The Road to CEIC 2012 – The Search for the Holy Grail

Jessica Bair The “Road to CEIC 2012” is a series of blog posts on all things CEIC (@CEIC_Conf), before, during and after, from an insider’s point of view.

Who breached your network?!?! Identifying the human behind the attack on your network is the ultimate goal for investigators, and the crux of Tim Mather’s Cyber Response lab entitled The Search for the Holy Grail: Attribution.

I had a sneak peek at Tim’s presentation. Wow, he brings incredible experience and expertise to this lab! Tim is an Advisory Director at KPMG, focusing on information protection and cloud computing security. Prior to joining KPMG, Tim completed a Master’s Degree in Information Assurance from Brandeis University, and is also co-author of the book "Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance”. Previously, Tim was Chief Security Strategist for RSA and Vice-President of Technology Strategy in Symantec’s Office of the Chief Technology Officer. Before that, he served for nearly seven years as Chief Information Security Officer at Symantec.

Tim knows that investigators need to move beyond Internet Protocol (IP) address identification of an attacker. He is going to show you how getting to the device ‘behind’ an IP address, even remotely, is now possible. Tim will explore with you the three ‘levels’ of identification (IP address, device, and user) and share the tools and techniques he uses. His lab will conclude with a discussion about how IP address and device identification might be used to achieve the Holy Grail – attribution (i.e., user identification) for prosecution.

While forensics is usually concerned with ex post facto attribution of tying a specific device to a specific perpetrator, it is even (far) harder to determine a specific perpetrator from a specific system during an attack. This is why Tim became an information security practitioner and why he approaches the problem of attribution differently than a forensics expert.

Attribution is a very difficult problem, and I am definitely looking forward to Tim’s lab!

Jessica Bair
Senior Director, Curriculum Development
@jessicambair

CEIC 2012 – Cyber Response Lab

Tuesday
11:00 AM - 12:30 PM
The Search for the Holy Grail: Attribution
Tim Mather, KPMG
Skill Level: Intermediate

No comments :

Post a Comment