Presented at
Summercon 2015,
July 17, 2015, 11 a.m.
(50 minutes).
As we all know, computer security products are completely infallible and, themselves, totally secure. Furthermore, Data Loss Prevention (DLP) solutions are, hands down, the panacea for all data leakage woes. But, we decided to pretend for a minute that they weren't, AND YOU WON'T BELIEVE WHAT HAPPENED NEXT! Despite a plethora of data security and protection standards and certifications, companies and their systems are still leaking information like a sieve. With deployment models ranging from a fat agent on an endpoint, to a blinky-lights box surveilling all network traffic, to some unified threat management gateway with DLP secret sauce, these solutions are ripe for bypass - or worse. This talk will discuss our previous and current research into a handful of DLP solutions, including their capabilities and their shortcomings. We will demonstrate flaws in administrative and programmatic interfaces and the inspection engines themselves. Additionally, we will revisit the tools and techniques we used to discover these issues.
Presenters:
-
Zach Lanier
Zach Lanier is a Senior Research Scientist with Accuvant Labs, specializing in various bits of network, application, mobile, and embedded security. Prior to joining Accuvant, Zach most recently served as a Senior Security Researcher with Duo Security. He has spoken at a variety of security conferences, such as Black Hat, DEFCON, CanSecWest, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the "Android Hackers' Handbook" (Wiley, 2014).
-
Kelly Lum / Aloria
as Kelly Lum
Kelly has "officially" worked in Information Security since 2003, and is currently a Security Engineer at Tumblr where she brings her decadeâs worth of application security experience in the financial and government sectors to the microblogging world. She regularly speaks about reverse engineering at various conferences, including BlackHat, SummerCon, and Countermeasure. Additionally, she teaches as an adjunct professor of Application Security at NYU.
Links:
Similar Presentations: