Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver

•Télécharger en tant que PPTX, PDF•

1 j'aime•217 vues

The document provides an overview of cloud proxy technology and cyber security. It discusses how proxies work by terminating connections between users and servers and inspecting transmitted objects. The document then shares several "real world" examples of how proxies can detect and prevent phishing attempts, malware infections, and other cyber threats by analyzing URLs, file downloads, and network traffic patterns. It emphasizes the importance of threat intelligence and how proxies use global intelligence networks to identify and block malicious activity in real-time.

Technologie

Cloud Proxy Technology
Cyber Security in a Web Browsing AgeJeff Silver; CISSP
Symantec
Senior Security Engineer

SESSION AGENDA
• Proxy Fundamentals [Quick overview as a foundation]
• Cyber Security ‘Real’ Forensics Stories
• Proxy Architecture in the Modern Business Environment
• Q & A

What Is a Proxy?
What makes it unique and valuable in the security space
PROXY
3
When you put a proxy between a user and
a server on the internet, you are
terminating the connection at the proxy,
between the proxy and the user.
The request from Alice ends at the proxy.
A completely new session is started by the
proxy to ask Bob for the current time.
This is what makes a proxy so secure. It
terminates connections and waits for
entire objects to be assembled at the proxy
for inspection.

NETWORK CONNECTIONS AND OBJECTS
Proxy Architecture Compared to a Firewall
SANDBOX
Proxy
Firewall
Malicious payload
delivered to end user
Malicious payload
detected by content
analysis, blocked
from delivery
5

CYBER INTELLIGENCE IS THE KEY
https://sitereview.bluecoat.com
www.tekdefense.com/downloads/malware-samples/
www.westfallave.com/insight/cloudcar.exe
virustotal.com
https://www.talosintelligence.com/reputation_center
eicar.org

User Is Prevented From Going To The Site

URL Threat Risk Levels
Risk Level10: Solid evidence of malicious (rated in database)
Risk Level 9: Almost certainly malicious
Risk Level 8: Stronger evidence of maliciousness
Risk Level 7: Shady behavior (including Spam and Scams)
Risk Level 6: Exercise caution; very new sites, or some evidence of shady behavior
Risk Level 5: No established history of normal behavior
Risk Level 4: Still probably safe (may be starting to establish a history of normal behavior)
Risk Level 3: Probably safe
Risk Level 2: Other top sites; consistently well-behaved
Risk Level 1: Big names; long history of good behavior; huge traffic
Risk Level 0: Customer Whitelist

Real World Incident 1
Please don’t feed the Phish!

PHISH DECONSTRUCTION
https://sitereview.bluecoat.com

Real World Incident 2
Malware LOVES its Mommy!

LETS GET A LITTLE GEEKY
Jeff…Really, How do
you know these PCs are
infected with Malware?
Because they ALWAYS
ALWAYS speak back to
to the Mother Ship!

Real World Incident 3
An All Expense Paid Trip to Portugal!

Real World Incident 4
What Happens When it gets Messy?!!

SECURITY BLEEDS INTO HR
What is the company policy on reporting this? Is there one? Make sure you know!
Don’t confront the person if you know them.
No emotion in reporting. Stick to the facts as you have the data to back it up.

SECURITY BLEEDS INTO LEGAL
What is the law in your state?
Who takes this from you…and have you gone through that drill before it actually
happens?
You cannot just turn a blind eye to this for moral and legal reasons.

PROXY WHITEBOARD
CLOUD PROXY
Site A
Headquarters
Work & Personal Devices
Roaming
Users
PROX
Y
PROX
Y
PROX
Y
Site B
Global Intelligence Network
Content Analysis
Sandboxing
Web Isolation
SSL
Cert.

