It is with both sadness and relief that the team at MISTI can (almost) put InfoSec World 2018 in the rearview mirror. The sadness, of course, exists because organizing a conference like InfoSec World is a labor of love, plus it’s such fun to see all the attendees, speakers, and sponsors onsite and in person after working together virtually for many months. The relief, naturally, comes from knowing we put on the best event we could, that our efforts at evolving the event seem to have paid off, and—for me, personally—knowing that I can now go to bed before 2 AM instead of checking email incessantly for updated speaker presentation decks.

While our operations team tallies presentation scores for the event, this post highlights the most popular talks at InfoSec World 2018 based on attendee session scans. While a good talk is a combination of relevance, content, speaker knowledge and presentation style, and how well accompanying materials support speakers’ verbal delivery, understanding the topics of greatest interest to infosec audiences tells us something about practitioners’ concerns and challenges. Though factors like day, time, and what other events occurred concurrently may affect how many people attended any given session, the ten talks noted below were the most popular breakout sessions[1] at InfoSec World 2018.

10. Backdooring the Lottery

The talk that rounds out our “top 10” in terms of audience numbers was a purely fun-based talk, given that most attendees at InfoSec World won’t ever work with state lottery systems. That said, presenter Gus Fritschie drew parallels between lottery/gaming technology and traditional enterprise technologies so the audience could bring home real tidbits of wisdom. Fritschie shared how lottery systems have been exploited using common attack techniques, and how he and his team (which investigated the incidents) were able to reverse engineer the attacks and learn root causes. Maybe most importantly, Fritschie shared mistakes made by the criminals (i.e., what to look for next time), major risks that exist is gaming systems code and SDLC processes, and how to prevent future compromise.

9. Making Sense of Attack Patterns in the Enterprise

David Kennedy, a perennial favorite at InfoSec World and other industry conferences, always relies on his hands-on work at TrustedSec to demonstrate to audiences how far to push boundaries when it comes to incident prevention and detection. Adversaries, after all, he described in his session abstract, are continually evolving techniques to obfuscate and confuse. In his 2018 talk, Kennedy chose to focus on how to raise the bar on attackers, sharing tactics and tools he’s used over the past year to build defensive strategies, identify advanced threats earlier in their lifecycle, and forecast emerging attack types. Kennedy warned attendees that leaning too heavily on TTPs and signature-driven tools can be a company’s downfall. Instead, he said, security programs need “constant care and feeding,” human intervention (even in our automation and machine learning world), and (most of all) practice, practice, practice.

Bill Dean ISW 2018

8. Network Compromises: What Are We Learning to Make Us Better?

Introspection is an important element of running an effective security program. Unfortunately, so many security teams are operating at such high speeds that they don’t take the time for post mortems or lessons learned—either about incidents internal to their organization or those that hit the headlines when a major organization is compromised through a mega breach. In this talk, Bill Dean of LBMC highlighted some key takeaways from these headline-grabbing compromises and discussed commonalities that can be applied to any organization, regardless of size or resource allocation. Dean illustrated how practitioners can apply lessons learned—if only they take the time to identify their own strengths and weaknesses.

7. Automated Cyber Defense: Leveraging Identity Management to Get to Acceptable

Sam Elliott, of Bomgar (previously Lieberman Software) tackled an evergreen topic: automated privileged identity and access management. With 81% of hacking-related breaches tied to stolen and/or weak passwords[2], and privileged credentials offering “the keys to the (cyber) kingdom,” enterprises need to find better ways to manage identity and access. Elliott presented his “6 steps to secure access” during his talk, and showed how security practitioners can drive down instances of credential abuse and limit the damage adversaries can affect once inside an organization’s network. 

6. Life After Phishing: What’s Next?

It’s no surprise that a talk on phishing hit the top of the charts. Phishing is (and likely will remain) one of security’s most tenacious challenges. As certain phishing campaigns become more popular and thus more identifiable by users, adversaries evolve and adapt, always finding new ways to evade detection by both humans and traditional tools. In this talk, Crane Hassold of PhishLabs presented a brief history of phishing, speculated on the future of phishing, then explained (in a vendor agnostic fashion) what security practitioners can do to protect against upcoming phishing scams—beyond traditional training and awareness programs.

Giovanni Vigna ISW 2018

5. From Trapping to Hunting: Intelligently Analyzing Anomalies to Detect Network Compromises

Giovanni Vigna was a busy guy during InfoSec World 2018, and his original talk, “From Trapping to Hunting,” attracted tons of attention on the morning of day 1 of the event. In this talk, Vigna discussed the benefits and challenges of using machine learning, a veritable buzzword among the security community today. He shared why depending solely on automated machine learning in one’s toolset can be risky in terms of adversarial dataset pollution, tampering, and misclassification. He then presented how practitioners can couple a threat hunting strategy—including threat modeling, understanding of the network, and anomaly detection—to innovate beyond “classic techniques.”

4. Tips and Tricks for Defending the Enterprise Using Open Source Tools

Paul Asadoorian, Founder and CEO of the popular media company, Security Weekly, is a big fan of finding free and/or creative solutions to security problems. In his InfoSec World 2018 talk, Asadoorian shared how he grew up in the security field through his work at companies that would only support commercial tools. He explained the benefits and constraints of this approach—both back “in the day” and today. The fact is, he said, open source software is used by the vast majority of companies today, and open source shouldn’t be frowned upon. That said, it must be used correctly—and Asadoorian provided the audience examples of what to use, when to use it, and how practitioners can ensure their open source project runs smoothly.

3. The New Era of Cyber-Threats: The Shift to Self-Learning, Self-Defending Networks

With the number of cyber threats organizations must face on a daily (even hourly) basis, it’s no wonder that this talk, presented by Cameron Armstrong-Peeler of Darktrace, was jam-packed. Armstrong-Peeler discussed how and why legacy rules- and signature-based tools are inadequate in today’s environments, how IoT stretches even today’s ever-shifting endpoints, and how security teams struggle to keep up with fast-moving threats. She then explained why supervised machine learning coupled with automation may be an analyst’s new best friend.

Connie Mastovich ISW 2018

2. What and Where is the "Dark Web," Anyway?

This talk, given by Connie Mastovich and Rachael Lucas of Reclamere, was one of the most highly anticipated of InfoSec World 2018, which is no surprise given the session description. The presenters promised a tour of the dark web, complete with a demonstration of how anonymity is assured for those using it. The pair also tackled the question of why law enforcement doesn’t simply “shut it down,” providing examples of how and why the dark web isn’t only a space for bad actors.

1. No File Required: The Emergence of the Fileless Attacks

This talk, originally scheduled to be presented by Christopher Kruegel from the University of California Santa Barbara and Lastline, was given by Kruegel’s coworker, Giovanni Vigna. Vigna addressed the rise in fileless malware outbreaks and posed the questions: What if there is no Flash file on the wire? What if the Shellcode does not load additional malware? He then went on to talk about full system emulsion (FUSE), which can provide complete kernel-level visibility, help identify malware’s evasive techniques, and manipulate and interact with artifacts to elicit suspect behaviors

[1] Roundtable talks were not considered in this evaluation since seating was limited to 30 attendees per session. Keynotes and plenary talks were also excluded from this category.

[2] Per the 2017 Verizon Data Breach Investigations report and cited in Elliot’s presentation.

Learn how to effectively identify and defend against threats to your organization at MISTI's Threat Intelligence Summit, Monday, July 23, 2018 in San Diego.