even more complexity to the security landscape. Whether it’s an IPCamera at a parking lot, a sensor on a conveyer belt or a control system kickstarting a nuclear reactor, these facilities need to be recognized by security. Defining and discovering these assets sets a new perimeter…utilizing their data safely is […]

Read more

From 30% to 100% Remote: How Okta’s Technology Teams Led the Rapid Shift to an Entirely Remote Workforce

Okta has been supporting a remote workforce for years, but like many organizations we were not expecting a rapid shift to 100% remote work. Fortunately, our IT leaders had the secret sauce for a relatively seamless transition: a 100% cloud-based architecture. This session, featuring Okta’s IT leadership, will cover how Okta’s cloud-first IT strategy and […]

Read more

Evolving Your Security Culture

2020 has seen a significant shift in how businesses abruptly implemented remote working. With the massive surge of “Work From Anywhere” (WFA) and the information security challenges that came with it, there is a strong push to improve and modernize the security culture of organizations of all sizes, without compromising on collaboration and productivity. Join […]

Read more

How an XDR Approach Helps Speed Response & Improve MITRE ATT&CK Coverage

XDR is an emerging industry approach that extends EDR’s insight to a broad range of sources (endpoint, servers, network, email, and more). Join Trend Micro Sales Engineer, Peter Cresswell, to learn how the XDR approach takes advantage of detailed activity telemetry (not just alerts) from its sources, enabling more meaningful correlation and enabling rapid detection […]

Read more

SASE Success Behind-The-Scenes

SASE converges network, web, data, and cloud app connectivity and security, but implementing a true SASE architecture is a daunting task and there is no one-size-fits-all approach. Join Forcepoint Global CTO Nicolas Fischbach for insights on Forcepoint’s approach to delivering the industry’s first true data-centric SASE as well as providing steps for a practical approach […]

Read more

The Impact of Digital Transformation in the Face of Today’s Threats

Digital Transformation and the rapid need for supporting remote workers for digital business processes took every industry by storm. This change has presented new risks, unlike what companies have seen before, and has created the greatest loss of visibility for security, auditing, and quality control professionals since the emergence of the Internet. As companies continue […]

Read more

The Hunt is On!

“I do have are a very particular set of skills, skills I have acquired over a very long career. Skills that make me a nightmare for people like you.” – Bryan Mills (Taken) Wouldn’t it be nice if we all had the skills required to send that message to cybercrime actors? Wouldn’t it be nice […]

Read more

Building a Threat Intelligence Team From Scratch on a Budget

Budgets are tighter than ever during the COVID-19 pandemic and threat actors have only increased their malicious activity. This makes it difficult to start a new threat intelligence program, but it doesn’t have to be this way. In this talk we will teach you how to start a threat intelligence team from scratch using repurposed […]

Read more

Using Automation to Secure Your Remote Workforce

COVID-19 has already profoundly changed the way many of us work in security operations—including the necessary acceptance of BYOD (Bring Your Own Device). These devices make a tempting target for cybercriminals, and organizations are scrambling to beef up their perimeters. Learn the various solutions CIOs and CISOs are adopting to help address securing their remote […]

Read more

The Need for Speed: Collaborative Strategies for Accelerating Security Outcomes

While advances continue to be made in InfoSec practices and tools, attackers still seem to outpace defenders. Why? There is a plethora of industry knowledge about what should go into a mature security program, yet organizations still seem to struggle with how to go about building and evolving theirs in ways that provide real, tangible […]

Read more

Sophistication Advancements in Ransomware

Cyber attacks and specifically Ransomware continue to evolve and change the way the world does business. Over the last several years, actors performing ransomware attacks have increased their capabilities and sophistication which has resulted in more refined targeting, but also additional revenue generation. Josh will share some the most recent Canadian and Global attacks, as […]

Read more

Priority Intelligence Requirements (PIR) Are Not Just for Threat Intel Analysts

The Intelligence discipline has defined processes, analytical techniques, and procedures, but they are not only for Intel teams. The analytical techniques that have been cultivated, refined, and tested within the Intelligence cycle have been used for operational use to make teams more successful since they are adaptable. For example, Priority Intelligence Requirements (PIRs), are long […]

