Ahead of his talk at RSA Conference 2017 next week, we chatted to Mark Loman, Sophos’s Director of Engineering for next-generation tech.
Mark gave us a preview of his talk, which you can catch on Tuesday, February 14 from 3:45-4:30 pm in room 132, Moscone North.
He will be delving into how nation-state attackers craft their attack code to evade the most advanced security products.
Q: Why did you choose to talk about exploits?
Loman: Many security vendors use phrases like “protection against zero-days” and “exploit attacks“, but actually, they’re making promises they can’t keep. They only make them so analysts don’t leave them out. But the security industry is already seen to be failing and false claims only make that worse. They don’t see the wood for the trees. So I chose my topic to show real-world existing attack schemes, why protection methods fail and show new defensive technology that is more capable.
We’ve seen a lot of cases where exploits target zero-day vulnerabilities. Some vendors fix them quickly. Others sit on the flaws for longer than they should. How do we get a better patch response time from them?
In my talk I’ll be showing that attackers have Read more