What we're about
Upcoming events (2)
Join us for a fascinating story of an unusual ICS network incident Brent and his team worked recently. In it, he'll discuss how a successful compromise of an exposed server handed an attacker an opportunity to tamper with some critical infrastructure functions and how the victim was essentially saved by a ransomware infection. The talk will cover the attack scenario, the methodology of the attackers and some interesting IOCs and TTPs that were discovered during the incident analysis. Come and learn how, in this particular case, ransomware saved the day! Speaker: Brent Huston, Security Evangelist and CEO of MicroSolved Brent is an entrepreneur, inventor & futurist with a focus on crime, fraud & industrial espionage. Interested in the impacts of technology across these activities. He has a great reputation as a security & criminal researcher with a history of innovative approaches, responsible disclosure, rational control development & substantial findings. World-class experience with ICS/SCADA, utility & critical networks including segmentation, pen-testing, protocol/process weaknesses & incident response. Deep knowledge of fuzzing, honeypots & attacker deception/tampering. To date, he has brought more than a dozen technology products to market and he holds two US patents. He currently serves as an advisor, mentor and investor in multiple technology companies around the world.
NOTE: Registration at gotowebinar is required:https://attendee.gotowebinar.com/register/2794448792846923276?source=08272020MeetupEvents We all want to make sure our organizations won’t appear in news headlines as another breached ICS/SCADA company, but the presence of EDR, EPP, DPI, DLP, EUBA, SIEM, and Network Monitoring Systems in ICS/OT environments does not guarantee preventing and detecting insider threats or network compromise. The addition of a next-gen honeypot or “Deception” tool using Free and Open Source Software (FOSS) can complete the defense-in-depth aligned with Governance, Risk Management, and Compliance. Not every organization has an OT network Incident Response (IR) program. Even those who do have significant challenges: - Lack of network-based threat visibility - Huge data sets to correlate on whole enterprise threat hunting - Overwhelming numbers of false-positive alerts - Limited resources to respond A customized stand-alone honeypot in-line with the ICS/SCADA network to bait and trap any malefactor can lessen dwell time by warning immediately on being compromised. This accelerates breach detection of misuse and malicious activities such as Internal Reconnaissance, Lateral Movements from IT, Credential Theft, Ransomware, Data Exfiltration, and Zero-Day Exploits. KEY TAKEAWAYS 1. Amplified Breach Detection with almost 100% accuracy 2. Slows down attackers and reduces dwell time 3. Scalable and Operationally Efficient with counterintelligence gained 4. Rapidly Detect and trap APT’s 5. Zero cost, high ROI 6. Be able to configure, design, and deploy a solution that covers both IT and OT environments 7. Learn the basics of incident handling in ICS/SCADA 8. Add threat intelligence to the IR program Art (Mike) Rebultan has many years of experience as a security practitioner in PCI-DSS audit management, Unix/Linux server lockdown and systems administration, R&D, VAPT, cybercrime investigation and incident response. He has a master’s in IT with concentration in e-commerce security and is trained in digital forensics and cybersecurity. https://www.peerlyst.com/users/mike-art-rebultan/ https://www.linkedin.com/in/artrebultan/ NOTE: Registration at gotowebinar is required:https://attendee.gotowebinar.com/register/2794448792846923276?source=08272020MeetupEvents