SlideShare une entreprise Scribd logo

Security Opportunities A Silicon Valley VC Perspective

Télécharger en tant que PPT, PDF
Positive Hack Days
Positive Hack Days

Security Opportunities A Silicon Valley VC Perspective

Business
1  sur  15
Security Opportunities A Silicon Valley VC Perspective May 2015 Geoffrey Baehr General Partner
The Facts of Life - 2015  Security “Nightmare Scenario” exists today – State sponsored actors, also bespoke (custom), per corp customized attack vectors. – Professional dev kits, release trains, PhD level knowledge being applied (MD6) – Jumbled, confusing mish mash of Alerts, CVE’s, Patch Days, Vendor advice. Mess ! – Android ~2-4000 config settings/calls affect security of OS/device (!) across many facets of the OS. – 170 GB/s DDoS record in April 2015 – Anti virus and signature based approaches simply don’t cover enough any more  And it’s going to get a lot worse = IoT (Sensity)  We already have have numerous 5-8M node networks (Electric Utils -BitStew)  Device-Device autonomous communications proliferating  “Unexpected interactions” such as SCADA affecting AC power affecting health care  PLC’s made in the 80’s are out there.  Shodan is my friend  You can’t hide Certainly Not Confidential 2Almaz Capital Partners
Problem: Most Enterprises don’t understand Security = Corporate DNA = Culture  Which Corp do you know which implements security as a ‘Culture’ ?  Which Corp stresses Security as its ‘primordial DNA’ ?  The practice of Security Culture is usually absent. Not Technical solution !  Which startup allows companies to easily inherit the above attributes ? NONE (opportunity). I do not mean consulting companies.  Where is your “Response Book”, pre planned, pre-staged, ready to go plan, with call up resources and policy ?  Having a non engr Senior person, with a pre-planned, multi pronged response book, following all the steps for “Breakin Type 27” is what a Corp needs.  Responding after the fact, only by engrs, is wrong. Ask me why ?  Can this be fixed ? Is it what is holding back progress ? Certainly. Certainly Not Confidential 3Almaz Capital Partners
State of the Industry - 2015  Anti Virus a dead or dying offering, everyone in A/V scrambling to position themselves as “State Actor repellent” (APT) ! With a new Market Terminology.  The guy with the most monitoring nodes across the net wins: Think FireEye, F- Secure et al. Catch it quickly, publish in near real time is the mantra.  Real Time vs Forensic response the trend, beyond AppFWs, dynamic response  Behavioral analytics of people, packets and services emerging. Huge interest here. Heuristic monitoring. Correlation analysis across multiple axis. Rapidly evolving. Firewalls becoming heuristics collectors.  Massive scale Visualization and graphic modeling tools will be a big opportunity Certainly Not Confidential 4Almaz Capital Partners
2015 What’s Not Working Giving an illusion of Security  Full Disk Encryption – TPM  Firewalls facing the wrong way, with no micro analytic feeds for heuristics.  Most anti virus SW, in fact, AV makers are searching for new business models, it’s so bad that sales are rapidly declining !  Fiddling with PAM, Active Dir and permission based usage/access.  PCI, HIPPA, ISO 27002, NERC, GLPA, GPG13, FIPS 140 compliance mean little to bad actors but give the illusion of progress to mgmt. An acronym never kept anyone safe. Certainly Not Confidential 5Almaz Capital Partners
Crowded Market but many opportunities exist Certainly Not Confidential 6Almaz Capital Partners The Secure Enterprise AAA Perimeter Control Internal/ File Integrity Authentication Intrusion Detection Vulnerability Assessment Threat Management Administration Authenti- cation Authorization Application Security Kernel Security IDVA Security Antivirus VPN Firewall Entegrity Content Inspection DENIAL OF SERVICE $ $ $ $ $ $ $ $ $ $ $ $ $
Craft your Pitch: Using VC Evaluation Criteria (cheat sheet)  #1 TEAM – is the team world class ? have they done this before ? Before anything else, TEAM is everything. Nothing can fix a poor team.  #2 Technology – is this world class thinking ? Are there Computer Science fundamentals behind it ? It the IP patentable (but don’t get hung up on that)  #3 Market – How big, how much can they get, how much will that cost ? How much to get noticed ? Is this an Enterprise Software sale, a Service, Consulting or viral ? Can you guess which model VC’s like these days ?  #4 Finance – How many $$ to get to Goal 1, Goal 2 and have 6 mos reserve in the bank. We can *always* find the money, get smart investors who will help.  Series A – make sure it doesn’t catch fire and burn up, Series B – Sales and Marketing expansion.  Mistakes: don’t worry about profit, take risks !  First mover usually wins, second mover watches first mover win.  Do you do Due Diligence on your VC’s ? You should ! Certainly Not Confidential 7Almaz Capital Partners
