Special Delivery! Defending & Investigating Advanced Intrusions on Secure Email Gateways
April 11, 2024
3:10 - 4:00 PM
Valley of the Sun E
In today’s enterprise environments, secure email gateways play a critical role in filtering and scrutinizing email content for potential threats. Positioned at the intersection between the public Internet and corporate email servers, these gateways become highly coveted targets for malicious actors. The recently disclosed vulnerability in the Barracuda Email Security Gateway (ESG), CVE-2023-28686, had a significant impact on organizations worldwide while providing a level of access to threat actors in an environment that significantly enabled their overall objectives.
In this talk, we will dive into first hand encounters from our investigations into these intrusions right from their infancy. We will provide an insightful walkthrough of the threat actors' playbook and attack path, explore available logs and artifacts that aid in analysis, present a comprehensive methodology to shed light on these malicious activities, and actionable remediation actions to reduce the attack surface.
By the end of this session, attendees will be empowered to identify malicious activity within their secure email gateways and possess the necessary defense strategies to combat such threats.
Nader Zaveri | Senior Manager – Incident Response & Remediation | Manidant/Google
Nader Zaveri has over 15 years of experience in IT security, infrastructure, and risk management.
Nader has led hundreds of incident response investigations related to on-prem or cloud-based environments. He has helped investigate and understand the storyline of the attack for the most allusive threat actors such as nation-states.
He also leads the remediation efforts with his knowledge and experience by providing strategic short, medium, and long-term remediation recommendations to directors and C-level executives. He also leads the efforts in providing tactical recommendations to specialists, to improve the security posture of an organization. Nader also has experience with leading transformational projects over infrastructure and processes with technical and organizational change components in response to rapidly evolving business needs and regulatory requirements.
Nader Zaveri conducted interviews and presentations for dozens of organizations and conferences regarding cloud and on-prem Incident Response and Remediation topics. He regularly provides security updates and briefings to C-Suite personnel during and after an incident, as well as assists with post-remediation and hardening efforts for the organization.
Prior to joining Mandiant, Nader Zaveri spent several years in leadership positions at major cyber security consulting firms. Before joining consulting, Nader worked as a lead practitioner for multi-national organizations.
When Nader is not working, he is helping and mentoring young professionals with their entry into the workforce and Cyber Security. Nader juggles about 5-10 mentees at a time to help them navigate their studies and career paths.