Read more

Talking to the Board About the New Realities of IT Security

With the sudden shift of the global workforce from in-office to remote, IT teams quickly transformed their operations to accommodate the new realities of business — including large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services. While these examples of agility allowed business to continue, they also greatly […]

Read more

A New Security Reality: Data IS the Perimeter

We all know that the operating paradigm in which business is conducted changes on almost a daily basis, yet the way we defend the sensitive data within our business has remained static for nearly 3 decades. Perimeter security is not sufficient, and that’s why we have embraced the concept of Securing the Breach by protecting […]

Read more

NETSCOUT Threat Intelligence Report – H1 2020

Today’s attackers have abandoned the equivalent of sledgehammers for a quiver of custom arrows as they increasingly conduct extensive reconnaissance and choose weapons specifically tailored to exploit the defensive weaknesses they discover. Even worse, they have an ever-growing range of new or increasingly used vectors from which to choose. During this session, you will learn […]

Read more

Could Your Business Survive a Ransomware Attack?

Ransomware has been in the wild since 1983 but saw a steep rise with the advent of WannaCry in 2017 and is showing no signs of slowing down. In fact, we are seeing more breaches than ever before using this attack. It is important for everyone to understand how it works and how to avoid […]

Read more

Knowing Is Half the battle: Shared Responsibility and Secure Configuration in the Cloud

In this session, we will dive into the shared responsibility model that exists within the world of cloud service providers (CSPs). While the service providers take over much of the responsibility traditionally owned by IT teams, they also introduce new responsibilities that may create blind spots. We’ll look at how the CIS Benchmarks for CSPs […]

Read more

A Hackers Dream: Unmanaged Privileges

In times of crisis, good security practices are often the first thing to go. Organizations are being forced to revisit their “temporary” remote working policies and tools. An expanding remote workforce can increase your security risk, especially if your IT and Support employees use non-secure remote access tools as temporary measures. Are temporary remote access […]

Read more

Cyber Threat Intelligence and Today’s Complicated Cyber Security Environments

Threats to your organization can be overwhelming. Your Threat Intelligence shouldn’t be. Today, there is a huge and growing need for the simplification of threat intelligence. Security environments are already over-complicated and getting worse. In this session, you’ll learn how up-to-the-minute, relevant data can help you manage the risks associated with IT security threats, within […]

Read more

Don’t Be Afraid to Upgrade: Lessons of Speed and Security From High Performance Open Source Development

For the past six years, I’ve studied behaviors of 15,000 commercial development teams, 24,000 open source projects, and the community of adversaries attacking open source software supply chains. One thing is certain: when it comes to security, speed is king. In 2017, it took three days for adversaries to exploit new vulnerabilities discovered in open […]

Read more

AD Security vs Modern Attacks

Active Directory has been providing critical services and infrastructure to nearly every company, organization and even government agencies since Y2k. AD has grown with us, both in functionality and security but so have the attackers. Since AD contains information about all of our users – both standard and admins, touches and controls access to most […]

Read more

Zero Trust Security Starts With Identity

Some organizations have been embracing the “Zero Trust” security model, and others are still trying to decide what it means and whether it makes sense for them to try it. With the sudden need for more flexibility, scalability, and remote access, many of these enterprises have found themselves in unfamiliar territory without a map. In […]

Read more

SOC Automation: Faster Decision Making and Response

Security analysts spend two-thirds of their time on triage and investigation. Why then do most security operations teams only automate response? In this presentation, Andy Skrei will share his experience automating the end-to-end security workflow while leading security investigations at one of the world’s largest online retailers and through working with many of the world’s […]

Read more

CryCryptor, the Fake COVID-19 Tracing App That Targeted Canadians

Cybercriminals regularly use major newsworthy events as an opportunity to lure targets into their trap. The COVID-19 pandemic probably constitutes one of the most prolific and advantageous settings for the bad actors to launch their attacks: an anxious population, a digital transformation movement that pushed everyone online, high demand for goods that are no longer […]

Read more

A Brave New World – Attacks in the Age of COVID

The COVID pandemic has allowed attackers to exploit users with phishing attacks, ransomware, and other scams. FortiGuard Labs has recorded over 600 unique campaigns related to COVID cyberattacks per day. We will examine some of the top attacks, understand how attackers are creating the attacks, and the platforms they are targeting. Learn how attackers have […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!