RSS:2023 Track 2 (Day 2) :: Rochester Security Summit

RSS:2023 Track 2 (Day 2)

Reducing the Attack Surface

David Frier
October 26, 2023 10:00 am - 10:50 am

Organizations face an ever-increasing number of threats targeting their valuable data and systems. Understanding the attack surface is crucial for effective information security management. This talk will be an in-depth exploration of the concept of an organization's attack surface and provides practical strategies to understand, track, reduce, and fortify it against cyber threats. By implementing these strategies, organizations can improve their defenses, safeguard critical assets, and mitigate the risks associated with their digital footprint.

Five Questions to Ask Your Pentest Partner

Qasim Ijaz
October 26, 2023 11:00 am - 11:50 am

I've been on the consulting and receiving end of penetration testing services. I've seen how the sauce is made and have been a consumer of this elusive sauce. Over the past decade, I've seen both good and bad penetration tests, and I'm here to tell you it doesn't have to be like this. We, as an industry, can do better. You, as clients, can hold us accountable. This talk consists of five questions that can be asked to start a better evaluation of your penetration testing partners. This is not a complete recipe. Instead, this will serve as a starting point for a larger conversation before the contract is signed.

Rise of the Machines: The Future of AI in Cybersecurity

Reg Harnish
October 26, 2023 1:00 pm - 1:50 pm

"They’re here. Ready or not, machines capable of thinking and making contextual decisions are rapidly gaining momentum – and acceptance – in a world that may not be ready for them. With nearly limitless access to data and processing power, these advanced software engines are now solving important problems in nearly every industry. Like the Terminator 1000 and all its earlier iterations, the machines are fast, capable, and less expensive to operate than their human counterparts. And like the T1000, they are potentially more destructive. In a world where the incalculable expanse of computer crimes costs billions – these machines may be the only thing that can save us. But who will save us from the machines?"

FLAME: Federated Learning against Malicious Engineering. Employing Trust and Reputation to Enhance Learning Security and Privacy

Sergei Chuprov and Leon Reznik
October 26, 2023 2:30 pm - 3:20 pm

Federated Learning (FL) is a distributed Machine Learning (ML) technique proposed to enhance the security, privacy, and efficiency of industrial systems. However, attacks against the conventional FL, resulting in compromising local units, have been already reported in practice. We present our novel Reputation and Trust-based mechanisms that allow detecting these compromised local units with the Data Quality analysis and retrospective trust evaluation to improve FL industrial applications. We patented our novel method. We demonstrate our approach on industrial SWIFT financial data and evaluate its effectiveness in improving FL performance and security by detecting data manipulation attacks and excluding compromised units.

DeFaking Deepfakes: Challenges for Real-World Mitigation of Manipulated Media

Matthew Wright
October 25, 2023 1:00 pm - 1:50 pm

Deepfakes are growing more sophisticated and realistic, and their potential for use in misinformation is clear, as they can be used to make anybody appear to say anything. At the start of the Russia-Ukraine conflict, deepfakes were used in war, as videos circulated of President Putin and President Zelensky each announcing their surrender. As these capabilities spread, it is critical that journalists and others have the tools they need to quickly and accurately assess such videos and determine if they have been manipulated. The DeFake project aims to develop and deploy a deepfake detection tool that is not only accurate but also usable by journalists and intelligence analysts in their workflow to help slow the spread of misinformation.