eCrow Newsletter
October 19, 2016
 

CHAPTER NEWS: Capitol Club hosts talk on Trusted Execution Security for EW Systems

Print this Article | Send to Colleague

On Wednesday, September 28th, 2016, the Capitol club hosted a fascinating presentation by Ray DeMeo, the CO-founder and COO of Virsec, a Silicon Valley company that specializes in protecting mission-critical EW systems from attacks at the binary level and the application level.

His presentation began with a discussion of the vulnerabilities of web applications. As web applications become more and more prevalent in how we conduct our business, hackers are targeting them as the ‘low hanging fruit’ for exploits. More than half of all exploits are using this vector.

Mr. DeMeo described the challenges faced by those who manage critical systems, such as the large numbers of alarms that need to be checked out, and the increasing sophistication of attacks. He cited the concept of quarantining suspicious code in a ‘sandbox’ until it can be seen to be benign. Hackers are now designing exploits that delay activation for minutes or hours so as to ‘fool’ the sandbox defense.

He also talked about the diminishing number of systems (including EW systems) that can truly be said to be ‘isolated’ from the internet. Systems become much more capable when they can communicate with other systems, and that means relying on isolation for protection is less and less practical.  

Ray recommended a book, Countdown to Zero Day by Kim Zetter, to get a better idea of the kinds of exploits that we’re facing today. He surprised the Capitol Club members in attendance by revealing that the average "Zero Day" attack goes undetected for about 60 weeks!

Ray kept the audience engaged and answered questions as he went along, and more questions after the talk. Club President Jim Taber presented him with a commemorative AOC Cap Club ‘hockey puck’ as a token of the club’s appreciation.