Vulnerability Management at Tinkoff Fintech School. In the last three weeks, I participated in Tinkoff Fintech School – educational program for university students. Together with my colleagues, we prepared a three-month practical Information Security course: 1 lecture per week with tests and home tasks.
Each lecture is given by a member of our security team, specialized in one of the following modules: Vulnerability Management, Application Security, Infrastructure Security, Network Security, Virtualization Security, Banking Systems Security, Blue & Red-teaming, etc.
The course is still ongoing, but my Vulnerability Management module is over. Therefore, I want to share my impressions and some statistics.
MIPT/PhysTech guest lecture: Vulnerabilities, Money and People. On December 1, I gave a lecture at the Moscow Institute of Physics and Technology (informally known as PhysTech). This is a very famous and prestigious university in Russia. In Soviet times, it trained personnel for Research Institutes and Experimental Design Bureaus, in particular for the Soviet nuclear program.
Nowadays MIPT closely cooperates with Russian and foreign companies, trains business people, software developers and great scientists. For example, the researchers who discovered Graphene and won Nobel Prize for this in 2010 were once MIPT graduates.
This is a very interesting place with a rich history. So it was a great honor for me to speak there.
PRYTEK meetup: Breach and Attack Simulation or Automated Pentest? Last Tuesday, November 27, I spoke at “Business Asks for Cyber Attacks” meetup organized by PRYTEK investment platform. The event was held at the PRYTEK Moscow office in a beautiful XIX century building of a former textile manufactory.
The goal of the meetup was to talk about new approaches in Vulnerability Analysis and how they can reduce the Information Security costs for organizations.
There were two presentations:
The first one was by Doron Sivan, Cronus CEO. He talked about his company’s product.
The second was mine. I criticized traditional vendors of vulnerability scanners, talked about things that work in companies, and things that don’t work, and what you should pay attention to when choosing a Vulnerability Management tool.
For the most part this was my report from the last ISACA VM Meetup. The only difference was in the conclusions, since the topic of this event and the audience were different.
I stressed that the Attack Simulation tools, like Cronus, that analyze vulnerabilities and network connectivity of hosts can be very helpful. They allow you to assess the criticality of each vulnerability better and help to justify the need in prompt patching for IT Team (see “Psychological Aspects of Vulnerability Remediation“).
VB-Trend 2018 Splunk Conference. Today I attended VB-Trend 2018 Splunk conference organized by system integrator VolgaBlob.
Video fragments from the event:
Comparing to “Splunk Discovery Day“, the conference was much smaller (less than 100 people), focused on technical aspects, Information Security and informal communication. And I need to say that there really was a lot of talks with colleagues from different companies, not only about Splunk, but also about Vulnerability Management, Application Security and Container Security.
Splunk Discovery Day Moscow 2018. Today I attended the Splunk Discovery Day 2018 conference. It is something like a local equivalent of the famous Splunk .conf. More than 200 people have registered. The event was held in the luxury Baltschug Kempinski hotel in the very center of Moscow with a beautiful view of the Red Square and St. Basil’s Cathedral.
Video from the event (27 minutes). This is NOT a complete recording of speeches, but rather some fragments and slides.
At the same time, I make most of data analysis with my own Python scripts. Currently this approach seems more effective. But as for providing final results in a beautiful way and making various notifications, in this sphere Splunk is really convenient and useful. Of course, I can make own a Web GUI application that will do something similar for my tasks, it doesn’t make sense if there is an Enterprise level tool that is very good for this.
My tasks are not quite typical for Splunk clients from Security Teams who look at it in the context of SIEM and SOC mainly. Asset Inventory is actually similar to Business Intelligence: almost all connectors are non-standard, and there are no strict requirements for real time (we operate with days and months, not seconds). We have same approach: “Bring some data to Splunk and get insights from it.” And in this sense, it is great that this event was NOT for the information security experts mainly.
It was mentioned a lot that Splunk is primarily a tool for Business Intelligence. And it’s not just for geeks. Splunk is preparing a mobile application with augmented reality, technologies for recognizing requests in natural language and voice. I think this is all mainly for fun, but the trend for casualty is clear.
ISACA Moscow Vulnerability Management Meetup 2018. Last Thursday, September 20th, I spoke at ISACA Moscow “Vulnerability Management” Meetup held at Polytechnic University. The only event in Moscow devoted solely to Vulnerability Management. So I just had to take part in it. 🙂
The target audience of the event – people who implement the vulnerability management process in organizations and the employees of Vulnerability Management vendors. I noticed groups of people from Altex-Soft (Altx-Soft), Positive Technologies and Vulners.
It was very interesting to see such concentration of Vulnerability and Compliance Management specialists in one place. Questions from the audience were relevant and often concerned the weaknesses of competitors. 😉 Here I will make a brief overview of the reports. You can also read here about previous year event at “ISACA Moscow Vulnerability Management Meetup 2017“.
Talking about the audience, there were fewer people than last year, but still a lot:
The event was recorded. I will add video here as soon as it’s ready.
upd. Video in Russian. My presentation starts at 1:35:56
The event was conducted entirely in Russian, including all the slides. So, maybe I will make English subtitles and voiceover, at least for my part.
CyberThursday: Asset Inventory, IT-transformation in Cisco, Pentest vs. RedTeam. Two weeks ago I was speaking at a very interesting information security event – CyberThursday. This is a meeting of a closed Information Security practitioners group. The group is about 70 people, mainly from the financial organizations, telecoms and security vendors.
These meetings have a rather unique atmosphere. Almost everyone knows each other. The event has no permanent place. It constantly moves between the offices of large Russian companies. The hoster, usually a CISO, can bring his IT and InfoSec colleagues. For others, only “bring a friend” format is available. This helps keep the event focussed and very informal. Participants propose and approve the topics by voting in the chat group. There is no place for marketing, all topics are practical and relevant.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.