Category Archives: Video

PHDays 9: new methods of Vulnerability Prioritization in Vulnerability Management products

On May 21, I spoke at the PHDays 9 conference. I talked about new methods of Vulnerability Prioritization in the products of Vulnerability Management vendors.

PHDays9 new ways of prioritizing vulnerabilities

During my 15 minutes time slot I defined the problems that this new technology has to solve, showed why these problems could NOT be solved using existing frameworks (CVSS), described what we currently have on the market and, as usual, criticized VM vendors and theirs solutions a little bit. šŸ™‚

Continue reading

Code IB 2019: Vulnerability Management Masterclass

On March 29, I held one hour master class “HOW to avoid excessive formalism in Vulnerability Management process” at Code IB Profi 2019. Everything went quite well and I’ve got 88% positive ratings. Not bad result ^_^.

The main feature of the conference was a very special audience. The only way to visit this event was to buy a real ticket (there were no promotional codes, invites, free tickets from sponsors, etc.). So, the people who came were really interested in the content. Target audience: CISO, their deputies, leading experts from all industries. The whole event was up to 200 people, it lasted for 2 days with 4 threads of masterclasses.

This year organizers decided that titles of all masterclasses should start with “How to” (to keep them practical) and there should be checklists for each masterclass as a handout. I am going to translate my checklist Into English and publish it in this blog soon.

In fact, there were 2 masterclasses on Vulnerability Management at the conference! The second was held by Lev Paley. However, our content did not intersect: I spoke mostly about technical stuff (and I criticized VM vendors as usual), and he spoke mainly about the organizational part and high-level processes.

Continue reading

Splunk Discovery Day Moscow 2018

Today I attended the Splunk Discovery Day 2018 conference. It is something like a local equivalent of the famous Splunk .conf. More than 200 people have registered. The event was held in the luxury Baltschug Kempinski hotel in the very center of Moscow with a beautiful view of the Red Square and St. Basil’s Cathedral.

Recently, I have been working more and more with Splunk: I develop connectors, write searches and dashboards, optimize them. Splunk has become the main data visualization tool for me.

Splunk Discovery Day Moscow 2018

Video from the event (27 minutes). This is NOT a complete recording of speeches, but rather some fragments and slides.

At the same time, I make most of data analysis with my own Python scripts. Currently this approach seems more effective. But as for providing final results in a beautiful way and making various notifications, in this sphere Splunk is really convenient and useful. Of course, I can make own a Web GUI application that will do something similar for my tasks, it doesn’t make sense if there is an Enterprise level tool that is very good for this.

My tasks are not quite typical for Splunk clients from Security Teams who look at it in the context of SIEM and SOC mainly. Asset Inventory is actually similar to Business Intelligence: almost all connectors are non-standard, and there are no strict requirements for real time (we operate with days and months, not seconds). We have same approach: “Bring some data to Splunk and get insights from it.” And in this sense, it is great that this event was NOT for the information security experts mainly.

It was mentioned a lot that Splunk is primarily a tool for Business Intelligence. And it’s not just for geeks. Splunk is preparing a mobile application with augmented reality, technologies for recognizing requests in natural language and voice. I think this is all mainly for fun, but the trend for casualty is clear.

Continue reading

ISACA Moscow Vulnerability Management Meetup 2018

Last Thursday, September 20th, I spoke at ISACA Moscow “Vulnerability Management”Ā Meetup held atĀ Polytechnic University. The only event in Moscow devoted solely to Vulnerability Management. So I just had to take part in it. šŸ™‚

ISACA VM 2018 Alexander Leonov

The target audience of the event – people who implement the vulnerability management process in organizations and the employees of Vulnerability Management vendors. I noticed groups of people from Altex-Soft (Altx-Soft), Positive Technologies and Vulners.

It was very interesting to see such concentration of Vulnerability and Compliance Management specialists in one place. Questions from the audience were relevant and often concerned the weaknesses of competitors. šŸ˜‰ Here I will make a brief overview of the reports. You can also read here about previous year event at “ISACA Moscow Vulnerability Management Meetup 2017“.

