ceClub: Exploit Mitigation: From Detection to Obstruction

Speaker:
Gal Badishi (Cyvera Ltd., Cyber Defense Solutions)
Date:
Wednesday, 3.4.2013, 11:30
Place:
EE Meyer Building 861

Recent attacks on high-value targets, demonstrate how state-of-the-art defenses fail to protect against APTs (Advanced Persistent Threats). These victims spare no expense and appropriately deploy cutting-edge defenses, such as firewalls, intrusion detection and prevention systems, and anti-virus scanners, as well as novel approaches for detecting zero-day exploits - yet these are ineffective at thwarting determined attackers. In this talk we examine the unsatisfying state of attack-prevention solutions, as well as demonstrate the ease of circumventing the majority of defenses.

We move on to present a fresh security paradigm: extensive obstruction of attacks, rather than an attempt to identify and detect malicious behaviors and attack-related actions, often after the fact. In combining methods such as traps in heap memory and DLL protection, with enhancements to solutions such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), we achieve nearly perfect exploit-prevention rates, even for zero-day exploits.

Further, we’ll discuss the challenges in transforming these mitigation techniques into a commercial-grade product with security modules that can be applied generically to every process.

Bio:
Gal Badishi is the Chief Scientist of Cyvera, a VC-backed startup providing innovative cyber-defense solutions. Gal is a hands-on security researcher, specializing in software vulnerabilities, exploitation techniques, and exploit-mitigation. He received his B.Sc in Computer Science from the Hebrew University in Jerusalem in 2000, and his Ph.D. from the Department of Electrical Engineering at the Technion, Israel’s Institute of Technology, in 2007. Gal has contributed to the Israeli Cyber Intelligence community and acted as a consultant to the IDF’s Cyber Headquarters.

Back to the index of events