Presentation: Security & Psychology: Demotivating Persistent Threats
Share this on:
Abstract
Preventing advanced cybercriminals from accessing and exploiting your most sensitive data requires more than just a strong threat detection infrastructure — it demands a personal understanding of the attackers themselves. Once an attack group’s motivations are identified you can start generating a profile and persona that will make disincentivizing them a whole lot easier. Without this added layer of psychological analysis, you will find yourself addressing incident after incident with no end in sight.
At the core, an actor’s intent is always the same - motivated people with economic justification for their actions are committing large-scale attacks because their livelihood depends on it. It’s up to you to disrupt those economics so they move to softer targets.
In this session, Shape Security Director of Engineering Jarrod Overson will break down the workflow for effective threat mitigation of sophisticated attackers into four distinct stages:
- Stage 1) Classification. Look at how can traffic be bucketed into distinct segments that define individual actors or groups.
- Stage 2) Research and generate an actor profile. Understand what these actors are getting out of these attacks, and form some hypotheses from their attack characteristics. Are they data resellers? Developers? Independent actors or full-time employees? What hours are they active? How quickly do they respond to mitigation? This actor profile will help define the approach in Stage 3.
- Stage 3) Counter attack. Develop and deploy countermeasures that target the attack in a way that drives up cost while reducing value. Play with them, target the damage on their off hours, give sporadic and variable feedback. Increasing the psychological cost is a damage multiplier.
- Stage 4) Rinse & repeat until all threats are cleared. This is only temporary, of course. As long as value remains then new attackers will fill the vacuum and each subsequent attack will be more sophisticated than the last. Relentless, targeted responses will eventually wear away the motivation to continue the attack.
Jarrod has seen traffic from individual attackers, coordinated groups, state actors, and more - all of which require different approaches. Sophisticated threats rarely engage in attacks for no reason - understand where the money is coming from and the motivations behind an attack and you can disrupt the attackers with greater force.
Similar Talks
Tracks
Monday, 5 November
-
Microservices / Serverless Patterns & Practices
Evolving, observing, persisting, and building modern microservices
-
Practices of DevOps & Lean Thinking
Practical approaches using DevOps & Lean Thinking
-
JavaScript & Web Tech
Beyond JavaScript in the Browser. Exploring WebAssembly, Electron, & Modern Frameworks
-
Modern CS in the Real World
Thoughts pushing software forward, including consensus, CRDT's, formal methods, & probabilistic programming
-
Modern Operating Systems
Applied, practical, & real-world deep-dive into industry adoption of OS, containers and virtualization, including Linux on Windows, LinuxKit, and Unikernels
-
Optimizing You: Human Skills for Individuals
Better teams start with a better self. Learn practical skills for IC
Tuesday, 6 November
-
Architectures You've Always Wondered About
Next-gen architectures from the most admired companies in software, such as Netflix, Google, Facebook, Twitter, & more
-
21st Century Languages
Lessons learned from languages like Rust, Go-lang, Swift, Kotlin, and more.
-
Emerging Trends in Data Engineering
Showcasing DataEng tech and highlighting the strengths of each in real-world applications.
-
Bare Knuckle Performance
Killing latency and getting the most out of your hardware
-
Socially Conscious Software
Building socially responsible software that protects users privacy & safety
-
Delivering on the Promise of Containers
Runtime containers, libraries, and services that power microservices
Wednesday, 7 November
-
Applied AI & Machine Learning
Applied machine learning lessons for SWEs, including tech around TensorFlow, TPUs, Keras, PyTorch, & more
-
Production Readiness: Building Resilient Systems
More than just building software, building deployable production ready software
-
Developer Experience: Level up your Engineering Effectiveness
Improving the end to end developer experience - design, dev, test, deploy, operate/understand.
-
Security: Lessons Attacking & Defending
Security from the defender's AND the attacker's point of view
-
Future of Human Computer Interaction
IoT, voice, mobile: Interfaces pushing the boundary of what we consider to be the interface
-
Enterprise Languages
Workhorse languages found in modern enterprises. Expect Java, .NET, & Node in this track
