Becoming You: A Glimpse into Credential Abuse

Presented at Black Hat Europe 2017, Dec. 7, 2017, 4:30 p.m. (30 minutes).

In recent years, security threats have exponentially increased, as have the potential solutions to detect and mitigate these threats. The question often is, where in the workflow to deploy respective detection and mitigation strategies that are risk averse while maintaining efficacy. For a given strategy, the idea is to observe the request workflow to determine how the request presents itself in terms of headers and other attributes that describe the request, how the client processes the challenge questions, and how the request is managed accordingly. Detection is managing things we know such as partner bots, aggregators, and search engines. Detection strategies include both request and session anomalies, and more specifically, session tracking, rate detection, workflow validation, behavioral detection, fingerprint anomalies, header anomalies, and cookie validation. Mitigation strategies include alternate actions such as static content and/or honey pots, deny, request rate modification, and tarpit actions using session black-holing. In this talk, we discuss how to detect and mitigate vulnerabilities using CDNs or existing back end platform architecture. CDN based technology helps to offload security protection during request flow versus relying solely on the origin. With or without CDN specific functionality, platform techniques helps to manage security at the earliest point in the request flow across all nodes within the back end architecture in order to correlate data amongst nodes based on attributes and reputational intelligence to provide actionable data to the system.


Presenters:

  • Brent Maynard - Sr. Enterprise Security Architect, Akamai
    Brent Maynard is a Sr. Enterprise Security Architect for Akamai Technologies and has 10 years of experience in the intelligence community, incident response and forensics, and security engineering. Prior to joining Akamai, Brent was the Senior Manager of Cyber Threat Management at a fortune 250 retailer charged with combatting credential abuse.
  • Sonia Burney - Solutions Architect, Akamai
    Sonia Burney is a Solutions Architect for Akamai technologies with 10 years of experience in the web performance and web security spaces. Sonia has spoken at O'Reilly conferences and written a book which covers strategies to improve both security and performance from a front end perspective. Prior to joining Akamai, Sonia worked at various companies as an experienced full stack developer.

Links:

Similar Presentations: