Posted by Virus Bulletin on Jun 28, 2013
We speak to VB2013 presenter Andreas Lindh about his research interests and what he aims to bring to VB2013.
The VB2013 conference takes place this autumn (2-4 October) in Berlin, with an exciting programme that covers many of today's most pertinent security-related topics.
In the build-up to the event we are running a series of blogs in which we introduce the speakers and find out a bit more about their research interests and what they aim to bring to the conference.
Today, we speak to Andreas Lindh (ISecure), who will speak at VB2013 about reducing the window of exposure.
Tell us a little bit about yourself - your job and your responsibilities.
"I work as a security consultant for a Swedish company called I Secure Sweden AB - we are one of the leading providers of competence in SIEM and other security operations technologies in the Nordics. My customers are mainly large organizations in the public and private sector, and my assignments are usually as an analyst or architect.
"My day job consists of digging up and analysing suspicious activity in our customers networks, or acting as an advisor to customers in matters regarding their security architecture. I got into security about 10 years ago although I've only considered myself a security geek for the last 5 years or so."
Can you give us a brief outline of what you will be speaking about at VB2013?
"My talk is about how a lot of corporations are still relying on a traditional, very network perimeter-centric approach to defence, and that the models they are using are not really effective against software vulnerabilities in general, and 0-days in particular.
"In itself, this is nothing new, but as client-side attacks are becoming more and more common at the same time as users are connecting more and more outside of the protected network, this means that an unpatched vulnerability in an exposed piece of software (such as a browser) can quickly become extremely critical. Simply relying on patching has also proven to be insufficient, as several high-profile organizations have fallen prey to undisclosed vulnerabilities lately.
"Even in cases where patches are available, they might take weeks or even months to deploy. Because of this, I feel that a different approach to defence is needed to compliment the layers that already exist. This should be a more system-centric approach, focused on minimizing the impact of a software vulnerability-related breach instead of trying to stop attacks at the gate."
Why is your presentation particularly relevant to the security community?
"I feel that we are not doing enough in this area. Instead of whining about how poor vendor X's track record is when it comes to patching - which is something that we cannot really do anything about - we should focus on providing mitigating methods or alternatives. The whining actually only helps the bad guys, as all the constructive advice tends to get lost in the information security echo chamber. See it as a 'call to arms', if you will."
What can delegates learn from your presentation?
"I hope it will provide a reality check, I think a lot of people don't realize how poor the state of corporate security really is. I will also suggest a method for adding additional layers of defence - something that I think will be especially useful for defenders. What I will NOT do is tell people to go out and buy more blinky boxes, but rather to actually start using the ones they already have. Security tools in general are seriously under-utilized."
What other presentations are you looking forward to?
"I definitely don't want to miss Gunter Ollmann's Pentesting with live malware presentation - that one sounds incredibly interesting. Other ones that I'll try to catch are Stephen Cobb's presentation on big data security, and the vulnerability/exploit disclosure talk by Tom Cross and Holly Stewart."
Have you visited Berlin before? What are you looking forward to seeing/doing whilst in town?
"No, I haven't visited Berlin before, but I'm really looking forward to going. I'm hoping to be able to visit some bars and I'd like to see the Brandenburger Tor and the Berlin Wall."
What else are you looking forward to at VB2013?
"Definitely hanging out and socializing with people who share my interests - that is always one of best things about going to security conferences. There are some people who I've only communicated with online who I'm really looking forward to meeting 'IRL', as the kids say. I'm also a big fan of beer, so I'll have to say the bar too."
Andreas Lindh will present 'Surviving 0-days - reducing the window of exposure' at 11:30 on Wednesday 2 October.
The full programme for VB2013, including abstracts for each paper, can be viewed here.
Read more about why you should attend VB2013 - and download our letter templates as a guide for justifying to your budget holder why you should attend VB2013.