As a defender we have a hard enough time getting budget or the proper tools to analyze internet traffic properly. And even if we do, the sheer amount of data needed to correlate and identify a malicious request vs. a request that could be making your company money is daunting. Attackers don’t make that job any easier. By obfuscating their attacks, they attempt to make their requests look like all your normal web traffic. In this talk I’ll be covering some of the real world attack obfuscation techniques adversaries have attempted against some of the top global Internet companies and what we can learn by observing their tactics in order to develop better defenses.
Speaker: Tony Lauro
Tony Lauro is Director of Security Technology & Strategy for Akamai Technologies. He’s been involved with Information Security since the late 90’s when he worked for a large US based telecom provider and started their security team to aid in investigations of malicious exploitation as well as fraud and abuse of their systems. In the summer of 2000 Tony founded the DFW Wireless Users Group. Meeting on the topics of wireless security, antenna making, and hacking, this group eventually grew to over 700 members worldwide with over 50 members meeting in person monthly. Since then, Tony has consulted in many verticals including finance, automotive, medical/healthcare, ecommerce, enterprise, and mobile applications where he built the security team for a mobile payments startup which eventually was sold to Google. He is currently responsible for consulting across Akamai’s North / Central / South American clients advising in the areas of adversarial resiliency, security architecture, and cyber security strategy. Tony has competed in submission grappling and Brazilian Jiu Jitsu tournaments, defensive firearms training, was once a sponsored skateboarder (and still skates even though everything hurts) and enjoys gaming, hacking things, building things, and hanging out with his wife and kids in Dallas, Texas.