- This event has passed.
ISSA Sacramento Chapter Meeting
Jun 18 at 11:30 am - 1:00 pm
**Please use the source link below to confirm event details**
Description: The main goal of hackers is undetected access in your network (dwell time). The longer they go undetected, the greater their potential theft from and damage to your organization. File Integrity Management (FIM) is intended to detect and remediate unauthorized and malicious software installation and use. Traditional FIM has two Achilles Heels: (1) It’s a snapshot in time and (2) it can be evaded by the SHAttered Attack or similar spoofing techniques. Depending upon how frequently a FIM system is performing its integrity checking, it might miss the temporary introduction of unauthorized software, or worse, allow a serious breach to occur before it’s detected. Further, attacks such as the SHAttered Attack spoof the identity of known good software in order to evade detection. Using a Real-Time Execution Control paradigm with App identity anti-spoofing technology addresses both of these vulnerabilities in FIM. Applying the same file identity anti-spoofing and trust-listing technology to data files provides granular control of who can access and modify data files using an out-of-band user and admin file access control validation that will prevent even root/admin users from accessing, copying or modifying data. Applying this trust-listing technology to command-line parameters controls Living-off-the-Land attack usage of commonly enabled command-line tools. Combined, these technologies exceed the protection provided by SELinux which itself can be manipulated by users with root admin privileges.
Speaker Bio: Steven “Ziggy” Shanklin, CEO and Founder of White Cloud Security, Inc., is a leader in groundbreaking development for the cyber-security industry. Ziggy was the Director of Software Development for two cybersecurity startups acquired by Cisco Systems, Wheelgroup Corp (1998) and Psionic Software (2002). Prior to starting White Cloud Security, where he invented their breakthrough patented “App Trust-Listing” technology, he was the VP of Engineering at Coretrace, Inc, an application whitelisting company acquired by Lumension Security (2012).
Ziggy holds ten patents for cybersecurity technology at Cisco Systems, Inc. (Wheelgroup Corp, Psionic Software) and White Cloud Security, Inc.