Robin Bay

back  Back...

APT ... doesn`t matter

I’ve done Proof of Concepts of Breach Detection Systems (BDS) or auditing of security in many companies and most of them wished, I would find nearly nothing. More time I had for hunting more security issues I had found. Security mindset (capability of generating attacks, not just detecting them) is absolutely essential. But the most important thing for finding any kind of APT was always, just time. I will try to show you what and how I was trying to find at customer networks, what to focus on and what kind of tools has been used. For example, what kind of capabilities sandbox has to have. What functionalities BDS need to have to find out some kind of APT, which nearly always exist in a network, but is hidden to customer. What is necessary to have on network and endpoint layer for basic forensic investigation of typical malware incident. Forensic investigation is most intensive for knowledge and time resources from all things company need to do after wakeup call from real APT findings. Why 0-day filters are really important in any IPS system, in other words protection for attacks where no patch exist yet on specific vulnerability. Why trained ethical hacker is still much better, than any kind of artificial (automatic) intelligence. With growing number of vulnerabilities every year, migration to THE CLOUD, encryption of EVERYTHING (even BBC.COM), new protocols like TLS 1.3, catching the bad guys is more and more difficult. Better fun it is! We say, if you like it, you are doing it right. And security is something you should like a lot! For your own sake…

Robin Bay



Diploma Thesis: Securing Distributed Pee-2-peer file system (word CLOUD did not exist in those times). Worked in 3 companies within 20 years, always as a Security Engineer. Mostly working with products like Hardware Security Modules, authentication products, link encryptors, certification authorities, IDS/IPS, sandboxing, securing cloud, auditing firewalls, etc. Last 3 years working for Trend Micro, mainly securing data centers, cloud apps/servers, auditing networks with Breach Detection Systems and others. Dream: Forensic Investigator.



back  Back...

is2 banner bw en

Contact us

TATE International s.r.o.
Hořejší nábřeží 21, 150 00 Praha 5

phone  Phone: +420 737 215 220
email  E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.


Na naší webové stránce používáme cookies. Některé z nich jsou nutné pro běh stránky, zatímco jiné nám pomáhají vylepšit vlastnosti stránky na základě uživatelských zkušeností (tracking cookies). Sami můžete rozhodnout, zda cookies povolíte. Mějte prosím na paměti, že při odmítnutí, nemusí být stránka zcela funkční.

Back to top