Send message to

Do you want to send the message without a subject?
Please note that your message can be maximum 1000 characters long
Special characters '<', '>' are not allowed in subject and message
reCaptcha is invalid.
reCaptcha failed because of a problem with the server.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Header of Horizon3.ai Europe GmbH
Forums it-sa Expo Knowledge Forum A

Go Hack Yourself – Stories from 70,000 pentests

The presentation emphasizes the critical need for continuous security testing.

calendar_today Thu, 24.10.2024, 10:00 - 10:15

event_available On site

place Forum, Booth 6-215

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Awareness / Phishing / Fraud Cloud Security Data protection / GDPR Data security / DLP / Know-how protection Governance, Riskmanagement and Compliance Network Security / Patch Management Trend topic

Key Facts

  • Attackers don´t hack in, they log in
  • Credentials are the everyday zero-day
  • Peacetime versus Wartime Security Mindset

Event

This action is part of the event Forums it-sa Expo

Action Video

grafischer Background
close

This video is available to the it-sa 365 community. 
Please register or log in with your login data.

Action description

Assessing Security Effectiveness: Questions if organizations are fixing the right vulnerabilities, logging proper data, and configuring tools correctly. It emphasizes that time is a critical factor in addressing vulnerabilities, with mass exploitation often occurring within seven days.

Cognitive Biases in Cybersecurity: Highlights biases such as confirmation and anchoring bias, affecting how security teams approach potential threats.

Attack Techniques: Lists top techniques used by attackers, such as brute-forcing weak credentials, exploiting misconfigurations, and lateral movement across poorly segmented networks. It downplays the role of CVEs as the primary attack surface.

Adaptation of Attackers: Attackers use techniques beyond vulnerabilities, including exploiting misconfigurations, misusing credentials, and lateral movement across networks. Vulnerability scanners are limited in detecting these issues.

Case Studies: Includes real-world stories demonstrating common security failures

Challenges in Security Testing: The pentesting industry faces a shortage of certified testers, and the increasing complexity of infrastructures makes retesting and continuous verification difficult.

Solution Approaches: Recommendations include continuous verification of security posture, ensuring regular testing, and rapidly fixing vulnerabilities before attackers can exploit them.

Automation and AI: AI lowers the barriers to entry for attackers, enabling rapid and scalable exploitation across multiple hosts.

Final Takeaway: Security must be continuously tested, and organizations should focus on reducing the exploitable attack surface through proactive measures such as improved monitoring, segmentation, and tool configuration.

The presentation underscores the need for a "wartime mindset," where organizations continuously challenge their security assumptions, verify defenses, and respond swiftly to emerging threats
... read more

Downloads

Language: German

Questions and Answers: No

close

This content or feature is available to the it-sa 365 community. 
Please register or log in with your login data.