Matasano Chargen » Blog Archive » Black Hat Extrusion Detection Encore: Next Wednesday, OWASP Chicago

Black Hat Extrusion Detection Encore: Next Wednesday, OWASP Chicago

Thomas Ptacek | August 27th, 2007 | Filed Under: Gatherings, Uncategorized

Come see Eric Monti reprise our Black Hat talk on Extrusion Detection and Content Management and Filtering systems. Next Wednesday, September 5th, at Chicago OWASP. From the abstract:

Some “Extrusion Detections” products rely on network gateway IPS/IDS approaches, whereas others work in a way more closely resembling host-based IDS/IPS. The main difference is that instead of detecting/preventing malicious information from entering a company’s perimeter, they focus on keeping assets inside.

We’ve been evaluating a number of products in this space and have run across a large number of vulnerabilities. They range from improper evidence handling, to inherent design issues, all the way to complete compromise of an enterprise, using the Extrusion Detection framework itself as the vehicle.

Capsule summary: Eric and I got a chance to test several market-leading “Extrusion Detectors”. None of them emerged unscathed. Eric will talk about the techniques and methods we used to pick these black-box systems apart, and what types of vulnerabilities we found.

Chicago OWASP is open to all comers, but you do need to RSVP to Jason Witty (jason at wittys dot com) sometime before next Tuesday. Meetings are held in the LaSalle Bank building on Madison. Check the OWASP page for more details. See you there!

Viewing 4 Comments

Eric Monti 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

We covered this some at Black Hat too, but at OWASP, the talk will be focusing more on attack patterns, less on "the product space" specifically.

See you there.

reply edit reblog flag

http://www.matasano.com/log

dre 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Augusto Paes De Barros just blogged about data leakage prevention and honeytokens, which I thought was an interesting read.

He poses some questions of whether honeytokens are being used, what vulnerabilities they present, and a question of why they aren't typically built into DLP products.

I would want to add digital watermarking and clipping services to that list. Aren't they really good ways of doing extrusion detection? Why is every vendor answer to every security problem typically an appliance or software "scanning" tool?

reply edit reblog flag

Thomas Ptacek 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Because the two most valuable pieces of enterprise IT real estate are inline at key network aggregation points, and host-resident in the standard desktop or server build.

reply edit reblog flag

http://www.matasano.com/log

christopherhsshanes 1 week ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Wackyland. At the same time there’s a part that insists on holding it at bay, as if he’s self-conscious of his own desire to immerse, and thus be like one of those wigga wannabes who desperately and comically seek to emulate what they’re not (some things haven’t changed). I www.chase.com only wish that this tension was more in the foreground instead of something that might be something I’m reading into based on what I see here and have seen in his other films. As it is there’s no question the film is offensively racist,

reply edit reblog flag

1 /people/christopherhsshanes/ /people/christopherhsshanes/following/

Black Hat Extrusion Detection Encore: Next Wednesday, OWASP Chicago

Add New Comment

Viewing 4 Comments

Add New Comment

Trackbacks

People We Read

Things We Write

RSS Feed

Archives