Ural Security System Center took part in SOC Forum, which was held on November 14-15 in Moscow. The company introduced its own Cybersecurity Center, which combines services and assets for implementation of information security solutions, development and outsourcing of SOC, analysis of security and secure development.
At the stand, Center's experts answered guests' questions about its focus areas. They also made short reports on practices to protect against cyber threats.
So, Evgeny Todyshev, Head of "Safe Development" Department, dedicated his speech to Kubernetes. He gave recommendations with regard to parameters which should be taken into account when incidents are audited and platform incidents are investigated, but standard policies and techniques do not work and the environment is not static.
Konstantin Mushovets, Director of USSC-SOC, shared his experience of creating the Purple Team. The expert told how they came up with the idea, what results could be obtained when the attacking and defending teams interacted with each other, and he also spoke about plans and outlook for practice development.
Konstantin Mushovets:
"The need to form a Purple Team should be determined in each specific situation. As this work, without any doubt, requires considerable efforts to coordinate, plan, conduct tests and analyse their results. One of the main advantages of such collaboration is improvement of information security measures taken through emulation in conditions which are as close as possible to real ones and gaining practical experience in training personnel."
Anastasia Pryadko, a security analysis specialist, represented the Cybersecurity Center team, in the business part of the forum. The expert spoke in the track "Practicum" and talked about how 1C: Enterprise platform looks for pentester's part.
Anastasia Pryadko:
"The report was based on the experience of conducting pentests and it was devoted to frequently detected misconfigurations, thanks to which 1C: Enterprise could become an easy target for an attacker if a company does not pay enough attention to the secure configuration of the server in general and information databases in particular."
Moreover, the Cybersecurity Center team has developed a cyber quiz specially for the forum. The guests of the forum were able to test themselves as cyber security experts by trying one of three roles: a pentester, a SOC analyst and a DevSecOps engineer. An interactive game helped the participants to understand peculiarities in the work of information security specialists.
