Presented at
Black Hat USA 2019,
Aug. 8, 2019, 9 a.m.
(25 minutes)
<p class="p1"><span class="s1">Protecting public facing assets is becoming increasingly problematic for any company with an online presence today. Growing online communities providing pre-built tools to easily bypass traditional defenses and a constant tug-of-war between usability and security contribute to this emerging, complex issue.</span></p><p class="p1"><span class="s1">What if we could force malicious actors into our own, controlled, battleground and move the attack surface away from our assets?</span></p><p class="p1"><span class="s1">By directing attacks away from the target website and onto our own environment, we force them to play by our rules. We can use this ‘attack surface’ to automatically adapt to new threats, gain direct feedback through network effect, and utilize automated processes and ML to evolve with each attack. This allows us to interrogate a suspect attacker through tests that are difficult to implement directly onto the asset.</span></p><p class="p1"><span class="s1">This talk will outline the practical and hypothetical applications of utilizing third party services as a democratized defense against attackers informed by network effect with an emphasis on the separated ‘attack surface’ introduced above. </span></p>
Presenters:
-
Anna Westelius
- Senior Director of Engineering, Arkose Labs
Anna Westelius is a Security Researcher, analyst and hacking enthusiast. Originally of a network security background, she moved into the web security space to help shape the first commercial anti-scraping solution and has spent the past decade focusing on different aspects of combating distributed automation, botnets, and fraud at scale. She is currently solving fraud and abuse problems as Sr. Director of Engineering for Arkose Labs.
Links:
Similar Presentations: