Botconf Author Listing

Yael Daihes


Last known affiliation: Akamai; Guardicore; Ben Gurion University; HUJI
Bio: Yael Daihes is a data science leadership, strategy and research consultant helping businesses from all sectors build and manage successful DS/AI organizations and projects. Starting with an 8 years service in the Israeli defense forces, Yael pursued a successful data science career within the cybersecurity sector that included heading major R&D Data Science organizations both in the defense forces as well as in the private sector (the most recent of which sold for 560M$). Yael holds a BS.c in computer science from the Hebrew University and a MS.c in Software and Information systems engineering from Ben Gurion university with a specialty in machine learning and big data systems. In her spare time she volunteers with “Baot”, Israel’s largest “females in R&D” community, managing one of their programs as well as mentoring fellow females in the industry.
  
Date: 2022-04-29
Detecting and Disrupting Compromised Devices based on Their Communication Patterns to Legitimate Web Services
Yael Daihes 🗣 | Hen Tzaban 🗣

Abstract (click to view)

Data breaches of enterprises have been one of the most destructive and prominent security threats that enterprises have been facing in recent years. Some well-known APT groups as well as cybercriminals leverage legitimate web services such as GitHub, Twitter, Google Storage, and many more, in order to achieve their attack goals and breach an enterprise. Even supply chain attacks include the usage of the same original legitimate web service, just in a malicious manner.
Many network mechanisms rely on signatures to block outgoing communication from enterprise devices to malicious destinations for defending against such attacks. But, what happens when you can’t simply block that destination? You’re not going to block all outgoing communication to Github, are you?
We suggest applying UEBA, User and Entity Behavior Analytics for detecting such botnet malicious activities and using other mitigation options such as monitoring/blocking specific sessions or devices.

Slides Icon
PDF
Video
Scroll to Top