Contenu connexe

Tendances

Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader

EC-Council

Analogic Opsec 101

vicenteDiaz_KL

SACON - Deception Technology (Sahir Hidayatullah)

Priyanka Aash

It’s not just you. The frequency of severe vulnerabilities in internet-facing enterprise software being massively exploited at scale has increased drastically. The amount of time between disclosure and exploitation of these vulnerabilities has been reduced to near-zero, leaving defenders with less time to react and respond. While combating internet-wide opportunistic exploitation is a sprawling and complex problem, there is both an art and a science to staying ahead of large exploitation events such as Log4J. In this talk we will share insights and challenges from operating a huge, shifting, adaptive, distributed sensor network listening to internet background noise and opportunistic exploitation traffic over the past four years. We will give a blunt state of the universe on mass exploitation. We will share patterns and unexplainable phenomena we’ve experienced across billions of internet scans. And we will make recommendations to defenders for preparing for the next time the cyber hits the fan.

Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...

Andrew Morris

Every time you look around some company or government organization is spouting out some huge number of “cyber-attacks” to their network every day. By no means is it easy, but could it be that there is a little exaggeration of the actuality of the encounters? There is surely a misconception in reporting and the understanding of the attack itself and how organizations account for them. There are “attacks” like port scanning and brute force attempting all across the internet and all hours of the day. Spreading awareness about them will inform the public on just how “intense” these attacks are. To demonstrate this, I bought a nice attractive domain and coupled it with a honey-pot and let the fun begin.

Defending Against 1,000,000 Cyber Attacks by Michael Banks

EC-Council

Real world lessons from CrowdStrike Services experts investigating complex cyber extortion attacks The criminal act of theft is as old as civilization itself, but in the cyber realm new ways to steal your organization's data or profit by holding it hostage, continue to evolve. With each advancement in security technology, adversaries work tirelessly on new techniques to bypass your defenses. This webcast, "Cyber Extortion: Digital Shakedowns and How to Stop Them" examines the evolution of cyber extortion techniques, including the latest "datanapping" exploits. Whether it's an attack on a major movie studio, a massive healthcare system, or a global entertainment platform, recent extortion attempts demonstrate how critical it is to understand today's threat landscape so you can ensure that your organization mounts the best defense possible. Download this presentation to learn what security experts from the cyber defense frontlines are discussing. Learn about: •The range of extortion techniques being used today, including commonalities and differences in approaches •Commodity type ransomware/datanapping vs. hands-on attacks — how are they alike and what are their differences? •Potential outcomes of paying vs. not paying when attempting to recover data after an attack •Real world examples of successful attacks and those that were thwarted or mitigated •Strategies for keeping your organization from being targeted and what to do if you become the victim of a cyber shakedown

Cyber Security Extortion: Defending Against Digital Shakedowns

CrowdStrike

An Underground education

grugq

An Underground education

grugq

Conf 2019 - Workshop: Liam Glanfield - know your threat actor

TechExeter

Social Engineering

William Gregorian

In today’s threat environment, adversaries are constantly profiling and attacking your corporate infrastructure to access and collect your intellectual property, proprietary data, and trade secrets. Now, more than ever, Threat Intelligence is increasingly important for organizations who want to proactively defend against advanced threat actors. While many organizations today are collecting massive amount of threat intelligence, are they able to translate the information into an effective defense strategy? View the slides now to learn about threat intelligence for operational purposes, including real-world demonstrations of how to consume intelligence and integrate it with existing security infrastructure. Learn how to prioritize response by differentiating between commodity and targeted attacks and develop a defense that responds to specific methods used by advanced attackers.

CrowdCast Monthly: Operationalizing Intelligence

CrowdStrike

Social Engineering

Nicholas Davis

Crowdstrike And Guest Forrester Share Keys To Mastering The Endpoint CrowdStrike VP, Product Management Rod Murchison and guest speaker Chris Sherman, Forrester Research analyst, will discuss how modern approaches must balance prevention with detection capabilities in the context of an overall security strategy. Ultimately, this will give security professionals the ability to better deal with the influx of new device types and data access requirements while reducing the likelihood of compromise. In this CrowdCast, Forrester and CrowdStrike will present: - Forrester’s Targeted-Attack Hierarchy of Needs - The six core requirements to a successful endpoint security strategy - Preparing for and responding to targeted intrusions and attacks - How CrowdStrike lines up with Forrester’s Hierarchy of Needs framework

You Can't Stop The Breach Without Prevention And Detection

CrowdStrike

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

Symantec

OSINT - Open Soure Intelligence - Webinar on CyberSecurity

Mohammed Adam

Texas Bitcoin Conference: Are Privacy Coins Private Enough?

Clare Nelson, CISSP, CIPP-E

Security for Human Beings

zekivazquez

Effective Threat Hunting with Tactical Threat Intelligence

Dhruv Majumdar

Learn how to prevent & detect even the most complex “file-less” ransomware exploits Ransomware continues to evolve as perpetrators develop new exploits with consequences that can be dramatic and immediate. The purveyors of ransomware continue to prosper with adversaries developing new strains such as Zepto and Cerber that are proving to be more challenging than ever. Other exploits can alter programmable logic controller (PLC) parameters and adversely impact mechanical systems. Clearly, new defense approaches are needed because organizations can no longer rely on backups and conventional security solutions to protect them. Join CrowdStrike Senior Security Architect Dan Brown as he offers details on these sophisticated new ransomware threats, and reveals recent innovations designed to offer better protection – including new indicator of attack (IOA) behavioral analysis methodologies that can detect and prevent even the most complex “file-less” ransomware exploits. Attend this CrowdCast where Dan will discuss: --The challenges of defending against dangerous new variants, such as Zepto and Cerber --Real-world examples of ransomware in action and the sophisticated tactics being used by a variety of adversaries --How the CrowdStrike Falcon cloud-delivered platform can defend your organization against new super strains of ransomware that use sophisticated malware-free tactics

CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...

CrowdStrike

Zero-Knowledge Proofs: Identity Proofing and Authentication

Clare Nelson, CISSP, CIPP-E

Tendances (20)

Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader

Analogic Opsec 101

SACON - Deception Technology (Sahir Hidayatullah)

Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...

Defending Against 1,000,000 Cyber Attacks by Michael Banks

Cyber Security Extortion: Defending Against Digital Shakedowns

An Underground education

Conf 2019 - Workshop: Liam Glanfield - know your threat actor

Social Engineering

CrowdCast Monthly: Operationalizing Intelligence

Social Engineering

You Can't Stop The Breach Without Prevention And Detection

Symantec Webinar | How to Detect Targeted Ransomware with MITRE ATT&CK

OSINT - Open Soure Intelligence - Webinar on CyberSecurity

Texas Bitcoin Conference: Are Privacy Coins Private Enough?

Security for Human Beings

Effective Threat Hunting with Tactical Threat Intelligence

CrowdStrike CrowdCast: Is Ransomware Morphing Beyond The Ability Of Standard ...

Zero-Knowledge Proofs: Identity Proofing and Authentication

Similaire à Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver

Steven Porter Seville | Ideas about Computer clouding

'Self-Employed'

Today's advanced threats hide in plain sight, patiently waiting to strike, challenging security teams to track their progress across their network and endpoints. Meanwhile, executive and board-level reporting requirements are increasing as leadership demands in-depth answers that are unavailable from today’s block/allow security tools. With 55% of organizations unable to identify the origin of their last security breach, it’s time to stop relying on tools that define security based on what they see ‘out there’ and instead hunt for threats by tracking files, file relationships, and both endpoint and network behavior ‘in here’—inside your environment. In the first part of this interactive session, learn how Cisco’s Advanced Malware Protection (AMP) solutions use big data analytics to compare a real-time, dynamic history of your environment to the global threat landscape, automatically uncovering and blocking advanced threats before they strike. Then watch workflow examples demonstrating how your security team can use this advanced visibility and control to dramatically improve their efficiency and finally deliver the business 100% confidence answers.

Behind the Curtain: Exposing Advanced Threats

Cisco Canada

Ransomware is a PC or Mac-based malicious piece of software that encrypts a user or company’s files and forces them to pay a fee to the hacker in order to regain access to their own files. Not only can ransomware encrypt the files on your computer; the software is smart enough to travel across your network and encrypt any files located on shared network drives. This can lead to a catastrophic situation whereby one infected user can bring an entire company to a halt.

