|By Bob Gourley||
|February 20, 2017 09:55 AM EST|
One of the greatest things about the annual RSA Conference is the open sharing of lessons learned between cybersecurity practitioners. One of the sessions I found most rewarding and insightful focused on new cyber attack techniques. This session, moderated by the SANS Institute's Founder and Research Director Alan Paller, included insights from Ed Skoudis, Michael Assante and Johannes Ullrich. Ed Skoudis leads pen testing and hacker exploits immersion training programs at SANS and conducts forensic assessments/diagnoses of major attacks and in doing so maintains continuous awareness of the state of attacks. Michael Assante is highly regarded for his deep knowledge of industrial control systems and is a champion of the emerging discipline of ICS security. Johannes Ullrich is the director of the SANS Internet Storm Center, the early warning system for the Internet.
These great leaders are all known for their ability to convey information succinctly and in ways that stick and this session provided an overview that brought out the best of their knowledge. They structured the discussion around seven new attack techniques.
The session is now available online:
- Expect ransomware to continue to evolve: 150 different families of crypto ransomware today.
- IoT attacks will continue to evolve: Already used for DDoS. Soon for data extraction.
- Ransomware and IoT will collide: What if your IoT is shut down till you pay.
- ICS systems will come under attack, including systems controlling manufacturing plants and buildings
- Weak random numbers causing a growing concern: Need random numbers of greater entropy.
- Reliance on web services as software components introduces new threats: Everyone dependent.
- Threats against new databases (NoSQL) growing: Placing large data at risk.
There are things that can be done to mitigate all these threats. But stopping them starts with awareness.
If you are looking for insights into ways to beat these threats contact us today for more information.
- Megatrend of #ArtificialIntelligence | @CloudExpo #BigData #AI #ML #DL #IoT
- Security and #MachineLearning | @CloudExpo #ML #AI #DL #CyberSecurity
- Security Innovation Network Gathering Innovators and Enterprise Leaders at 28-29 March 2017 ITSEF
- Leveraging The FFIEC Cybersecurity Assessment Tool (CAT) To Improve Corporate Culture and Raise Security Posture
- Update on Apache Spot: Tremendous advancement in cybersecurity data analytics and event management capabilities
- Chances to Speak at O’Reilly Media’s Upcoming Conferences
- Eric Schmidt Provides Insights Into The Future of Artificial Intelligence and Machine Learning at RSAC2017
- RiskIQ: Tools to Improve Cyber- Situational Understanding in DoD
- Cybersecurity Due Diligence: Now a best practice in Merger & Acquisition (M&A)
- Learn The Latest On All Things Data At The 25 April 2017 Cloudera Government Forum
- How Platfora Is Transforming Hadoop
- Chrome Netbook OS; Tablet PCs; LBS; Open Source
- Don’t forget to register for FOSE 2013
- Cloud Computing vs SOA: Look For a Cross-over in Hype
- Join Me at the 1st Government IT Conference & Expo 6 Oct
- Six Enterprise Megatrends to Watch in 2010
- Technology Heroes Also Serve in Government
- My Thoughts on the Apple iPad
- Five Gadgets That I Can’t Wait to See in 2010
- Recap of the Government Big Data Forum of 26 Jan 2011