The online broadcast lasted over 11 hours - during this time 42 speakers managed to speak. Some of them participated in the discussions from the studio at Lenfilm, while others joined the discussions remotely via videoconferencing.
The conference was divided into plenary and three thematic sessions. In this article we will tell you more about the plenary part. It was moderated by the chief editor of the Comnews group of companies Leonid Konik and TV presenter Nika Strizhak .
The founder of the company "Gazinformservice" Valery Pustarnakov and acting director of the company "Gazinformservice" addressed the conference participants with a welcoming speech. Andrey Kashin, Deputy Chairman of the Committee for Informatization and Communications of St. Petersburg .
Rustem Khairetdinov, Director of Growth at BI.ZONE, made a presentation on "Threat Hunting - Detection of Multilevel Targeted Attacks", where he talked about why it is impossible to stop development and what is included in the "pyramid of pain" of IB's and hackers. He recalled that the average time an attacker spends on the network, on average, in the world is 78 days. The advantages of threat hunting are that, in addition to the "traditional methods", we test hypotheses about someone else's presence before immediately identifying the danger. In case of detection of a "scout", we can prevent the attack, or watch the attacker to identify targets and sources. In the event of an attack, we document its signs to continue the further "hunt".
Rutam Khairetdinov also noted:“It's great that we managed to bring practitioners to the presentation. The topics of management and security of distributed workplaces are the main hit of "remote control", while not all organizations have reached an optimized plateau in these matters, many people still use "crutches" on which this "remote control" was introduced in an emergency manner . "
Sergey Petrenko , director of the product line "Protected media" Aladdin R.D. spoke about “Ensuring secure remote work of employees using personal computers. About new requirements of regulators and possible solutions. In particular, solutions based on LiveUSB are considered in detail, which imply full switching of an employee's personal PC from "home" to "work" mode in compliance with all information security measures.
Vyacheslav Tupikov , architect of ArcSight solutions at Micro Focus, continued the topic of remote work from the side of threat detection. In his presentation "SOC Analytics in a New Reality", he talked about the difference in methods of protecting office and home perimeters and how to track "abnormal" behavior when moving to a remote format, when all employee behavior has become atypical. Valery Komarov
told how the information security of the IS&R of the city of Moscow was ensured during the COVID-19 pandemic, as well as raising awareness among staff, Head of the Awareness Division of the Department of Information Technologies of Moscow. How to minimize the human factor in information security? - Inform staff. And give detailed instructions on every exciting issue. But it's worth noting that these methods only work if you clearly understand the risks that an organization and employees may face when switching to remote work.
Information security expert Alexei Lukatskiy reviewed the basic checklist of an organization building a secure remote access strategy. Alexey examined in detail how to make the use of corporate and personal mobile devices secure and how to optimize the security of remote work.
“The main value of the GIS DYS 2020 conference is that you can share your experience. Of course, there was not enough backstage communication. But the speed with which we managed to get together, exchange painful problems and share the results will allow us to quickly implement new ideas in practice. And this is the value of GIS DAYS ” - Alexey Lukatsky commented on the results of the conference .
Igor Lyapunov , Vice President for Information Security of PJSC Rostelecom, devoted his report to cyber attacks on KII. Who is attacking the KII? This is espionage: gaining access to official information; and sabotage: getting the opportunity to influence the system. How do they do it? Statistically, this is mostly high quality attack software. And, sadly, very old vulnerabilities are still being successfully exploited.
Vladimir Skiba, head of the main information technology department of the FCS of Russia, spoke about the problematic issues of the development of technologies for automatic decision-making in the Unified Automated Information System of customs authorities.
Mikhail Smirnov , Director of the Expert and Analytical Center of InfoWatch JSC, answered the question "Security of digital assets: what does it mean today?" In the digital field, any organization is forced to organize asset protection through close interaction of financiers, lawyers and IT specialists: it is necessary to understand what operations the company is involved in, what data it uses, what risks it carries, and be able to insure all areas of digital relationships with the outside world.
Vasily Diaghilev, the head of Check Point Software Technologies in Russia and the CIS, spoke about 5 main lessons of cyber resilience in 2020:
- despite your protection, the infection will still penetrate: you need to audit and constantly monitor your system, introduce system segmentation;
- building protection on the principle of lattices on windows is not relevant: information should not only be accessible from any 24x7 device, but also sufficiently protected;
- you need to focus on critical information and access to it: introduce segmentation and protect segments in parts.
- all segments must be flexible: scalability of the system and the ability to connect additional levels of security;
- decisions must be made with lightning speed.
A joint report was made byAlexey Lukashin , head of the Supercomputer Center of St. Petersburg Polytechnic University, and Nikolai Nashivochnikov , deputy general director of Gazinformservice. They talked about developments in the field of behavioral analytics, intelligent methods in cybersecurity and countering new threats. Encrypted traffic analytics, predicting likely attacks, automation of incident response processes and behavioral analytics are added to traditional methods of protection against malware.
During the stream on the platform and in social networks, the broadcast gathered more than one and a half thousand viewers.“This year we feel an increased demand for our agenda, including from the business side. If earlier the conference was mainly for professionals in the field of information security, then this year more and more business representatives attend our conference. And this meets one of our tasks - the popularization of information security, ” comments Roman Pustarnakov, director of the department for organizing work with customers at Gazinformservice, at the conference .