BSidesSF and RSA Conference are an annual pilgrimage for security professionals as they offer unparalleled opportunities for learning and networking with cybersecurity professionals from around the world. They provide access to cutting-edge insights, trends, and innovations in the field, essential for staying ahead in an ever-evolving landscape of cyber threats. The diverse range of sessions, workshops, and keynotes cover a broad spectrum of topics, ensuring attendees gain comprehensive knowledge and expertise.
Being local to the Bay Area, I was able to attend both events. For those not as lucky and had to focus only on RSA, I wanted to share some great insights from the BSides event. I will start with a disclaimer that since there are 4 to 8 sessions running in parallel tracks at the same time, one must pick and choose based on individual interests.
But ultimately unless you can be at multiple places at the same time, you will miss all other sessions that are running in parallel. So please forgive me if I miss a good session as I was not able to time travel like a Marvel superhero. Also, the video and presentations will be available soon on BSides website.
A great photo with my colleagues: Joye Purser, Global Field CTO and Liji Kuruvilla, Cyber Resilient Data Protection PM for Veritas
You can’t spell dystopia without AI.” - Reed London, Opening Remark at BSidesSF 2024
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
Presenter: Scott Roberts
Cyber Threat Intelligence involves collecting and analyzing information about potential cyber threats, including the tactics, techniques, and procedures used by malicious actors. This intelligence helps organizations understand the evolving threat landscape and make informed decisions to protect their systems and data. By staying ahead of emerging threats, organizations can proactively defend againstcyber-attacksand minimize their impact. In this session Scott Roberts highlighted the integration of Large Language Models (LLMs) into Cyber Threat Intelligence (CTI) workflows to augment analyst capabilities, demonstrating efficiency improvements through practical illustrations. It stresses the constraints of LLMs while promoting a cooperative partnership between human analysts and LLMs to bolster proactive cybersecurity measures.
The Secret Life of Secrets
Presenters: Dylan Ayrey and Hon Kwok
This presentation was in the IMAX theater with great sound capabilities and the presenters made full use of it. It highlighted how standards with secrets and API keys evolved and why due diligence is needed while selecting one for your application. Certain API keys feature predetermined prefixes, while others rely on cryptographic methods for security. Some keys have automatic expiration mechanisms, while others necessitate users to provide their own keys. The presentation helped in understanding the intricacies of key design when developing and using an API keys. The talk touched on JWT and OAuth just to name a few.
APT - Advanced Persistent Teenagers: Understanding the Lapsus$ Playbook
Presenter: Benjamin Hering
Unless you were living under a rock you would know about the breaches at Microsoft, Okta, Uber and other big companies. Leveraging the Cyber Safety Review Board's report and public sources, this session explained in great detail how the attacks worked without the use of any zero-day vulnerabilities. It also described the attack playbook that has now outlived the group and inspiring other attackers.
LLMs at the Core: From Attention to Action in Scaling Security Teams
Presenter: Fotis Chantzis, Paul McMillan
In this session OpenAI presenters released an open-source model that can perform various tasks in the secure development life cycle. It can accurately review software design documents and provide security recommendations. One can integrate it in Jira or slack workflows and get real-time recommendations on the changing design of the new product feature while it is being designed or coded. The same infrastructure was used to automate thousands of bug bounty reports that they receive each day for evaluating if a bug report needs additional details, it's not a bug, it's a customer ticket or a real bug report. The system can then classify true bug reports by severity. This was one of my favorite presentations!
Reinventing ETL for Detection and Response Teams
Josh Liburdi
Having helped build XDR products in the past that facilitate detection and response, this presentation was a natural choice for me. ETL (Extract, Transform, Load) plays a crucial role in collecting data from diverse sources such as logs, network traffic, endpoint events, and security sensors. This data is then transformed into a consistent format and loaded into a centralized repository or SIEM. The presenter revealed some unique ETL data co-relation strategies to be deployed before the data hits SIEM. This leads to shorter, understandable, and maintainable SIEM queries for your threat hunt or other purposes.
Attacking & Defending Supply Chains. How we got Admin in your Cloud Again
Presenter: Mile Ruth
A supply chain attack occurs when cybercriminals target the suppliers or service providers of an organization rather than the organization itself. By exploiting vulnerabilities in the supply chain, attackers aim to gain unauthorized access to the target organization's systems or data, potentially bypassing its own security measures. The presenter discussed how reference architectures of our commonly used software supply chain services can lead to outcomes including secrets exfiltration, lateral movement, and privilege escalation in production environments. Ther presenter also discussed best practices to avoid such situations.
Decoding Fraud: The Evolution and Impact of Netflix’s Fraud Metrics
Presenter: Aditi Gupta, Yue Wang
This session from Netflix engineers was a captivating introduction to the unique challenges inherent in devising fraud and security metrics amidst the dynamic realm of evolving threats. Drawing upon case studies from Netflix, the discussion highlighted how these metrics inform strategic decisions and enhance defensive capabilities. The presentation also guided on formulation of custom metrics tailored to the attendee’s organization.
By the end of day 1, I was exhausted with brain overload. Free unlimited lattes with edible vendor froth logos (yeah!) could not keep me going. I did not attend the BSides happy hour as well as the fantastic party (doh!). Please be on the lookout for the ‘Best sessions from BSides – Day 2’ that will be published soon.
Want to learn more about how Veritas helps our customers be cyber resilient? Tune in to ourvirtual broadcast, where we share our latest advances in AI-Powered Cyber Resilience and what they mean for you. Or subscribe to theVeritas Cybersecurity Newsletter on LinkedInfor the latest on enterprise-grade cyber resilience.
