Agenda

Security Architect Ed Lin will demonstrate how an attacker uses off-the-shelf security tools, API calls, and scripting to discover secrets in a public repository. This leads to user impersonation, privilege escalation and sensitive data discovery, and ultimately data exfiltration. We’ll show you how we can help detect and defend against these types of attacks at every step.

There seems to be a new article every day  covering the intersection of artificial intelligence (AI), machine learning (ML), and the security industry. Vendors are suggesting that AI has the potential to act as a team member, replace missing expertise, and reduce headcount for detecting, investigating, responding to, and predicting new cyberthreats. The concept of a fully computerized SOC may be a dream in a world lacking cybersecurity professionals, but can it be realized?

Increasing the autonomy of the SOC is a noble goal, especially for smaller organizations struggling to hire and retain the necessary cybersecurity skills. However, the need for self-learning and self-repairing capabilities in an autonomous SOC raises an important concern: If your IT and security system becomes self-referential and self-healing, how can you investigate to ensure it’s getting it right? Who watches the watchers?

This talk will explore:

• The history of AI, ML, and automation already in your security stack
• The dangers and challenges of unrestricted GPT and other chat bots as information sources
• Ways humans and AI can work together
• How Exabeam uses ML today and is exploring AI in the future

We’ve unleashed our dark allies from the nightmare dimension on an unholy crusade to demonstrate cyberattacks for your enlightenment. If you love seeing devices compromised as much as we do, join us for hacking demonstrations, detailed security research findings, and threat mitigation techniques that will disappoint cybercriminals. We’ll demonstrate several hacks against xIoT, or Extended Internet of Things, devices. For those who would say, “But they’re just security cameras monitoring the parking garage, wireless access points in the cafeteria, PLCs controlling robotic welding arms, or our OT devices aren’t at risk like our IT devices are; what harm can they cause?” – this will illuminate that harm.

xIoT (IoT, OT and network assets) encompasses disparate but interrelated device groups with purpose-built hardware and firmware, are typically network-connected, run well-known operating systems and disallow the installation of traditional endpoint security controls. In addition, many xIoT devices have open ports, protocols, storage, memory, and processing capabilities. Even though most industrial environments have tens to hundreds of thousands of these devices in production, they go largely unmanaged and unmonitored and operate with weak credentials, old, vulnerable firmware, extraneous services, and problematic certificates.

Cybercriminals have shifted their focus to xIoT attacks. Why? Because they work. This massive, vulnerable attack surface is being successfully exploited by bad actors engaging in cyber espionage, data exfiltration, sabotage, and extortion, impacting xIoT assets. And this is especially true for operational technology as businesses gain powerful business benefits but increase their risk as OT and IT infrastructures converge.

Bad actors count on you being passive. They want you to fail so they can continue to evade detection and maintain persistence on your devices. Disappoint them! Take your devices back by understanding how to hack them, recognizing where they’re most vulnerable, and employing strategies to successfully protect them at scale.

Change is the only constant.

Back in the 1970s all computing data was predominantly held on mainframes, which were located in highly secure data centers. They were only accessed over private networks utilizing propriety communications protocols and hard-wired devices.

Today that model has changed dramatically; both company confidential and customer data is available anywhere via a myriad of devices and often accessed remotely from the company’s offices as the data is stored in the cloud. Understanding exactly where that data is located and protecting it, is critical to all businesses, both from revenue protection and avoiding loss of credibility from high profile breaches and the regulatory fines that often accompany those breaches. Just because a company moves its data to the cloud does not absolve it of the responsibility and ownership of the required cybersecurity and data protection controls, and often this is regulated by governments or their agencies.

Threats are evolving daily, and your cybersecurity team must stay on top of the controls that are required. They also need to be able to constantly monitor what is happening to the company’s sensitive data. Are you ready for those challenges? Let’s explain that journey.

No man steps in the same river twice