CONTENTS OF LECTURES 2021
Applications of blockchain technology in financial institutions
During the presentation Luka will talk about some real and potential use cases of blockchain technology. Special emphasis will be placed on where and how we can use blockchain technology in financial institutions. He will talk about how we can use blockchain technology for better protection of customer data and controls to reduce fraudulent activities.
Cloud security: containers
Enable your productivity cloud for secure external sharing
Information protection consists of 3 main area: data discovery and identification (Know Your Data), taking protective measures based on classification and labeling (Protect Your Data) and data loss prevention (Prevent Data Loss). In his presentation Zsolt Bátorfi will share best practices on how to set up and deploy Microsoft Teams and SharePoint Online infrastructures for secure external sharing and collaboration.
European cyber package
In December, 2020, EuropeanCommission and the High Representative of the Union for Foreign Affairs and Security Policy presented a new EU Cybersecurity Strategy. As a key component of Shaping Europe's Digital Future, the Recovery Plan for Europe and the EU Security Union Strategy, the Strategy will bolster Europe's collective resilience against cyber threats and help to ensure that all citizens and businesses can fully benefit from trustworthy and reliable services and digital tools. This lecture brings insights to new strategic and legislative documents brought by the new cyber package.
Following information flow
Aleksandar prepared a walkthrough on how to use Classificaton tool, DLP tool, DB Security, Rights management and SIEM in conjungtion to be able to follow an information (electronic form) from the moment it enters the company till the moment it goes out. All logs from the flow could be used with SIEM to produce alerts and reports for moniyoring.
How the military can enhance Cybersecurity by moving to the Cloud
Today, military analysts, together with the relevant infrastructure, around the world are struggling to cope with a constantly increasing amount of data, coming from almost everywhere. Moreover, the military environment itself adds an additional critical factor, that heavily affects the availability and integrity of data. Introducing and exploiting a “military-grade” cloud environment might provide the necessary flexibility, scalability, and fault tolerance which is needed in modern day operations. This can be achieved by the provision of alternate data routes, backup solutions, authentication mechanisms. Another exploit could be the allocation of resources where and when they are needed; for example, in order to quickly perform tasks that require increased processing power. Special provisions at the hook points can provide automatic recognition of bottlenecks or other issues, and act with little or no human intervention. In all, such a solution can enhance overall cybersecurity.
Implementation of SAST (Static Application Security Testing) and DAST (Dynamic Application Security testing) in SDLC
Businesses are affected on a daily basis because of growing cybersecurity threats. Application security has to be taken into account in SDLC (Software development life cycle). In this session we will talk about how we implemented DAST and SAST security testing in our application development process.
For many Security Operations Center (SOC) teams, finding malicious activity inside the network is like finding a needle in a haystack. They are often forced to piece together information from multiple monitoring solutions and navigate through tens of thousands of daily alerts. SOC analysts are usually required to search for indicators of compromise (IoCs) within network, cloud, and endpoint environments. They then need to drill-down into findings to validate the breach and plan their response. The results in many cases, and also in the sunburst hack case, are that critical attacks are missed until it’s too late. In the sunburst case, organizations found out about this internal threat when it was too late, a few months after the attack started and they were already seriously damaged…
Key things to consider when designing and planning server rooms/data centers
There is a saying “The cloud is just someone else's computer”. And that computer is, most of the times, in a data center. We want that computer to be always available, secure and stable. To achieve that, there are certain requirements and considerations that need to be met when designing and building data centers.
In Luka’s presentation, he will give you a high-level overview and some guidelines on how to achieve this requirements and how this facilities are designed from a critical infrastructure standpoint. He will also try to bring closer to you what critical infrastructure systems there are in a data center and raise awareness of all the other systems behind the curtain that are enabling smooth and carefree operation of your services in the data center (electrical systems for uninterruptible power, mechanical and cooling systems for cooling the servers, monitoring systems, energy efficiency, etc.)
Main emphasys of this presentation is to introduce cybersecurity professionals to concepts of critical infrastructure on which all of their services rely heavily on.
