Top Cybersecurity Training Protects Your Assets - Learn From the BEST and Apply New Knowledge Immediately!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

New Threats Posed by Misuse of Legitimate Websites, End-to-End Encryption Technologies and Countermeasures, A SANS Technology Institute Masterís Candidate Presentation

  • Wednesday, October 18, 2017 at 10:30 AM EST (2017-10-18 14:30:00 UTC)
  • Paul Tang

You can now attend the webcast using your mobile device!



A traditional exploit kit or malware payload hosts on a compromised website that may be poorly managed by a small or medium-sized company which may not have access to resources for information security. The malware may not have any protection. A reputation-based secure web gateway can identify the malware straightforwardly. However, a recent study conducted by researchers from the Georgia Institute of Technology, Indiana University Bloomington and the University of California Santa Barbara observed that some cloud service providers websites with credible reputations were hosting malware and other malicious activities. Also, there is a growing use of tunneled connection to protect malicious traffic. The more significant problem is that most companies have not detected malware and data leakage while using cloud services. Signature-based Network Intrusion Prevent System (NIPS) cannot block these kinds of attacks. This paper will assess new threats posed by the misuse of legitimate websites and end-to-end encryption technologies, challenges to existing information security infrastructures, possible ways to detect the attacks and the procedure for handling security incident.The findings of the study may change the mindset of senior executives, update current security risk assessment methodology, thereby transforming the design of information security infrastructures and security incident response procedures.

Speaker Bio

Paul Tang

Paul has worked in multinational financial institutions and IT industry for 20 years. He has solid working experience with managing cyber security, incident response, computer investigation and forensics, technology risk management, IT compliance and project management for 20+ countries/entities in Asia Pacific. He is knowledgeable about cloud security, risk management framework, enterprise architecture and governance, IT audit, IT infrastructures, fraud risk management and physical security.†Paulís educational background includes an MBA from the Chinese University of Hong Kong (CUHK), a MSc in Computer Science from the CUHK, a BEng in Computer Engineering from the Hong Kong University of Science and Technology (HKUST), a Postgraduate Diploma in Enterprise Risk Management from the Hong Kong University (HKU) School of Professional and Continuing Education, and an Advanced Diploma in Information Security from the HKUST. Paul is currently a candidate for the Master of Science degree in Information Security Engineering from the SANS Technology Institute.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.