DDoS Threat Landscape & Defensive Countermeasures
Must purchase a SIA Education@ISC West package to attend
April 06, 2017, 8:45 AM - 9:45 AM
Location: Sands 305
October 2016’s attack on Dyn’s DNS infrastructure was a gloomy wake-up call to the online community at-large, depriving us access to some of the online destinations and applications we use every day, thereby confronting us with the stark reality of an old and ever-growing threat with which the InfoSec community has been grappling: DDoS Attacks.
As we look at the role that “Internet of Things” devices played in the attack against Dyn, as well as the attack against Krebs prior to it, we will dive into the DDoS attacks Threat Landscape: Symptoms, Motivations, Business Impact & Attack Vectors. Having thereby gained a better understanding of our exposure to these threats, we’ll then explore Defensive Countermeasures with a strong emphasis on preparedness ahead of these attacks, including:
- Reducing Attack Surface
- Monitoring: Availability, Performance & Search Engine Visibility
- DNS Redundancy Planning
- Web Application Scaling Strategies
- Mitigation Vendor Fit Assessment
- Attack Mitigation
Founder, HiveWind, LLC
About: Chris Holland is the Founder of HiveWind, LLC, a consultancy specializing in the research and development of best-of-breed DDoS mitigation solutions. Throughout a career spanning more than 20 years, Mr. Holland has held Sr. Engineering and Leadership roles for small and large successful publicly-traded companies such as EarthLink and Internet Brands, serving business models across Content, Commerce, Travel & Finance on a wide variety of technology stacks including Java/J2EE, PHP/LAMP and C#/.Net, catering to audiences over 100 million monthly visitors.
Directory, Security Solutions, Verizon Digital Media
About: Tin Zaw has served as Verizon Digital Media Services’ director of global security solutions since 2015. He and his team provide managed and professional web security services for clients' web properties. He launched the services during his first year at Verizon and continues to grow the operations each year.
Prior to joining Verizon, Zaw led web and product security teams at AT&T and Intuit. He previously designed and implemented security products at Symantec for 100 million plus users worldwide and participated in the early days of the web infrastructure at Inktomi, which later became part of Yahoo!. He started his career by programming network protocols at QUALCOMM and Cerner.
A long-time volunteer with OWASP, Zaw is a former president of its Los Angeles chapter and currently co-leads the OWASP project on Automated Threats to Web Applications. He received the OWASP Chapter Leader of the Year award at the AppSec USA conference in 2013.
Zaw graduated with a bachelor’s degree in computer science from Pittsburg State University, Kansas. He obtained a master's degree in computer science from the University of Southern California and an MBA from the USC Marshall School of Business.
Vice President & Chief Information Security Officer, AppDynamics
About: In his current role as Vice President and Chief Information Security Officer at AppDynamics, Craig is focused on building and scaling a strong information security practice to protect company data and ensure customer trust. Craig’s strategy is forward-leaning and centered on driving proactive, risk-based and data-driven decisions to enable business. Craig is passionate about leveraging security to develop customer trust as the business of security evolves from imperative to competitive advantage. As a technologist at heart, Craig thrives on translating the technical complexities of cybersecurity as a function of corporate risk management for the Chief Executives and the Board Room. Prior to AppDynamics, Craig was the Vice President and Chief Security Officer for FireEye where he built and led the company’s first information security and risk management practice through IPO in September, 2013. Prior to FireEye, Craig launched the first Security Architecture practice at Pacific Gas & Electric Company. There, Craig was focused on building resilient security architectures to protect the company’s critical infrastructure and went on to lead the Company’s cybersecurity strategy along with a team dedicated to advising the business and Chief Executives on cybersecurity risk. Craig has been practicing and consulting in the field of information technology and security for over 20 years.