Data Exfiltration - not just for Hollywood

Iftach Ian Amit

Type of lecture: lecture
Language: EN
Held on 2011-06-18 18:00:00 (length: 50 min)
Location: Area 1

The industry is saturated with penetration testing experience and has adapted itself to test organizations using 'best practice' methodologies over the past decade or so. With not a lot of changes happening in the field, organizations find themselves on the defense with not a lot to account for when data breaches happen. In this presentation we will offer an alternative view of how a security test is done, with a strong focus on data exfiltration techniques employed by advanced attackers and criminals. After an overview of how the initial phases of how an attacker would infiltrate a business (common knowledge), we will explore the targeting considerations when choosing what to look after, as well as advanced techniques for getting the data out without being detected.
Finally, some approaches to data monitoring and control would be proposed in order to mitigate the techniques that are already in place and have affected large organizations.

With more than 10 years of experience in the information security industry, Iftach Ian Amit brings a mixture of software development, OS, network and Web security expertise as the VP Consulting of the top-tier security consulting and research firm Security Art. Prior to Security Art, Ian was the Director of Security Research for the Content Security Business Unit at Aladdin Knowledge Systems, where he created the AIRC (Attack Intelligence Research Center). Prior to joining Aladdin, Amit was Director of Security Research at a global Internet security company, leading its security research while positioning it as a leader in the Web security market. Amit has also held leadership roles as founder and CTO of a security startup in the IDS/IPS arena, developing new techniques for attack interception, and director at Datavantage responsible for software development and information security, as well as designing and building a financial datacenter. Prior to Datavantage, he managed the Internet application and UNIX worldwide. Amit holds a Bachelor's degree in Computer Science and Business Administration from the Interdisciplinary Center at Herzlya.

Attached files: All slides in pdf format