Ransomware hostage rescue manual

Roel Palmaers

SELJE - VFP and IT Security.pptx

Eric Selje

Stop Watering Holes, Spear-Phishing and Drive-by Downloads

Invincea, Inc.

Computer Security for Lawyers

Mark Lanterman

Keynote fx try harder 2 be yourself

DefconRussia

Web Application Security

sudip pudasaini

Shift Toward Dynamic Cyber Resilience

Darren Argyle

Security Awareness Training

William Mann

DEVSECOPS_the_beginning.ppt

schwarz10

Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd

Nipun Jaswal

Splunk products provide a flexible and fast security intelligence platform that makes security personnel and processes more efficient by providing quick and flexible access to all of the data and information needed to detect, investigate and remediate threats. This presentation will discuss best practices for building out or enhancing an analytics based security strategy and how Splunk products can make people, process, and technology work better together.

SplunkLive! Amsterdam 2015 - Analytics based security breakout

Splunk

Web Application Security with PHP

jikbal

Cybercriminelen werken steeds gerichter en focussen zich niet meer alleen op de multinationals van deze wereld. Ook uw onderneming kan het doelwit zijn van dataverlies en -diefstal. IT-security klimt dan ook steeds hoger op de prioriteitenlijst van CEO’s en CIO’s. En terecht. Om bedrijven te informeren over de belangrijkste veiligheidsrisico’s en beschermingsmaatregelen organiseerden Orbid, Proximus, Veeam en WatchGuard een gratis lunch & learn: “Cybercrime en de continuïteit van uw onderneming” op 2 juni in de opnamestudio's van RTV in Westerlo.

WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...

Orbid

The progress of AI in the last decade has seemed almost magical. But we will discuss the unique challenges posed by Security and what makes this domain the biggest challenge for AI. Reporting from the frontlines, we will describe the deployment of large-scale production-grade AI systems to combat security breaches, using lessons learned at Avast from defending over 400 million consumers every single day. Topics will cover the recent AI advancements in file-based anti-malware solutions, behavior-based on-device solutions, and network-based IoT security solutions.

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...

AI Frontiers

SplunkLive! Stockholm 2015 breakout - Analytics based security

Splunk

Attacks on the cyber world

Nikhil Tripathi

Cybercrime and the Developer Java2Days 2016 Sofia

Steve Poole

In today’s world of constantly evolving security threats and attack vectors, organizations need to be vigilant about monitoring their network infrastructure. The network perimeter and security infrastructure is often challenged with the adoption of mobile devices, cloud, and BYOD policies. The need for visibility into endpoint activity has become more important than ever. Join Josh Applebaum (Ziften), Matthew Frederickson, (Council Rock School District) and Peter Johnson (Lancope) for a complimentary webinar to learn how you can achieve real-time network visibility and intelligence for improved incident response. Discover how you can: - Achieve additional visibility and context to network activity - Enhance your existing security investments (NetFlow, Firewall, SIEM, threat intelligence) - Improve incident response by obtaining real-time and historical endpoint data

Extending Network Visibility: Down to the Endpoint

Lancope, Inc.

Similaire à Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver (20)

Steven Porter Seville | Ideas about Computer clouding

Behind the Curtain: Exposing Advanced Threats

Ransomware hostage rescue manual

SELJE - VFP and IT Security.pptx

Stop Watering Holes, Spear-Phishing and Drive-by Downloads

Computer Security for Lawyers

Keynote fx try harder 2 be yourself

Web Application Security

Shift Toward Dynamic Cyber Resilience

Security Awareness Training

DEVSECOPS_the_beginning.ppt

Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd

SplunkLive! Amsterdam 2015 - Analytics based security breakout

Web Application Security with PHP

WatchGuard - Cryptolocker en het gevecht tegen IT 's grootste vijand - Orbid ...

Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...

SplunkLive! Stockholm 2015 breakout - Analytics based security

Attacks on the cyber world

Cybercrime and the Developer Java2Days 2016 Sofia

Extending Network Visibility: Down to the Endpoint

Plus de EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World

EC-Council

Whether people admit or not, everyone is moving to the cloud and all future business will run somewhere on the internet. Moving to the cloud requires different set of architecture and mindset. Data is stored, accessed and processed on different platforms and devices. Employees are working anywhere from the world, corporate data is no more under company IT custody. CISOs and CIOs need to think differently and set new Cloud Security Architecture. This session will try to draw the main areas of concern from Security perspective while moving to the cloud.

Cloud Security Architecture - a different approach

EC-Council

Phases of Incident Response

EC-Council

Hacking Your Career – Hacker Halted 2019 – Keith Turpin

EC-Council

DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...

EC-Council

Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico

EC-Council

Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman

EC-Council

War Game: Ransomware – Global CISO Forum 2019

EC-Council

How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...

EC-Council

Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...

EC-Council

Alexa is a snitch! Hacker Halted 2019 - Wes Widner

EC-Council

Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement

EC-Council

Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...

EC-Council

Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...

EC-Council

Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...

EC-Council

Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...

EC-Council

Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"

EC-Council

Global CCISO Forum 2018 | Sharon Smith "Don't Panic"

EC-Council

Global CCISO Forum 2018 | AI vs Malware 2018

EC-Council

Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...

EC-Council

Plus de EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World

Cloud Security Architecture - a different approach

Phases of Incident Response

Hacking Your Career – Hacker Halted 2019 – Keith Turpin

DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...

Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico

Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman

War Game: Ransomware – Global CISO Forum 2019

How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...

Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...

Alexa is a snitch! Hacker Halted 2019 - Wes Widner

Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement

Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...

Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...

Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...

Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...

Global CCISO Forum 2018 | John Felker "Partnerships to Address Threats"

Global CCISO Forum 2018 | Sharon Smith "Don't Panic"

Global CCISO Forum 2018 | AI vs Malware 2018

Global CCISO Forum 2018 | Ondrej Krehel | The Era of Cyber Extortion and Rans...

Dernier

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

Real Time Object Detection Using Open CV

Khem

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

CNv6 Instructor Chapter 6 Quality of Service

giselly40

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Dernier (20)

Axa Assurance Maroc - Insurer Innovation Award 2024

Exploring the Future Potential of AI-Enabled Smartphone Processors

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Automating Google Workspace (GWS) & more with Apps Script

08448380779 Call Girls In Civil Lines Women Seeking Men

Real Time Object Detection Using Open CV

Presentation on how to chat with PDF using ChatGPT code interpreter

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

GenCyber Cyber Security Day Presentation

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Boost Fertility New Invention Ups Success Rates.pdf

A Year of the Servo Reboot: Where Are We Now?

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

A Domino Admins Adventures (Engage 2024)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Artificial Intelligence: Facts and Myths

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

The 7 Things I Know About Cyber Security After 25 Years | April 2024

CNv6 Instructor Chapter 6 Quality of Service

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver

1. Cloud Proxy Technology Cyber Security in a Web Browsing AgeJeff Silver; CISSP Symantec Senior Security Engineer

2. SESSION AGENDA • Proxy Fundamentals [Quick overview as a foundation] • Cyber Security ‘Real’ Forensics Stories • Proxy Architecture in the Modern Business Environment • Q & A

3. What Is a Proxy? What makes it unique and valuable in the security space PROXY 3 When you put a proxy between a user and a server on the internet, you are terminating the connection at the proxy, between the proxy and the user. The request from Alice ends at the proxy. A completely new session is started by the proxy to ask Bob for the current time. This is what makes a proxy so secure. It terminates connections and waits for entire objects to be assembled at the proxy for inspection.

