Gábor Arányi
<About_The_Speaker/>
Since the focus of protection against ransomware viruses is usually shifting towards antivirus solutions, DLP systems and complex cloud services, there are only a few systems that can effectively resist such an attack while running directly on the file server in an on-prem configuration. In fact, in case of using centralized data storage, this is the most appropriate place to acquire aggregated file operation sequences, track metrics and monitor relevant network traffic.
In this talk, I will briefly demonstrate how we built a lab environment running real-world ransomware viruses, how we extracted the right data sequences to train AI, how we implement and monitor honeypots, and how we validate our read-only snapshot-based backups. Of course some hardening tricks will be also mentioned and you will be invited to a CTF game.
