Remember remember the 7th of November...
This weekend is the 6th annual BSidesDFW security conference hosted at the University of Texas, Dallas campus! I will be speaking Saturday morning on how successful attackers are taking advantage of cloud infrastructure to launch attacks and use DDoS as both a business interrupt as well as smokescreen for more stealthy application layer attacks. Going over some of the most recent threat advisories and intelligence gathered by the Threat Intel and Research divisions of Akamai Technologies, we will dive into the techniques, defenses and successful strategies organizations are using to deal with these activities. Registration is still open and space is available for walk-ins.
Most of us know the web wasn't "built for our business", right? The efficiency and reliability of the web can be easily disrupted as we've seen in recent years as a 16yr old attacker can take down some of the web's largest entities. Because of this more and more companies are leveraging the "cloud" to help deal with these issues. From redundancy, performance optimizations, security and reliability, the cloud is seen more and more as the new hope for an Internet that's quickly approaching senior citizen status and is actually getting slower year over year.
MITRE and the US-CERT organizations have (within the past 18mos) released the Cyber Resiliency Engineering Framework, and Cyber Resilience Review standards, respectively. Using these standards organizations are encouraged to identify deficiencies and subject themselves to stringent evaluations in order to prepare for life on the web. I will be covering these standards and more as I reflect on my experience over the past 15 years working with some of the world's largest eCommerce, financial services, and travel enterprises. What works, what doesn't and where do we go from here?