A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Protect Your "Keys to the Kingdom" _ Securing Against the Next Inevitable Cyberattack - (BSides Boston 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Protect Your "Keys to the Kingdom" _ Securing Against the Next Inevitable Cyberattack

Paul Kozlov

BSides Boston 2015

The first step in securing a business is admitting there's a problem: "Hi, I'm a business with valuable data, and I have hackers on my network." Perimeter defenses have been rendered useless by sophisticated attackers _ which has created the need for a new layer of security on the inside of the enterprise that focuses on limiting hacker movement once they inevitably breach perimeter defenses. This critical new layer of security focuses on securing privileged accounts _ the fulcrum on which all advanced attacks turn. Privileged accounts are exploited in almost every targeted cyber attack. A recent report analyzing the experiences of leading cyber threat investigators revealed that between 80-100 percent of all serious security incidents they've investigated featured the "signature" of compromised and exploited privileged accounts in the attack process. By stealing and exploiting accounts that allow this level of access, attackers are able to gain a privileged foothold which allows them to then elevate privileges to move about the network freely without detection. They are then able to easily infiltrate systems and exfiltrate data. Attendees of this presentation will get a view into how privileged account exploitation has been used in all recent high profile attacks and will learn how to lock down the "privileged pathway" to their own valuable data in order to avoid similar exploitation.

Bio: Paul has over 15 years of IT-related work experience, much of it in Software Development and Information Security fields. He is a a Director of Technical Support, Americas at CyberArk Software. Paul holds CISSP certification since 2008. He is also active on the board of the Eastern Mass (ISC)2 chapter where he holds Educational Liaison Director position, responsible for chapter's educational programs aimed at K-12, undergraduate/graduate students, and young professionals.

Back to BSides Boston 2015 list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast