Courtesy of the University of Swansea:

Speaker Name: Prof. Igor Muttik, Cyber Curio, visiting professor, Computer Science Department of Royal Holloway University London

Date: 5th May, 2021
Time: 4-5pm
-------------------------------------------------------------
Zoom details:
https://swanseauniversity.zoom.us/j/97672719265?pwd=bTVVaW5VeklweER3QnFOR0QzNklPQT09
Meeting ID: 976 7271 9265
Passcode: 889176
-----------------------------------------------------------

Title: Catching Future APTs

Abstract: The most sophisticated APTs use “low-and-slow” approach -- they attempt to hide and masquerade their actions and spread them over a long period of time and, often, over multiple network hosts. For security solutions to be able to make sense of these hidden and spread events and spot the APT activity they must have access to trusted event sources over significant timeframes coming from both endpoints and the network. We discuss the problems related to time span, events’ volume, network distribution and malware using live-of-the-land approach. We cover two major topics: firstly, scalable methods of extracting knowledge from a growing volume of events and, secondly, testing an anti-APT solution. We describe reasoning and inference tools potentially suitable for the job of finding APT which come from the area of Web analytics. The audience will learn about available anti-APT architectures, tools, methods and typical challenges of building and testing an anti-APT system designed to uncover contemporary and future threats.

Bio: Prof. Igor Muttik (PhD) started researching computer intrusions and malware in 1980s when anti-virus industry was in its infancy. He is based in the UK and worked for Intel Security in 1995-2016 focusing on applied security research and innovations in security software and hardware. Igor is a visiting professor at Computer Science Department of Royal Holloway University London. Since 2016 Igor runs his own security consultancy firm Cyber Curio and continues to do research in cooperation with Intel and many universities.

Cyber Incident Review Board: Prospects and Further Development
Rob Knake ( Harvard University )

https://teams.microsoft.com/l/meetup-join/19%3ameeting_YWExZTcxMjMtZDJjMi00MTVkLWI0MTctZmQzNjQ3OTg0MDU2%40thread.v2/0?context=%7b%22Tid%22%3a%22cc95de1b-97f5-4f93-b4ba-fe68b852cf91%22%2c%22Oid%22%3a%228e67c2f1-5613-43a7-a68d-adb8c0b6a29b%22%7d

The Biden Administration is planning to create a Cyber Incident Review Board in the coming weeks to investigate the Sunburst campaign and produce a report to inform government action and private sector defense. How this board will develop following its initial task is an open question. Rob Knake, a Fellow at Harvard’s Belfer Center, has been leading a study on applying lessons learned from aviation safety and other fields to cybersecurity and will provide a preliminary read out of findings at this meeting.

Rob Knake is a Fellow at Harvard’s Belfer Center and a Senior Fellow for Cyber Policy at the Council on Foreign Relations. Rob served from 2011 to 2015 as Director for Cybersecurity Policy at the National Security Council. In this role, he was responsible for the development of Presidential policy on cybersecurity and built and managed Federal processes for cyber incident response and vulnerability management. Rob is co-author of Cyber War: The Next Threat to National Security and What to Do About It and the Fifth Domain: Defending Our Country, Our Companies and Ourselves in the Age of Cyber Threats.

Invitation-only: Contact gwilym.hughes@nuffield.ox.ac.uk for details.