ADVANCED PERSISTENT SECURITY presented at bsidestampa 2018

by Ira Winkler,

Summary : Any attack against significant organizations is labeled "Sophisticated" by default. The reality is that most of these attacks, such as Target, the OPM, and the DNC, result from inadequate security programs. This presentation reviews recent notable incidents to highlight the root vulnerabilities. The reality is that the vulnerabilities compromised were basic, and as opposed to the attackers being “Advanced”, they are more “Adaptive”. These attacks are then compared to defensive information warfare principles of protection, detection, and reaction. I then utilize those principles to define an adaptive security strategy to prevent incidents, but more importantly to detect and respond to such incidents before loss can be realized.