Tin Zaw

Tin Zaw

Director of Security Solutions
Verizon

Biography

Tin Zaw has served as Verizon Digital Media Services’ director of global security solutions since 2015. He and his team provide managed and professional web security services for clients web properties. He launched the services during his first year at Verizon and continues to grow the operations each year.

Prior to joining Verizon, Zaw led web and product security teams at AT&T and Intuit. He previously designed and implemented security products at Symantec and participated in the early days of the web infrastructure at Inktomi, which later became part of Yahoo!. He started his career by programming network protocols at QUALCOMM and Cerner.

A long-time volunteer with OWASP (Open Web Application Security Project), Zaw is a former president of its Los Angeles chapter and currently co-leads the OWASP project on Automated Threats to Web Applications. He received the OWASP Chapter Leader of the Year award at the AppSec USA conference in 2013.

Zaw graduated with a Bachelor’s degree in Computer Science from Pittsburg State University, Kansas. He obtained a Masters degree in Computer Science from the University of Southern California and an MBA from the USC Marshall School of Business.

Presentation Title

DDoS Attacks: Lesson learned from analyzing 10,000 incidents and a case study

Presentation Overview

Description

This presentation will go beyond headlines and shed more light on more than 10,000 DDoS events analyzed by the Verizon Data Breach Investigations Report (2017). Additionally, it will explore a DDoS incident in detail that involved ransom notes, bitcoins and international criminal gangs, against an ecommerce retailer, all before a busy holiday shopping season.

Abstract

Tenth edition of Verizon Data Breach Investigations Report (2017) analyzed more than 42,000 security incidents in 2016. It found that Denial of Service is the most common attack pattern for all security incidents (events that compromise the integrity, confidentiality or availability of an information asset) with more than 25% of incidents analyzed caused by DoS attacks. Denial of Service was also reported to be the top pattern of threat in retail, financial/insurance and information/technology industries.

This presentation will go beyond headlines and shed more light on more than 10,000 DDoS events that the report analyzed. It will explore underlying technology factors that could enable more frequent and larger DDoS attacks and discuss best practices in dealing with them.

In addition, it will explore a DDoS incident in detail that involved ransom notes, bitcoins and international criminal gangs, against an ecommerce retailer, all before a busy holiday shopping season. It will wrap up with some key takeaways that audience can take home and take action next day.