Tag Archives: Mona Arkhipova

SOC Forum 2017: How I Learned to Stop Worrying and Love Massive Malware Attacks

Today I spoke at SOC Forum 2017 in Moscow. It was a great large-scale event about Security Operation Centers. 2,700 people registered. Lots of people in suits 😉 . And lots of my good fellows.

SOC Forum 2017 Alexander Leonov

The event was held in Radisson Royal Congress Park. There were three large halls for presentations and a huge space for exhibition/networking.

I would like to mention а stand of Positive Technologies. They have shown today their new PT Security Intelligence Portal with dashboards for executives and joint service with Solar Security for providing GosSOPKA functionality. Some stands were dedicated to Russian government Information Security initiatives: GosSOPKA, BDU FSTEC vulnerability database and FinCERT of the Central Bank of Russia.

During my presentation, I was talking how massive malware (ransomware) attacks can be useful for an organization. Quite a provocative topic, right? 😉 I meant it in the sense that all the hype around malware attack can help Information Security team to do the the following things:

  • Establish useful policies, like mandatory Windows host reboot after patch installation
  • Ban some convenient, but dangerous functionality, like smb file sharing between workstations
  • Implement useful processes, like system hardening (e.g. against mimikatz) or continuous processing of CERT (FinCERT) bulletins

Continue reading

PHDays VI: The Standoff

A week ago I was at PHDays (Positive Hack Days) 2016 conference. For those who don’t know, there are two main events for security practitioners in Russia: PHDays in May and ZeroNights in November. Day-Night. Like this play on words. =)

phdays_logo

So, it was my 6th PHDays. I visited them all. But on this one for a first time I was as an ordinary visitor and not from organizers side. To be honest, I have never participated in organizing of PHDays, and just seen the final result. So, nothing changed much for me. As usual, organization was at very high level. And it’s not just my opinion, but the opinion of many participants.

Sad things first. And they are likely sad only for me. You know my passion to vulnerability assessment/management systems and scanners. So, despite the fact that Positive Technologies are the organizers of this event and Maxpatrol is still their’s flagman product, it was hard to hear anything related to vulnerability assessment/risk assessment/threat intelligence on PHDays. Isn’t it strange? Could you imagine this at Qualys QSC or Tenable event? Nothing much about critical controls and IT compliance in general.

It’s clear that vulnerability assessment is not already in trends in Russia. All are crazy about SIEM and slightly less about Anti-APT and SCADA security. Sad, but true.

Anyway, I have seen many interesting presentations about honeypots, computer forensics, machine learning and security startups. I also visited a SIEM roundtable with representatives of Positive Technologies, First Russian SIEM (RuSIEM), ArcSight, IBM Qradar, Splunk, and Cisco Systems. More details under the cut.

Continue reading