Boston Security November 2024 Meetup

Important Notice

All meetup venues we currently use require us to provide a list of names (First & Last) to their door security so they can check people in at the time of the event. We are also required to bring "a picture ID" that matches the name we provide at the time of registration. Please be mindful of this requirement and provide the necessary information to ensure a smooth check in process at the door. Thank you for your cooperation - the management!

ONLY HUMANS ALLOWED AT THIS EVENT

What: We continue to our two talk format. We also will have a cool sticker swap and show & tell slot.

>>> Bring your favorite stickers and tell us where you got it. Bring extras and swap it with fellow security enthusiasts at the sticker swap table! <<<

Talk #1 - CyberDyne Ventures Presents: Project Skynet by Craig Chamberlain

Description - Alerts, and alert management interfaces, are a hot mess. Alert rules are being cranked out in great quantities, and at great speed, to satisfy product marketing teams. Alerts born of lab results intended to satisfy "one hundred percent compliance" with various intrusion set matrices are sometimes shipped without regard to efficacy, precision, recall, noise, or scale. Machine learning alerts are sometimes thrown into alert queues without regard to real-world efficacy or actionability at scale when turned into atomic alerts. So-called "circuit breakers” are often seen as a quick fix for alert volume or noise but tend to create significant evasion conditions in the process. Sometimes we have a split brain problem where EDR, network, and cloud events, and associated detection artifacts, are in three different tools, products, or interfaces, users are expected to connect the dots manually from data in multiple tools. Compounding this is a tendency to place alerts in tables or lists, possibly because security tools evolved that way. Cloud security tools put vast numbers of low-signal benign events and unrealized risks in alert pages and attack graphs in order to “create value.” There has to be a better way.

As an alternative to this madness, we are plotting alerts and detection artifacts in graphs, centered around entities, and are going to use a combination of heuristics and machine learning to present, decision, and prioritize constellations of detection artifacts according to their weight. An example of what we mean by weight is the diversity of the types of detection artifacts in the constellation. A constellation containing a mix of complimentary detention artifact types has a high weight as this kind of correlation and corroboration tends to produce more TP candidates. Using this approach, we can distill large numbers of alerts and detection artifacts into a small number of sets, consisting of constellations, that are actionable and deserving of some level of attention.

Speaker - Cyberdyne Ventures is a research group consisting of a mix of security researchers and data scientists. Craig Chamberlain has been working on threat hunting and detection for most of his life and has contributed to several SIEM-like products you may have used. Most of them had unnecessarily simple alert pages and workflow, which makes him sad, and this is his attempt to put things right. He has presented at numerous conferences including the SANS Threat Hunting Summit; RSA 2024; CactusCon; the ISC2 Congress; SOURCE Boston; and several B-Sides conferences in Washington DC, San Francisco, NoVA, Boston, and Rochester. Rewanth Tammana is a security ninja, open-source contributor, and an independent consultant. Previously, Senior Security Architect at Emirates NBD National Bank of Dubai). He is passionate about DevSecOps, Cloud, and Container Security. He added 17,000+ lines of code to Nmap. Rewanth speaks and delivers training at numerous security conferences worldwide. He was recognized as one of the MVP researchers on Bugcrowd (2018), published an IEEE research paper on ML and security, and more.

Talk#2 - Enterprise Risk Management by John Faria

Description - So I’ve been working on my Master’s degree in ERM at Boston University. I’ve learned a TON about risk management (and security) from a non-technical and business perspective. I’d love to share some of my learnings with the group.

Speaker Bio - John is a network defender in the Boston area. He tracks C2 servers in his free time and helps organize workshops for our local DEF CON group, DC617. John has recently started pursuing an M.S. in Enterprise Risk Management at BU

When: November 21 2024, Doors Open 6:30 PM

Where: FHLBank Boston - Prudential Center
800 Boylston St,
6th Floor
Boston,MA