Talking about the audience, there were fewer people than last year, but still a lot:

ISACA VM 2018 auditorium small

The event was recorded. I will add video here as soon as it’s ready.

upd. Video in Russian. My presentation starts atĀ 1:35:56

The event was conducted entirely in Russian, including all the slides. So, maybe I will make English subtitles and voiceover, at least for my part.

Continue reading

PHDays8: Digital Bet and thousands tons of verbal ore

It’s time to write aboutĀ Positive Hack Days 8: Digital BetĀ conference, which was held May 15-16 at theĀ Moscow World Trade Center. It was the mainĀ Russian Information Security event of the first half of 2018. More than 4 thousand people attended! More than 50 reports, master classes and round tables held in 7 parallel streams. And, of course, impressive CTF contest for security experts and hackers with an fully-functioning model of the city.

Hack Days 8: Digital Bet

I was very pleased that there was a separate section dedicated to Vulnerability Management. Something similar happened only at ISACA meetup last year. But here we had an event for several thousand people!

The session was held in Fast Track format: 20 minutes for the presentation and questions.Ā I was the first to speak. My report was called “Vulnerability Databases: sifting thousands tons of verbal ore”. Here is the video:

And here’s a link to the version with only Russian sound track.

Continue reading

SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks

Today I spoke at SOC Forum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits šŸ˜‰ . And lots of my good fellows.

SOC Forum 2017 Alexander Leonov

The event was held inĀ Radisson Royal Congress Park. There were three large halls for presentationsĀ and a huge space for exhibition/networking.

I would like to mention Š° stand of Positive Technologies. They have shown today their new PT Security Intelligence PortalĀ with dashboards for executives and joint service with Solar Security for providingĀ GosSOPKA functionality. Some stands were dedicated to Russian governmentĀ Information Security initiatives: GosSOPKA, BDU FSTEC vulnerability database and FinCERT of the Central Bank of Russia.

During my presentation, I was talking how massive malware (ransomware) attacks can be useful for an organization. Quite a provocative topic, right? šŸ˜‰ I meant it in the sense that all the hype around malware attack can help Information Security team to do the the following things:

  • Establish useful policies, like mandatory Windows host reboot after patch installation
  • Ban some convenient, but dangerous functionality, like smb file sharing between workstations
  • Implement useful processes, like system hardening (e.g. against mimikatz) or continuous processing of CERT (FinCERT) bulletins

Continue reading

ZeroNights 2017: back to the cyber 80s

Last Friday, 17th of November, I attended the ZeroNights 2017 conference in Moscow. And it was pretty awesome. Thanks to the organizers! Here I would like to share some of my impressions.

my photo ZeroNights 2017

First of all, I want to say that two main Moscow events for information security practitioners, PHDays and ZeroNights, provide an excellent opportunity to meet all of the colleagues at once and to synchronize current views on important information security issues, including, of course, Vulnerability Management, the most relevant for me. My opinion is that this year’s behind-the-scene conversations were especially good. And this is the most valuable characteristic for the event.

Every ZeroNights event has it’s own style. This time it was some geeky cyber retro from 1980s, like in popular cult movie Kung Fury. The place was also changed from familiar Cosmos HotelĀ  to ZIL Culture Centre. It is the largest Palace of CultureĀ from the Soviet Moscow times. The combination of US 80s cultural artifacts, RETROWAVE music with Soviet-style interiors (including, for example, statue of Lenin) made a pretty weird combination, but I liked it =)

I was unintentionally taking photos using some strange mode in camera and recorded a very short video fragment (3-5 seconds) for each photo. I decided to combine this fragments in a small video. This does not make much sense, but, perhaps, someone will find this “time-lapse” interesting šŸ˜‰

Among the great presentations and workshops, there were also a small exhibition. This year there was two Vulnerability Management vendors: Beyond Security and Qualys.

Continue reading