Cybersecurity Insights

Security Posture

Vitor Ventura is a Cisco Talos security researcher and manager of the EMEA and Asia outreach team. As a researcher, he’s investigated and published various articles on emerging threats. Most of the day, Vitor is hunting for threats, reversing them, but also looking for geopolitical and/or economic context that better suits them. Vitor has spoken at many conferences like LabsCon, VirusBulletin, NorthSec, Recon, Recon Bruxels, Defcon’s Crypto and Privacy Village, and many more. Prior to that, he was an IBM X-Force IRIS European manager where he was the lead responder for several high profile organizations affected by the WannCry and NotPetya infections. Before that, he did penetration testing at IBM X-Force Red where Vitor led flagship projects like Connected Car assessments and ICS security assessments and custom mobile devices among other IoT security projects. Vitor holds a BSc in Computer Science and multiple security related certifications like GREM (GIAC Reverse Engineer Malware), CISM (Certified Information Security Manager).

To start off this episode, Vitor gives us the rundown on how developing an active defense posture works, in terms of involving threat intelligence and hunting down adversaries while they’re in the network environment:

The main idea is that defenders should take one step forward while monitoring the network. So instead of just waiting to have an alert about a threat actor, or waiting for the systems to have the actions to get them, defenders should go on the active opposition and try hunting for them.

In this episode of Cybersecurity Insights, Vitor also discusses:

  • The two different aspects to DNS query monitoring;
  • How he identifies the weakness in the overall defense posture;
  • If we’re winning or losing this war.