Session: Outsmarting IoT Defense: The Hacker's Perspective
Endless patching is a race that cannot be won. To build sustainable, secure IoT solutions we must change that ineffective paradigm.
To appreciate what we can do differently, we should start by considering both the defender's and attacker's perspectives. This session will provide a unique view of that attacker's perspective, from former exploit/attack experts within the IDF Unit 8200. We will review the impossible task of identifying and mitigating all vulnerabilities - and will demonstrate the inadequacies of current IoT security practices focused on continuous patching, static analysis, encryption, and risk controls. We will also explain how attackers can easily evade such barriers.
By contrast, the session will explore methods for achieving embedded, on-device runtime exploits protection to immunize devices from all underlying vulnerabilities, and provide zero-day protection as well. These methods, commonplace in IT endpoint detection and response, are just now finding their way into heretofore unprotected and unmanaged IoT edge devices.
- Review vulnerabilities and the endless race to patch them all - can this race be won?
- Gain a deeper understanding of an attackers perspective with respect to current IoT defenses, and how these are circumvented
- See how we can bring industry-standard security practices, such as RASP, EDR, and zero-day protection, to sensitive IoT endpoints
- Learn how to properly identify the unique behavior of exploitation to give defenders back the advantage
Natali Tshuva brings over 10 years of experience, both as a cybersecurity researcher and a team leader. After graduating magna cum laude B.Sc. in Computer Science at the age of 19, as part of a special program for gifted and talented kids, Natali was handpicked to serve in IDF’s 8200 elite technology unit (the Israeli equivalent of MI6 or NSA) as a security software engineer.
Prior to founding Sternum, Natali held several cybersecurity-related roles, including leading different R&D and research teams for global cyber intelligence market leaders. Natali holds an M.Sc. in Computer Science from Bar Ilan University and when she is in between meetings she rejuvenates with creative writing and all sorts of sports.