This week, I attended a SANS community night talk and we had presenters Dr. Eric Cole and Jake Williams talk about the different types of attacks and their prevention and mitigation strategies.
It was my first SANS community night event and I was also at the venue that week doing my first SANS training course SEC561: Immersive Hands on Hacking.
The talk was less of a presentation (there was only one slide, which is the picture in the mindmap) and more of a discussion where Eric and Jake spoke about their experiences on the different processes in the APT Lifecycle. It was very interesting and quite entertaining watching the two interact.
I’ve captured some of the suggestions and comments in the mindmap above. Some of the things they suggested were quite interesting, such as application whitelisting, crypto free zones and thin clients to name a few.
I remembered how I’ve seen other organizations trying to implement them and they failed miserably. One such example is with thin clients but they wanted to proxy all traffic that was leaving Australia to go through their proxy in Singapore before hitting the thin client server in the US. That made everything incredibly slow and in-usable. I have also experienced application white listing and the frustrations is brings when you need to use a particular software for work or need to install an update or a (security) patch but can’t because it is not whitelisted and the process to add an application whitelist is onerous.
However the presenters did say that those suggestions will only work if done correctly and enough resources are allocated to it. They said that if it’s not done properly, people will start circumventing the process and gave an example where people started using their personal devices and machines for work instead and plugging those into the network (which defeats the security that application whitelisting was intended to provide).
He also talked about having a policy to limit and restrict information that can be put on social media. And “putting some teeth behind it” in order to get people to adhere to the policy, such as “re-introducing them back to the industry” and “giving them a resume writing exercise”. While I feel that having a social media policy is understandable, the enforcement strategies sounds a bit harsh.
Overall it was a great talk and I’ll be attending more of such talks in the future.
Below is the summary of the community night talk that was shown on the SANS website.
1. The best cyber defence is a strong cyber offence – or is it?
Our most popular presentation of 2015 now comes to Sydney, with two outstanding speakers!
Presenters: Dr. Eric Cole, SANS Faculty Fellow and Jake Williams, SANS Certified Instructor.
Red Team or Blue Team? In the ongoing battle against increasingly sophisticated cyber adversaries, organisations around the globe are relying on elite teams of cyber security professionals to protect their critical information assets and systems. But in the mission to ensure your organisation is secure against cyber attacks, which skills are most valuable and effective – those of your Blue Team cyber defenders, or the offensive capabilities of your Red Team? Or is effective cyber security really only achieved through collaboration and understanding the roles of each?
In a reprise of the hugely successful Community Night presentation from our 2015 events in Canberra, two of SANS’ top instructors open up their team’s cyber playbook, presenting and comparing both offensive and defensive approaches to cyber security. Jake Williams, SANS Certified Instructor and a member of SANS’ Red Team elite forces returns to join forces with Dr. Eric Cole, SANS Faculty Fellow and passionate Blue Team champion to discuss the offensive techniques used commonly (and often effectively) by attackers against your organisation, and why understanding those techniques is critical to effective prevention, detection and response.