Gigamon is just 2 cool for this article and hosting Kevin last fall at their event. To learn more about Gigamon visit: www.gigamon.com
On October 27 Gigamon customers and partners gathered at Chelsea Piers in Manhattan for the Gigamon NYC Cybersecurity Summit. Participants were dazzled by the “world’s most famous hacker,” Kevin Mitnick, as he delivered a fascinating keynote address on our human susceptibility to social engineering hacks. This was followed by an expert panel discussion on the role metadata can play in security. The event was hosted by Gigamon CTO Shehzad Merchant, and Gigamon ecosystem partners were on hand to share their latest products.
Keynote: The art of deception—How hackers and con artists manipulate you and what you can do about it
Kevin Mitnick spent the ’90s breaking into a string of high-profile telecom systems before pleading guilty and serving nearly five years in prison. Today, he’s a security consultant, and he explained that almost all his exploits involved social engineering, which means conning people with access to sensitive systems to hand over credentials voluntarily.
Mitnick says we place far too much stock in security technology countermeasures, which are ineffective against a motivated hacker using social engineering. As Mitnick puts it, people are the weakest security link, and can be manipulated into unknowingly helping hackers break into their organization’s computers.
He ran through example after example of social engineering techniques used by hackers to get into systems. The bottom line is that we humans have a natural tendency to trust, which opens the door for determined hackers. You can learn more about Minick, hacking, and his company here.
Panel Discussion: How do we secure what we can’t see?
Gigamon Fellow Security Architect Simon Gibson led a lively panel discussion on metadata and reputation scores to secure ICT in the world of evolving network designs, ByoD, IoT, and strong cryptography.
The panel explored these themes:
From highly sophisticated cyber attacks to garden variety malware, how do we defend what’s connected to our network when the perimeter becomes undefined and continues to shift?
In the changing network paradigm, is gathering data about what’s connected to the network and summarizing the information to defend users enough, or do we need a back door to strong cryptography that enables access to the devices?
The panel featured:
- Simon Gibson, Fellow Security Architect
- Bryan Cunningham, Founding Executive Director at the UCI Cybersecurity Research Institute
- Stephen Scharf, CSO of The Depository Trust & Clearing Corporation
- Deirdre Sullivan, Vice President and Assistant General Counsel at the New York Times Company
- John Terrill, Cofounder and CEO of Drawbridge Networks
Here are some key takeaways:
- Metadata makes security problems easier to solve. Terrill stated that security pros now have access to data that’s “not just IPs and ports and protocols. You can stitch it together and know ‘it’s this person, they’re in this physical location.’ There’s a context that we can know and say, ‘Oh, that person should never do that.'”
- Metadata offers visibility in the face of encryption. Scharf noted that his company “has regulatory obligations, and we have a mandate that to monitor traffic as it goes around our network.” But the coming move to the TLS 1.3 standard, with the associated increase in cryptographic strength and prevalence, will make things difficult. “If encryption creates the inability of us to monitor traffic for potential data loss or inappropriate access, then it’s not as useful.”
- Metadata has huge implications for privacy. Sullivan pointed out that while an individual bit of metadata seems anonymous, it’s “one pixelated point of a fine-grained profile. This metadata adds up to a very clear profile of who you are.”
- Metadata is falling under increasing regulation. Cunningham, an attorney, predicted that “there’s going to be a U.S. Supreme Court case that says even if each individual piece of data the government collects on you is not subject to the 4th amendment, at some point when you aggregate enough data, you should’ve gotten a warrant.”
Partner Pavilion
The summit ended on a high note with refreshments at the Partner Pavilion, where Gigamon ecosystem partners were on hand to demonstrate their latest innovations. With that in mind, we’d like to give heartfelt thanks to all attendees, panelists, and our sponsors:
- ePlus
- ExtraHop Networks
- Fast Lane
- GuardiCore
- Gotham Technology Group
- Imperva
- LightCyber
- LogRythm
- Plixer
- Presidio
- Symantec + Blue Coat
Source: Gigamon
