On June 5, Lancope Director of Security Research Tom Cross and Technical Director Jochen Belke will present at CyCon, the annual NATO Cooperative Cyber Defence Centre of Excellence conference on cyber conflict, taking place in Estonia.
At Lancope, Cross heads up the StealthWatch Labs security research team, which continuously investigates attacker behaviors and tactics to help better defend government and enterprise infrastructure. He will join LTC David Raymond of the Army Cyber Center at West Point to deliver a session entitled, “Key Terrain in Cyberspace: Seeking the High Ground.” In military terms, key terrain refers to areas which, if seized, afford an advantage to an attacker or defender. This talk will deconstruct and analyze cyber key terrain, and discuss its similarities and differences in comparison to physical key terrain.
A careful consideration of military terrain in the context of cyberspace leads to the insight that defenders might benefit from focusing more on deception as a part of their defensive posture. In cyberspace, key terrain can be moved, and it can be reorganized in such a way that it ceases to be valuable. A defender could lure an attacker into targeting a piece of key terrain that seems to provide access to a valuable asset, and then change the nature of that terrain once it is compromised. This approach expends attacker resources and forces him or her to reveal capabilities and techniques.
Although honeypots have been a part of defensive approaches to protecting computer networks for a long time, traditional approaches to constructing them have not always kept up with modern attackers and their tactics. It is important to design honey pots that are truly attractive to the kinds of adversaries an organization is most concerned about encountering. A good honeypot should appear to be a key piece of terrain in order to attract an attacker’s attention.
On the same day as Cross’ presentation, Lancope Technical Director Jochen Belke will join Cisco to co-present a keynote at CyCon entitled, “Intelligent Cyber Security for the Real World.” To gain intelligent visibility and leverage information collected from the network fabric, Cisco has partnered with Lancope to offer an end-to-end Cyber Threat Defense solution. This session will examine how network logging technologies such as NetFlow can be used to detect sophisticated cyber-attacks, accelerate incident response and improve forensic investigations.
Further details on Lancope’s CyCon sessions can be found here.
TAGS network security, lancope, cyber threat defense, cyber warfare, cycon