Day 2 was a half day of keynotes from Nerdio, Huntress, Threatlocker as well as partner round tables which was an opportunity to ask questions of various speakers and industry professionals.
Here’s a summary of notes and takeaways from day 2 of the Nerdiocon 2023 conference.
Opening Keynote - DEI - Gavriella Schuster - Nerdio Board Member.
Gavriella kicked the day off with an interactive session on DEI and the importance of ensuring that a culture is being built whereby everyone is heard and environments are created to ensure people feel safe.
A few takeaways from the opening comments:-
- Having people with diverse backgrounds, perspectives, opinions, ideas improves team performance and outcomes
- Proactively recognising when there are people that are not comfortable speaking up, and advocate their contribution
- A culture of trust and safety is imperative to a successful team.
We have a number of different characters at FIT and we work hard to ensure people feel safe at work and feel they can say exactly what is on their mind without judgement, it is an important staple of the way we work.
We use insights profiles to understand the different types of personality we have in the business and run sessions on how we can work more cohesively as a team given the different ways that people work. We also adopt the Patrick Lencioni model of the 5 dysfunctions of a team. Some more info on that model is here https://www.runn.io/blog/5-dysfunctions-of-a-team-summary.
We also try live by a mantra of challenge of support and give people space to offer their opinion. As a small business, we can get together as one company and share feedback and as leaders we don’t hold back, whether the news is good or bad, we communicate with the team and ask for honest opinions. It’s an important part of what makes FIT, FIT.
Preparing for the Next Big Identity Risk - Kyle Hanslovan - CEO & Co-Founder, Huntress and Vadim Vladimirsky - CEO Nerdio
The second keynote was led by Kyle of Huntress and Vadim of Nerdio. They make a good double act and their combined knowledge and understanding of their respective fields is really powerful. Last year, they essentially simulated an attack which held everyone’s attention in the room from start to finish. This year the focus was more on what we need to look out for going forward when it comes to hacker behaviour.
Kyle reminded us that within the Microsoft stack, there is a bunch of powerful tools that help mitigate threats:-
- Defender SmartScreen - https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview
- Credential Guard - https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage
- Smart App Control - https://support.microsoft.com/en-us/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003
- IAM - https://www.microsoft.com/en-us/security/business/security-101/what-is-identity-access-management-iam
Following this we were shown a list of companies that inspired the remainder of the keynote:-
The point of which was to say despite all the investment of these companies into their security practices, they were still compromised. A couple of real examples were given whereby user credentials had been compromised and that had led to the environment being compromised.
The anatomy of the Uber attack was shown. Which went something like this:-
- Using MFA exhaustion a users credentials were compromised
- A PowerShell script was stored on an SMB File Share
- That PowerShell script included access credentials for critical services
- Environment was compromised
I appreciate I’ve massively simplified the process, however they point was that a combination of social engineering and some lapses in internal control led to a compromise and that the lines between what is an identity compromise versus and endpoint compromise are more blurred than ever. Identity is now one of the primary attack vectors.
The advice from Kyle and Vadim aside from deploying the Microsoft services that are built in to existing service offerings were:-
- Figure out your fundamentals - Are things setup properly, how can complexity be reduced etc
- Reduce Admin Credential Privileges - Don’t use Global Admin accounts to do any day to day work, don’t even give these accounts emails
- Implement Conditional Access - Reduce the risk of compromise based upon policy
- Monitor Baseline Drift - Continuously assess the security baselines in an ever moving world.
We partnered with Huntress after the last Nerdiocon event and it’s a really powerful tool that over and above what Microsoft offer help us protect our own business as well as our clients.
The security theme continued with an excellent presentation from Threatlocker
The purpose of Endpoint Security - Danny Jenkins - CEO and Co-Founder of Threatlocker
We took a trip down memory lane initially, remembering the good old days where you had to go to PC World to buy software if you wanted to install something and how that evolved to downloading software from sites like download.com in the early stages of the internet.
Danny discussed that in the early days, deploying AV wasn’t seen as a must have, but it made him feel safe. In reality he was a sitting duck and it was only a matter of time before he was hacked.
There are of course multiple threats and multiple remedies, but it’s very difficult to maintain a security posture particularly when humans are involved. He encouraged everyone in the room to email their staff with a “safe application” and ask them to run it to see how many would; the likelihood is that 1/3rd of all people would do it if it came from a known source - and that’s exactly what humans are looking for. Worst than that, 13% of the worlds computers were infected by the “I love you” bug several years ago. People are a worry in this context!
Threatlocker’ technology makes sense. It’s effectively saying:-
- Only known applications can run
- I know what those known applications are supposed to do and therefore I can guard against mis-use and stop apps being able to see everything on the network
- Control the network - closing ports, close RDP and stock those attack vectors.
Couple tech like this with the stack that Kyle talks about in the Microsoft stack and you’re at least reducing the attack service.
This concluded the morning Keynotes and was followed up by a speed dating session with various vendors and community personnel. I spent some time with the guys at Huntress & Rimo3 as we have relationships with these guys already. Topher at Huntress walked us through his approach to implementing a hack - he emphasised many of the messages that have been repeated the last few days:-
- Criminals are operating as businesses - they are their own community and they communicate with each other.
- They’re looking for least path of resistance
- They are informed - they do their homework
- Phishing is the most common route into the network
- It’s hard, but Hacking is also offered “as a service”
A great way to wrap up day 2 of the conference.
About the Author: Mike Starnes
Mike has worked in the IT Industry for over 20 years. If he's not talking technology, he'll be reading, playing football or trying to embarrass his daughters.
