By Edward E. Serafin III, C|EH, Security Architect
Thoughts from Black Hat USA 2019 & DEFCON 27 (Part 2)
This blog is the second in a three-part series discussing security concepts and tactics I observed and participated in at Black Hat 2019 / DEF CON 27. The first installment can be found here.
In August, I attended Black Hat USA 2019 / DEFCON 27 in Las Vegas. What an overwhelming experience it was—there was so much to see and do! For those of you that don’t know, Black Hat USA is the world’s leading information security event, providing attendees with the very latest in research, development, and trends. DEFCON is the security/hacker community conference that occurs right after the Black Hat Conference. Thousands of hackers and security professionals from around the world congregate to learn about new technology vulnerabilities, cyberattacks, and more.
My primary reason for attending was for technical training. Black Hat Training offers attendees deeply technical hands-on courses on topics ranging from broader offensive security to the latest in penetration testing, infrastructure hacking, mobile application security, analyzing automotive electrical systems, and everything in between. Often designed exclusively for Black Hat, these hands-on attack and defense courses are led by some of the most sought after industry and subject matter experts from all over the world with the goal of defining and defending tomorrow’s information security landscape.
Black Hat Training: Insider Threat Hunting
This year I decided to go low-tech and dive into counter social engineering; the official class title was “Insider Threat Hunting – Track, Elicit, Interview, and Mitigate”. The course was led by multiple instructors with backgrounds in law enforcement, military, and intelligence / counter intelligence. While the class was fantastic, the only issue I have with courses such as these is the fact that they are condensing a 3+ week course into just a few days (or less). However, while it may be a challenging prospect, it’s well worth the time and effort.
As an ethical hacker, I’ve always enjoyed the social engineering aspect of my craft. As we all know (or should know), hacking people can be more effective than hacking computers; hackers and scammers alike use social engineering against human targets to achieve their goals. The insider threat course explains the science behind how social engineering works, why it’s so effective and how to leverage the very same tactics against adversaries. Understanding the psychology and scientific method behind the tactics I’ve been leveraging for years was fascinating.
This course has changed my perspective on social engineering, providing a much deeper understanding as to why social engineering tactics work and how they can be used for maximum blast effect to benefit Micro Strategies’ customers.
Defending Against Insider Threats within your Organization
One of the largest threat vectors we face every day is the insider threat. Defending against this type of threat is challenging and requires practitioners to understand and apply various tactics to detect deception; these tactics include looking for tells such as micro expressions (the 11 subconscious facial expressions we all do under certain circumstances), conducting psychographic analysis utilizing the Five-Factor Model – OCEAN (Openness, Conscientiousness, Extroversion, Agreeableness, & Neurotism) and the TIPI (Ten-Item Personality Inventory) model which is a brief assessment of the five personality dimensions / factors. (Never heard of the Five Factor Model and the TIPI model? Check out this Wikipedia article for more information on the Five-Factor model and this blog from Psychology Today for an explanation of the TIPI model.)
However, having tools and understanding how to implement them is only half the battle. A successful business needs employees and a successful security program means interacting with those employees in a positive, meaningful way. Your staff was hired for a reason. They are valuable assets and possess important skillsets and knowledge that are required for the success of your business.
Most incidents involving insider threats begin small. Whether it’s because a person feels slighted or because of a conflict with another employee, these problems escalate into incidents. The key to success is identifying threats early on by using the previously mentioned techniques.
If an employee exhibiting behaviors consistent with insider threat can be identified early, it’s in the organization’s best interests to attempt to correct the problem before it escalates into an incident. After all, it costs more money to replace an asset then it does to fix an asset.
Understanding Behavior is Key
This is the reason why I often recommend that security team members make a concerted effort to interact with their colleagues. It’s important to establish a working relationship with the people employed in your organization. Building rapport provides you with an opportunity to spot potential issues before they become bigger problems.
How do you know if an employee is having a bad day if you never established a baseline? Also, it makes approaching the employee a little easier. He or she might even be willing to be open about the issue with you because they’re comfortable with you. It’s the little things in life, they mean a lot to people and those perceived “little things” can add up to big problems if we don’t take the time to understand the people around us.
In the coming weeks, look for my next, and final, blog in this series where I will conclude with takeaways and memorable moments from my time at Black Hat 2019 and DEFCON 27.
The number of insider-related breaches is rising every year. Thirty-four percent of all breaches in 2018 were caused by insiders and the average cost of an insider-related incident is around $513,000. These types of threats are significantly harder to detect and prevent in comparison to outside attacks. Implementing an insider threat hunting solution can help you protect your data. Interested in learning more? Contact us today.
MODERN PREDICTIVE ANALYTICS COMBINES MACHINE-GENERATED PREDICTIONS WITH HUMAN INSIGHT TO DRIVE BUSINESS FORWARD
As the AI revolution takes hold, businesses are increasingly asking their data science teams to do more than work on one-off research projects. They need to find repeatable, automated ways to provide real-time insights for day-to-day decision-making.
To meet these expectations, data science leaders not only need to be able to explain the potential of modern predictive analytics technologies to business stakeholders, but they also need to deliver the results.
Download this free e-book to learn how to navigate the modern predictive analytics landscape.
THE IDEA IN BRIEF
Business today moves at an extremely fast pace. Decision-makers need access to critical data faster than ever before. Traditional approaches do not support fast and iterative data exploration, limiting your ability to get timely insight from data. A new way of thinking and accessing data is needed; one that matches the availability of insights to business decision making demands.
A CHANGE FROM THE TRADITIONAL APPROACH
Data warehouse, data lake, 360 view of the customer, decision support systems; all of these more traditional approaches to data call for long-term integration projects that often fail to deliver or maintain results. With the increasing complexity of data landscapes, organizations need fast and reliable ways to gain insights from data. Business environments move with increasing speed and demand timely decisions made on the merits of data and thorough analysis. A different approach is needed to enable organizations to access just in time data, properly prepared and managed.
WHAT IS FAST DATA INSIGHTS?
Fast Data Insights is an architectural approach predicated on accessing data, regardless of the source and only moves data when required. It is a process by which data sourced from various systems can be linked, cleansed and analyzed without the need for costly IT development cycles. It is a set of quick start services, carefully curated tools, and applied intellectual property gained through years of data integration, data visualization, and analytics enablement.
Fast Data Insights does not replace the need for a data warehouse or a mature process to handle a company’s most precious resource. Rather it is a critical addition to an organization’s data management architecture. It is not a silver bullet to handle data complexities, but an accelerator to detect and leverage the value within disparate data assets.
WHAT ARE THE APPLICATIONS?
Decision makers cannot wait for integration projects to be completed before analyzing and gaining insight from their data. In reality, they are not waiting. They are most likely leveraging talented analytics resources to gather, cleanse and analyze data in less than ideal circumstances. These resources are spending a large amount of time finding sources, gaining access, moving data to available tools (spreadsheets, Access, text files, etc.). The work is getting done, but is that a best use of analytics resources time?
Business teams worry about asking the wrong question as it might trigger an eight-week integration project, only to find out at its completion the data does not support the answers expected and there is a need for additional details.
With Fast Data Insights, business teams quickly virtualize data sources, link separate systems and start answering questions immediately. Whether data is housed on websites, databases, PDF files or other places, these sources can be accessed without penalty as needs evolve. Some sources of data are immediately known while others are identified in time. This is to be expected as analysts continue to dig deeper, and require flexibility to add sources, and immediately start to work with them. Once valuable insights are identified they can be integrated into regular business processes; however, the Fast Data Insights approach allows organizations to start leveraging these in analytics and visualization processes immediately.
HOW DOES IT WORK?
Fast Data Insights combines an architectural approach at data virtualization with a set of over 250 out of the box connectors. A centralized interface to prepare data that learns the common cleansing steps taken, recommending how to address new sources based on what analysts have done in the past. There are hundreds of ways to consume it, through easy connectors to visualization or analytics tools. Additionally, there are quick start services to create a data on demand environment, something like Netflix for Data.
While the concept of data virtualization also known as data federation has been around for over 20 years, it failed to deliver on the original objective of interacting with data regardless of where it was located. With the advancements in workload distribution, the introduction of containers and appropriate application of best practices, organizations can gain valuable data insights by applying this reemerging architectural approach.
THE IDEA IN PRACTICE
To prevent business opportunities from slipping through their fingers, organizations need to match the availability of insights from a changing data landscape with the pace of decision making.
- Determine your current pace: Where are your analysts spending their time obtaining the data or analyzing it?
- Define the strategic significance of faster data insights: Discuss the impacts of faster insights with your peers and internal customers.
- Locate opportunities to expedite decision making: Select a business challenge or area that can benefit from faster insights.
- Get help to get started: Partner with someone who has faced similar challenges to quickly enable your team with the tools to be self-sufficient.
The Bongiovanni Racing Team took to the track this past weekend for the 48th Annual Lucas Oil Drag Racing Series event at beautiful Maple Grove Raceway. The event marked the return of driver champion driver Michelle Bongiovanni, who recently graduated from Penn State University and was excited to get behind the wheel of her 140-plus mph Mustang. Joining Michelle in the teams Cobra Jet Mustangs were teammates Anthony Bongiovanni and Kenny Miele.
Maple Grove Raceway, also known as “The Grove, is conveniently located near Reading, Pennsylvania, between the Micro Strategies offices in Parsippany, New Jersey and Malvern, PA. “The track’s location presents a great opportunity for our team to host family, friends, co-workers, and clients in the Maple Grove tower suite, said Anthony Bongiovanni. “It’s great to give everyone a close-up look at our team and the technology we use in racing. Drag racing is very competitive and it requires precision, passion and many of the components that are critical to success in business, he added. “Races are won and lost by thousandths of the second, so it’s important to set the cars up properly and to execute a plan.
Racing kicked off with qualifying and Anthony and Kenny ran strong in Stock Eliminator, sliding into the 128-car field with a 9.02 and 8.58 respectively. Michelle and Anthony ran in Super Stock, qualifying 11th and 16th in the tough 89-car field.
Round 1 came Saturday night, and the team fared well. Anthony used a near-perfect .008 reaction time to take a win in Super Stock over Jamie Schoenly and Kenny topped Bob Moran to move to the second round. Michelle lost a tight race to NHRA regular James Antonette, and Anthony lost in Stock Eliminator on a red light. Unfortunately, Round Two wasn’t kind to the team, with both Anthony and Kenny falling from competition. “It wasn’t the weekend we hoped for, but it was nice to have the cars running well and to enjoy the time we spent with everyone who attended, said Michelle Bongiovanni.
Three-time NHRA national event winner and Bongiovanni Racing team driver Ken Miele had a strong showing at the recent NHRA Virginia Nationals held May 17-19 at Virginia Motorsports Park. Miele was on his game, qualifying 11th in the field with his Micro Strategies and NEC Financial Services-backed Cobra Jet Ford Mustang in Stock Eliminator.
During qualifying Miele ran a strong 8.55-second quarter-mile pass at nearly 160 mph to set the pace for the weekend. “We had a few tuning issues due to a change we made at the previous race, but we figured it out and had the Mustang ready for eliminations, Miele explained. “We dial in the performance of the engine using a tunable electronic fuel injection that allows us to alter ignition timing and fuel requirements to find maximum horsepower and the best drivability. After the first run we found a bad sensor that was causing the engine to run erratically. With the new sensor in place we were good to go, he added.
Miele marched into eliminations with confidence. He defeated the Firebird of Gene Monaham in the first round, the Camaro of Jack Matyas in the second round and he used a quick .024 reaction time in the third round to beat Jim Marshall. Miele then faced NHRA standout Allison Doll who red-lighted, sending Miele to the semi-finals.
But the same red-light that gave Miele a win the previous round knocked him out of competition. “While we didn’t bring home a win, it was a strong weekend. I cut it too close and came up with a -.006 red-light, he said. “Nevertheless, we got down to four cars at a NHRA national event and that’s never a bad thing. We have a bunch of races coming up and we’re feeling positive.
Anthony Bongiovanni was also in competition in Virginia, running in Stock and Super Stock with his Cobra Jet Mustangs. Bongiovanni qualified seventh in Super Stock with his Resource 1 Ford, and 32nd in Stock driving the Micro Strategies/Optima Batteries machine. Bongiovanni drove well in both classes, unfortunately luck was not on his side as he lost two close races early in the competition.
Bongiovanni Racing won’t have to wait long to get back on track, as the team heads to Maple Grove Raceway near Reading, PA this weekend for the NHRA Lucas Oil Divisional Series event May 24-26. We hope you can join us!