Lecture is being prepared
Live response, forensics and breach analysis of an Oracle database
Pete will explore all of the high level issues and process involved in responding to a breach or possible breach of an Oracle database. This involves building a team and performing incident response. A formal process must exist and be followed. Live analysis of the database can be complex and Pete covers this with guidance. Forensic analysis of the gathered artefacts is next. The responder must build a time line of events and evidence and checksum these to prove in court. Pete will cover all aspects of a breach response and also will show some data and examples.
M365 Security introduction
Microsoft Secure Score is a security analytics tool designed to help organizations understand what they have done to reduce the risk to their data and show them what they can do to further reduce that risk. Secure Score determines what Microsoft 365 services an organization is using, then looks at its configuration and behaviors and compares it to a baseline asserted by Microsoft. Rather than reacting or responding to security alerts, the Secure Score tool enables organizations to track and plan incremental improvements over a longer period of time.
Optimum Security with automated processes
Assume that endpoint protection is satisfactory. What is the reason for investing in additional solutions in addition?
The vast majority of threats need to be automatically identified at the earliest point in the counter-attack chain and the necessary countermeasures taken, and the smaller the overall impact of the threats on resources and the extent of the damage to our wallets. The majority of security incidents (approximately 90%) are immediately addressed by a good EPP solution and do not occupy either the EDR solution or security personnel who can focus on more advanced and therefore more dangerous threats.
What about the remaining, much more dangerous 10% of pests?
These are called evasive, targeted, complex, advanced attacks (ATP). These can also be defended at the network level (yes), but more effectively and above all at cheaper endpoints !!
Much more information is already needed here for effective defense.
• What is the alarm environment?
• What measures have already been taken in relation to the alert?
• Is the detected threat still active?
• Have other hosts been attacked?
• What route did the attack take?
• What is the actual root cause of the threat? At what endpoints did it start?
Oh, and it would be nice to react to the incident as soon as possible: (Response). Pld:
• Automatically quarantine files that can be associated with a complex threat at each endpoint
• Automatic disconnection of infected hosts from the network for the purpose of examining damage alert data related to a rapidly spreading threat
• Prevent the malware file from running and spreading on the network for the duration of the scan
Achieve your optimum level of cybersecurity with managed protection and cloud-enabled endpoint detection and response
Prediction for AI driven cyber security - Offensive and Defensive
Securing Industry 4.0: Is blockchain the answer?
Blockchain is a distributed technology mainly known to be used in digital crypto-economy.
Smart contracts is a protocol used to validate a transaction between two entities, without the need of a third party.
Could the combination of those two into a control platform contribute to the safer transmission, process and monitoring of data in Industry 4.0?
The Future of Cyber Attacks and Why Awareness Plays a Key Role
To patch, or not to patch, this is the question
Supply chain attacks represent an extremely significant threat to organizations. Everyone is in danger as they affect every link in the chain and any type of business indiscriminately. Supply chain attacks are usually a consequence of the information a company shares with suppliers. As this is necessary, it is easy to imagine how compromising a link in the chain can lead to the leak of confidential information and to the compromise of other actors in the same chain.
In this talk we will explore how supply chain management and cyber security are strictly connected, what is the role of the humans and what are the best practices for improving security.
Vendor Risk Assessment using AI and Machine learning
"Data is a new oil”. In today’s era, the companies use Business Process Outsourcing more than ever. They share their most precious assets, their crown jewels, their data. How to be sure, that data will remain secure and not misused to an unwanted party.
In the presentation, Nebojsa will depict the concept of Vendor Risk Assessment using AI and Machine learning. This concept can radically increase speed of the assessment and to be more affordable than manual assessment managed by risk assessment experts.
In the presentation, it will be explained some of Google AI services like Cloud Vision and how they can help document recognition and classification using natural language processing using APIs to classify, extract, and enrich documents.
Vuln Hunting Using Python AST
Application security engineers and vulnerability hunters often search code for specific strings or patterns as a starting point for vulnerability discovery. In this talk I aim to show how searching raw code can be improved upon by searching Python abstract syntax trees. We used such techniques at Bitstamp security team to help us discover codebase specific patterns which are otherwise hard to search for. These patterns can be used to improve SAST automation which you might already use in your CI/CD pipeline. I will opensource a simple proof of concept AST scanner for searching custom AST patterns with some code structure awareness.