2023-10-19 –, Salle Europe
In Dec 2021, the media and public discovered the “famous” log4j vulnerability.
They realized that for every product or website using software or shared libraries and components , these products can become vulnerable to cyber attack.
Companies in technology sector producing «software » had to face the same « disease or scary movie ». A small library used everywhere has damaged almost all software & websites.
At this time a part of companies believed they were prepared with a PSIRT or a CSIRT or a CERT, the other part had to “improvise, resolve and learn”
Today’s main « key » questions which seems of interest:
-
Do we all remember (good and bad parts of the experience) ?
-
Have we realized it’s a miracle the PSIRT teams survived the experience ?
-
Have we learned the lessons of what happened with log4j ?
-
Are we now prepare when (‘and not if’) a new « vulnerability scary movie » will come back
In this talk we will try to:
** Review the theory and framework for security operation (detect/respond/recover & lessons learned) in real case scenario log4j
** Highlight that in security incident management :
-
PSIRT (when it exists) is not a magic team or heroes
-
Full recovery takes time
** Admit that there are no other choices than
- Shift Left (SSDLC)
- Involve the management and accountable players (CMDB, SBOM, BCP)
- Collectively align our incident response and vulnerability management approaches and forces
Senior Security Engineer in SecOps and Incident Response (PSIRT) in Thales since several years with operational and practical knowledge in audit, vulnerability management , incident response, customer support, system integration.
Active contributor to standardization security working groups and information sharing communities