At InterConnect 2016, security research is stepping to the forefront with significant representation from the IBM X-Force research team. The team covers skills and interest areas from vulnerabilities to malware to cloud security and everything in between.
If you’re attending InterConnect, take a moment to look at these original security research topics from our experts in X-Force.
Hot Topics: The Internet of Things and Cloud Security
There’s been no shortage of coverage of the Internet of Things (IoT) and the potential security challenges presented therein.
When the midnight toll on Dec. 31 ushered in 2016, I checked out the window and sighed again at the lack of jetpacks. While we’re not zooming around the skyways with combustible fuel strapped to our backs, in some parts of the globe we’re sitting back as driverless cars chauffeur us to and from our destinations. To learn more about the potential hazards of these connected vehicles, check out “Code Is My Co-Pilot: Security and Privacy in Connected Vehicles” with Martin Borrett and Giuseppe Serio.
If you want to get more to the root of IoT and how this collection of nonstandard technologies can introduce new hazards that are often overlooked with standard testing, check out “The Harsh Reality of Security Testing in the World of IoT: Evolve or Fail” with Charles Henderson. In this session, you’ll hear real-world stories about penetration test findings, how disaster was averted, top vulnerabilities you need to know about today and how to build an effective testing program capable of handling IoT scenarios.
Botnets have been troublesome for years, and the emergence of thingbots has raised the stakes. Not only are thingbots used mainly for spamming and distributed denial-of-service (DDoS) attacks, but they also serve a more sophisticated purpose unique to the nature of the things being exploited. Learn more in “Thingbots: The Future of Botnets in the Internet of Things” with X-Force researcher Paul Sabanal.
Earlier this month, the IBM X-Force Ethical Hacking team, led by Paul Ionescu, produced a fascinating paper on penetration testing a connected building. Learn more details from Paul in his session “The Weakest Link: Ethically Hacking the Connected Building.”
The ubiquity of cloud computing has brought new challenges between public and private clouds. To learn more about cloud security and how to bolster defenses in a both public and private clouds, check out what Brad Harris has to say in “Cloudy With a Chance of Showers: Security Challenges in Cloud Computing.”
Making the Most of Malware Analysis
Our X-Force malware researchers have been busy with so many new threats in the market, and we’ve got several sessions scheduled to reveal more about these insidious threats. A nice malware overview from 2015 and predictions for 2016 come from Limor Kessem in “The Evolving Cybercrime Threat Landscape: 2015 and Beyond.” She’ll also lead the charge to drill down a little deeper on the Dyre Wolf campaign in “What Can Your Organization Learn From a Dyre Wolf?”
These malware families and other targeted attacks have common elements and components. The IBM X-Force team has analyzed many types of threats, and we are now at a point where we can use the attackers’ forces against them. During “Cyber Jujutsu: Using an Attacker’s Force Against Himself,” Etay Maor will review some of the common techniques used in targeted threats, cover how attackers perform information sharing and intelligence collection and discuss counter-strategies based on combining information sharing, intelligence collection and implementation and advanced tools.
Real-Life Insight Based on IBM Security Services Experience
X-Force researchers have been hard at work turning real-life monitored incidents into actionable insights. Learn more about the evolution of fraud within “Financial Services, Retail Giants… Gold Mines” with a panel of experts including Nick Bradley, Michelle Alvarez and Robert Freeman. Their discussion will focus on the particular challenges for two industries that rely on reputation and trust for success: finance and retail.
In “Tales from the Trenches: IBM X-Force Incident Response” with Kevin Marker and Daniel Wilson, you can hear more real-life examples of engagements from the X-Force Incident Response elite consultants. They’ll also share industry trends and help attendees better understand the role an external incident response team has within their overall security posture.
Put Collaborative Defense Into Action With X-Force Exchange
Sessions on threat intelligence span a range of options from live demonstrations to feedback roundtables. A good overview session is “Good Guys Collaborate: Insider Info on Threat Intelligence From the IBM X-Force Exchange.” For more insight on making threat indicators actionable, check out Cameron Will’s session “Transform Data Into Applied Threat Intelligence in Minutes With the IBM X-Force Exchange API.”
To explore the social side of security, check out “Social Security: Making the Most of Collaborative Threat Intelligence” with me.
To really dig deep, you can meet the experts of X-Force Exchange or give us feedback on the platform. Join Chris Simmons and myself in one of the two Client Feedback Roundtables on X-Force Exchange or stop by the IBM Security booth in the Expo Hall to see a demo of collaborative defense in action.