Galina Antova is cybersecurity executive and entrepreneur focused on OT/ICS cybersecurity. Galina co-founded Claroty to help advance the state of cybersecurity for critical infrastructure. Prior to that, she was the Global Head of Industrial Security Services at Siemens, overseeing development of its services that protect industrial customers against cyber-attacks. She was also responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services for industrial control systems operators. Previously, Ms. Antova was with IBM Canada, with roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.
Detecting callouts to command-and-control (C2) servers used to be straightforward, but attackers in your network have found ways to communicate with the outside world even under the heaviest of scrutiny. In this talk, we discuss ways to use popular websites as means of getting commands and exfiltrating information. We examine the applications of asymmetric communication, from Internet-accessible computers to embedded devices to air-gapped systems. Finally, we give some suggestions to defenders, and discuss how to detect and mitigate risks that enable asymmetric malware.
Brandon Arvanaghi Security Engineer, Gemini
Brandon Arvanaghi is a security engineer at Gemini. Before Gemini, Brandon was a security consultant at Mandiant. Brandon has written tools to detect webshells, obfuscated malware, and to evade sandboxes in every language. He is the author of SessionGopher, CheckPlease, and a contributor to PowerShell Empire. Prior to working in the security industry, Brandon conducted research on automated attack plan generation at Vanderbilt University.
The security industry has been talking about powerful concepts like good threat intelligence and attacker cost for a long time now, but most organizations are not using these concepts in their security programs, causing them to waste money, time, and energy on efforts that do not stop real attackers.
In this talk, we describe a security program built around adversary intelligence that actually matters. We describe how this program generates more accurate and precise priorities and objectives. We demonstrate how these new risk profiles, attacker playbooks, and attacker cost models can help inform better controls, strategies, and policies.
We focus on picking the controls that are most effective at reducing the risk of successful execution of the playbooks that attackers use everyday. This is only possible with a security program built around attacker intelligence.
We take a deep dive into the practicalities of implementation of these concepts at your organization. What metrics matter to show to management, how this impacts hiring, and how this modifies core workflows in the security team.
Finally, we will close with some of the concrete challenges we encountered in implementing this program and some suggestions on how to work around them.
Justin Berman is the CISO of Zenefits, but he’s not your typical CISO. Justin thinks very deeply about security concepts and processes that most take for granted. Reflecting on every detail of his program allows him to make more informed decisions where it matters most. Justin cares genuinely about the wellbeing of his team and the efficacy of his program. In a previous life, Justin was a professional photographer and a professional chef.
Joe Bernik has over two decades of experience creating and implementing cyber security management programs at global financial institutions. While serving as CISO and head of information risk and security at ABN AMRO Bank, Fifth Third Bank and BNY Mellon, Mr., Bernik lead global teams dedicated to protecting customer data, complying with data-related laws and regulations, and managing incident response programs. Mr. Bernik started his career with the US Defense Department of Defense (DOD) securing military systems.
Joe has is an avid speaker and writer and has held posts on several industry groups including the Federal Reserve Council on Fraud the Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Open Web Application Security Project (OWASP). Mr. Bernik holds a bachelors in information systems from the University of Mary Washington and has completed graduate studies in business administration at The City University of New York.
Not matter what APT threat actor operate in the victims network, there is something in common they share and it's Internet for data exfiltration. I'd like to present a few Anti-APT techniques used by the threat actors in LatAm, Eastern Europe and other regions to bypass detections. All techniques are from real campaigns we track on.
Dmitry Bestuzhev Head of Global Research and Analysis Team for Latin America, Kaspersky
Dmitry Bestuzhev serves as Head of Kaspersky Lab’s Global Research and Analysis Team for Latin America, where he oversees the anti-malware development and investigations of the company’s experts in the region. Dmitry joined Kaspersky Lab in 2007 as a Malware Analyst and was responsible for monitoring the local threat landscape and providing preliminary analyses before going on to become Senior Regional Researcher for the Latin American region in 2008. In 2010, he was appointed to his current role.
In addition to supervising the work of the network of experts in Latin America, Dmitry’s current role also includes producing reports and forecasts for the region and is frequently sought out by international media and organizations for his expert commentary on IT security. Dmitry’s wide field of expertise covers everything from online fraud, through the use of social networking sites by cybercriminals, to corporate security and cyberwar and cyber espionage. Additionally, Dmitry participates in various educational initiatives throughout Latin America.
Dmitry has more than 17 years of experience in IT security across a wide variety of roles and is fluent in English, Spanish and Russian. He’s been working in analysis of targeted attacks for financial institutions, producing intelligence reports.