• ISF Congress Paris, 3-5 November 2013


  • Dr. Stefan Frei, NSS Labs, Francesco Artes, NSS Labs


Cybercriminals persistently challenge the security of organizations through the rapid implementation of diverse attack methodologies, state of the art malware and exploits, and innovative evasion techniques. In response, organizations deploy and rely on multiple layers of diverse security technologies and security threat feeds in an attempt to keep threats at bay and to better understand current threat trends. In this talk we examine the “kill chain” and demonstrate Defense Evasion Modeling™ in order to measure the effectiveness of typical defense technologies such as next generation firewalls (NGFW), intrusion prevention systems (IPS), and end point protection (EPP) to show how the often used strategy of  “defense in depth” doesn’t typically provide the security many professionals think it should. Using empirical data on the effectiveness of security products derived from harsh real-world testing, we will present a live demonstration of our research showing that there is a considerable gap in protection levels within/and across different security product groups. We will graphically map and correlate the exploits that bypass the “kill chain,” isolating the applications or operating systems they target, and link them to cybercrime / penetration testing tools that already deploy inexpensive versions of these exploits.

In part two we correlate data from BaitNET, which detects modern malware & exploits from around the globe to provide actionable information on exactly what combination and versions of deployed software are vulnerable to specific attacks.

Through the massive footprint of BaitNET’s cloud infrastructure, disparate network connections and geolocation obfuscation techniques, we can locate and monitor malware and exploits across the globe and provide detailed threat analysis for each specific region and attacked software.