4. Proxy and Downloaded Objects 4

5. NETWORK CONNECTIONS AND OBJECTS Proxy Architecture Compared to a Firewall SANDBOX Proxy Firewall Malicious payload delivered to end user Malicious payload detected by content analysis, blocked from delivery 5

6. CYBER INTELLIGENCE IS THE KEY https://sitereview.bluecoat.com www.tekdefense.com/downloads/malware-samples/ www.westfallave.com/insight/cloudcar.exe virustotal.com https://www.talosintelligence.com/reputation_center eicar.org

7. Real World Example

8. User Is Prevented From Going To The Site

9. 9 THREAT INTELLIGENCE

10. URL Threat Risk Levels Risk Level10: Solid evidence of malicious (rated in database) Risk Level 9: Almost certainly malicious Risk Level 8: Stronger evidence of maliciousness Risk Level 7: Shady behavior (including Spam and Scams) Risk Level 6: Exercise caution; very new sites, or some evidence of shady behavior Risk Level 5: No established history of normal behavior Risk Level 4: Still probably safe (may be starting to establish a history of normal behavior) Risk Level 3: Probably safe Risk Level 2: Other top sites; consistently well-behaved Risk Level 1: Big names; long history of good behavior; huge traffic Risk Level 0: Customer Whitelist

11. Real World Incident 1 Please don’t feed the Phish!

12. FRESH ‘VANILLA’ PHISH

13. PHISH DECONSTRUCTION https://sitereview.bluecoat.com

14.

15. Real World Incident 2 Malware LOVES its Mommy!

16. LETS GET A LITTLE GEEKY Jeff…Really, How do you know these PCs are infected with Malware? Because they ALWAYS ALWAYS speak back to to the Mother Ship!

17. WHAT A SECURITY ADMIN SEES

18. PROPER MALWARE REMOVAL TECHNIQUE

19. Real World Incident 3 An All Expense Paid Trip to Portugal!

20.

21. Side Loaded Browser May Send You Places

22.

23.

24. Real World Incident 4 What Happens When it gets Messy?!!

25. SECURITY BLEEDS INTO HR What is the company policy on reporting this? Is there one? Make sure you know! Don’t confront the person if you know them. No emotion in reporting. Stick to the facts as you have the data to back it up.

26. SECURITY BLEEDS INTO LEGAL What is the law in your state? Who takes this from you…and have you gone through that drill before it actually happens? You cannot just turn a blind eye to this for moral and legal reasons.

27. PROXY WHITEBOARD CLOUD PROXY Site A Headquarters Work & Personal Devices Roaming Users PROX Y PROX Y PROX Y Site B Global Intelligence Network Content Analysis Sandboxing Web Isolation SSL Cert.

28. Question and Answers

Notes de l'éditeur

Real quickly let’s get a reminder on what a proxy is and what makes it so special in the security space. Here’s the very basic level definition of a proxy, It handles all the communication between two parties. When you put a proxy between two users (or a user and a server on the internet), you are terminating the connection at the proxy, between the proxy and the user. So in this example, Alice is the user, and asks Bob (who could be a server) for the current time. The request from Alice ends at the proxy. A completely new session is started by the proxy to ask Bob for the current time. This is what makes a proxy so secure. It doesn’t allow a connection to tunnel or make it through the proxy. It terminates the connections, and waits for entire objects to be assembled at the proxy for inspection. These features allow the proxy to guarantee all objects are inspected, and no evasive techniques can be used to bypass the proxy.
A proxy, on the other hand, reconstructs the full file before it attempts to make a decision on the content. Not only this makes scanning the content more effective, but it also eliminate one of the major attack vectors against streaming solutions, namely out-of-order TCP packet attack. Most people can recognize this picture now that it is fully constructed.
Let’s look at this in more detail. Here’s an example, where fragmenting a piece of malware and introducing a delay in some of the packets has no effect on the proxy detecting a piece of malware, but in the NGFW, the slight delay in some packets means that NGFW has already passed on parts of the malware and by the time the remaining packets show up, they also get delivered, and the end user gets the entire piece of malware.
How do you test out your vehicle’s air bags? Your family drives in that car…and they are important to you, so have you tested the airbags to make sure they work  Trick question….of course you cannot do that. You also cannot go to malicious sites to check to make sure they are in fact…malicious. There is a better way.
Add a GIN graphic and remove the data feed one.

Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver

Similaire à Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver (20)

Plus de EC-Council

Plus de EC-Council (20)

Dernier

Dernier (20)

Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver

Notes de l'éditeur