Defensive Track

Download schedule (PDF)

WAF in scale

Speaker: Alexey Sintsov

WAF itself – like, for instance, ModSecurity – is quite a nice and cute product. Especially if you have a cozy little server of your own. But when we are talking about WAF for a thousand servers in different regions and data centers, when you get loads of False Positives and just garbage in your network, but you’d like a useful system to work on corporate servers independent of the project developer’s location and team – in this case, you’ll have to meddle with the machinery.
Solved tasks:
  • Automatic ModSecurity installation amidst chaos: who needs it, and who rather does not?
    • Solution transparency for the customer
    • At the same time, management flexibility, and for the customer, too
  • Rule development and support
    • Input & output control
    • Unit testing of the rules
    • Version control and incident response
  • Event monitoring and alerts 
You will hear about the solution architecture and how the infosec team supports and develops a system used by a good dozen of developers and DevOps.
Analysis of the results, pros and cons of the solution.

Building a complex incoming mail analysis system based on OpenSource solutions

Speakers: Alexey KaryabkinPavel Kulikov

When the security of a modern enterprise is established, corporate mail stays one of the most vulnerable channels. On the one hand, you can use Fireeye-style proprietary solutions, which will cost you tens to hundreds of thousands of euro; on the other hand, you can build an OpenSouce-based solution, where TCO is comprised of the cost of a few virtual machines and the salary of one employee.
This presentation will feature both the description of the developed system and the demonstration, with an inbox e-mail containing a malicious attachment used as an example.

SMM monitoring guarding the security of Internet services

Speaker: Karim Valiev

Social media monitoring is one of the most important lines of business for a striving to be responsive to security threats. Today, social media are increasingly serving as a communication platform for hackers, where they upload leaked passwords, discuss malicious plans, and share their experience with scriptkiddies. In my talk, I will tell you how to build a social media monitoring system efficiently, what are the resources where we fish out most of the relevant discussions, and what the response scheme looks like.

DPI as a means of access segregation in a corporate network

Speaker: Igor Bulatenko

We will tell you how to move from a million ACLs on firewalls to a million groups in AD.
  1. Classic access control (ACL)
  2. Reasons why ACL is ineffective
  3. DPI and the means for creating them
  4. Concept of access segregation in a corporate network with the help of DPI
  5. Management facilities. Bindings to AD groups, unified group membership management center
  6. Guess my problem, dude. What does the user want?
  7. Unlimited access, diagnosing problems, and external hardware log storage
  8. Pros, cons, pitfalls

Preventing mobile malware in CSP's network. Android honeypot for antifraud

Speakers: Nikolay Goncharov, Denis Gorchakov

We will speak about a makeshift anti-virus laboratory within one of the Big Three communication service providers.
To fight content, banking, and payment Trojans on a mass scale, we have designed and are developing a software-hardware system based on smartphones and a client-server application. It is used to discover botnet C&C, virus behavior signatures, and mobile numbers used to accumulate fraud output. This system tries to solve the issue of automating the tasks of gathering statistics and bypassing anti-virus checks smartly. It also helps to find and protect customers with infected smartphones. In the end, it fits marvelously into the CSP’s whole antifraud chain together with other solutions.
We will explain how it works, what it is good for, how to use the CSP’s capabilities and power to fight malware.
Official support:
Gold sponsor:
Silver sponsor:
Silver sponsor:
Silver sponsor:
Title media partner:
Gold media partner:
Silver media partner:
Strategic media partner:
Strategic media partner:
Media partner: