Get a MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training - Learn More

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Supply Chain Protection: Stop Remote Code Execution During Runtime

  • Thursday, March 04, 2021 at 1:00 PM EST (2021-03-04 18:00:00 UTC)
  • Satya Gupta, Dave Shackleford

Sponsor

  • Virsec

You can now attend the webcast using your mobile device!

  

Overview

The SolarWinds supply chain attack took everyone by surprise, exposing a bare belly across government entities, infrastructure and enterprises alike. A brutal security failure that relied on perimeter tools, threat hunting and prior knowledge to stop an attack only to find that these tools were powerless to identify and stop a Remote Code Execution (RCE) exploit. The attack surface has grown exponentially, and workloads are the main target.

The SolarWinds attack exposed a giant, gaping hole in the supply chain and cybersecurity as a whole. Just how vulnerable are we? Organizations, institutions, governments, enterprises and critical infrastructure alike have been reeling from this remote code execution exploit, a type of runtime attack that until now has only existed on the periphery.

Existing security tools are not sufficient to secure the supply chain, namely because the most sophisticated attacks are occurring at runtime, a notorious blind spot in organizations. Conventional security tools are not instrumented to detect exploits in memory and do not provide any visibility into runtime. More importantly, they do not provide runtime protection, so evasive attacks that proliferate at the memory level often go undetected for days, months, or even years.

End point protection, perimeter and threat hunting tools wont identify unique malware that already exists in a system. Therefore, effective protection and defense against sophisticated and evasive remote code execution attacks requires new tactics and new tools.

Satya Gupta, CTO and Co-Founder of Virsec, provides detailed technical analysis on remote code execution vulnerabilities in the supply chain. See how the culprits infiltrated and deposited a backdoor into the well-protected SolarWinds software infrastructure, and then into the systems of tens of thousands of users in the SolarWinds supply chain. Watch a live demonstration of the technology that stops remote code execution in its tracks, learn how to identify and prevent these attacks in your own infrastructure, and get best practices to protect your workloads against future or ongoing supply chain attacks.

Speaker Bios

Satya Gupta

Satya Gupta is Virsecís visionary and has over 25 years of expertise in embedded systems, network security and systems architecture. Prior to focusing Virsec to a product orientation, Satya built Virsec as a highly profitable software design and consulting business and targeted data networking, application security and industrial automation projects. Prior to this, he was Director of Firmware Engineering at Narad Networks and Managing Director and Chief Engineer at Eastern Telecom and Tech Ltd.

Satya holds 14 patents (and many more pending) in complex firmware architecture with products deployed to hundreds of thousands of users. He holds a BS degree in Engineering from the Indian Institute of Technology in Kanpur and additional degrees from the University of Massachusetts at Lowell.


Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.