The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020. The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie.
This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.
Sergey Gordeychik is Product Director for Cyber Network Defense at DarkMatter. Before moving to DarkMatter, Sergey gained a wealth of practical experience in the cybersecurity industry. In particular, being Deputy CTO at Kaspersky Lab, he was responsible for establishing the vision and leading the technological development for threat intelligence, cyber threat hunting, security assessment, incident response, and vulnerability research. As CTO at Positive Technologies, he led the development of Gartner recognized enterprise security products such as MaxPatorl, PT Application Inspector, and PT Application Firewall. Sergey is director and script writer of Positive Hack Days Forum, the largest and most influent cybersecurity event in Eastern Europe. From 2012, he led the SCADA StrangeLove industrial cybersecurity research team. Sergey has developed a number of training courses, including "Wireless Networks Security" and "Security Assessment of Web Applications," published several dozens of articles on various subjects and a book called "Wireless Networks Security." He is a popular speaker on internationals security conferences such as CCC, CodeBlue, Area41, POC, Zeronighs, S4. MCSE since NT 4.0, MCT, MVP: Enterprise Security R & D, CWNA, CISSP.
Aleksandr Timor leads the security research group in DarkMatter xen1thLab. He has deep knowledge and experience in penetration testing, network and ICS devices security assessment, and security research. Alexander contribute SCADA StrangeLove team, gave talks at different international security conferences, such as Confidence, Hack.lu, CodeBlue, CCC, Power of Community etc. He has found dozens of zero day vulnerabilities in ICS hardware and software of popular vendors and maintains ICS/SCADA network security toolkits.