Pitches/Huge Opportunities we see  Golden Rule “Do something which the customer needs and can’t do themselves” Solve their pain. Go for the largest market. Scale from there !  Use recent VM work (Docker, Jelastic) to use rapid spinup VM’s for isolation  Continuous randomized testing. Single Sweeping is dead. Chaos Monkey, Janitor Monkey, Security Monkey, Doctor Monkey – ‘Simian Army’ for continuous pounding and testing, thanks to Adrian and Netflix crew.  Multi Tenant Cloud crypto, data comingling, data hotel = Key Mgmt opportunity  Intent Analysis, Behavioral Profiling.  Behavioral Analytics, app/svc/connection/flow. Where’s OpenStack Behavioral Analysis ?  Unstructured data analytics, eventual consistency (cassandra) use for Sec  Internet <-> Data Center perimeter changing to top of rack, what does this imply?  In memory networking and computation (think VM’s, GridGain, Mongo) no pkts on the wire. Now what ? “In Memory firewall” ? A generic issue. NOT solved.  Did you know that just DLP alone was a $665M market in the USA alone 2014 (Gartner) ? Go for the big $$. Certainly Not Confidential 8Almaz Capital Partners
Huge Opportunities (cont)  Translating CVE’s, CERT’s etc to actionable intelligence for enterprises AND applying it somehow.  Device-Device IoT traffic analysis. Super Proxy, Super Tunnels (M’s) ? CPU crypto load vs power, solve that equation.  IoT sensor fencing, distance vector too.  Plenty of OS and BIOS work to go around. Probability you can get your sec product on to the motherboard is unfortunately, Zero. A real problem.  Many IPv6 related problems, esp in Mobile Operators networks (major users) Certainly Not Confidential 9Almaz Capital Partners
Who is doing interesting Sec work NOW (startup wise)  Automated code analysis with pointing to bad code, so less senior guys can handle the fix. As a Service for DevOps. – Tinfoil Security. A step beyond nessus, thinks “nessus plus the fix”. Cute !  Encryption of all data at rest, with selective reading/revocation: – WatchDox (used a lot in Hollywood for screenplay protection)  Secure private cloud within any cloud, multi tenancy, unstruct data protection: Varonis  Secure enterprise collaboration, used by drug discovery pharma,finance – IntraLinks  Network+VM+app+traffic analysis and microsegmentation: Illumio  Non signature, zero day, heuristic tool: Cylance  Behavioral Analysis: Veracode.  Behavorial Analytics: Fortscale Certainly Not Confidential 10Almaz Capital Partners
Now for some Fun ! Certainly Not Confidential 11Almaz Capital Partners
As promised: Who has the Worst Security in the World ? Hint… think VC’s put their money in to … ? Certainly Not Confidential 12Almaz Capital Partners
STARTUPS in Silicon Valley !  Situation is laughable (maybe crying?) I have personally seen all of these….  Ask yourselves, do YOU say these words: – “Of course it’s ok that all the source code is on every laptop all the time ! How silly to ask !” – I am an ENGINEER (Cymbals Crashing sound!), I don’t maintain ….. Servers/AWS! – We have no money for a sys Admin, I am busy coding, go away ! – Password on our AP’s is same as company name or “12345” or blank – Log, what logs ? I don’t need no stinkin’ logs, besides I am too busy to read them – Engineering will rebel if they don’t have root access to everything and every router! – Locks ? Doors wide open 24x7, machines being physically stolen – Distributed teams with collaboration tools, code repos – Why of course everyone needs full access to the entire code base. GROAN !  Even more astounding is that Dumb VC’s watch their $20M investment like a hawk, but not that their precious product output is being stolen under their noses  US Senate Judiciary Committee – Estimate 1-3% US GDP trade secret theft every year via net (5/1/2015 New York Times). Try 3% of $14T = $420B.  2014 – 18% of 1598 breaches examined were used for Trade Secret theft. Certainly Not Confidential 13Almaz Capital Partners
The Result – An Example  I was aware of an event where the bad guys came in, hit the server and thought they got the code base.  They missed and hit the wrong server, so they came back 2 nights later and did succeed.  $20M investment… poof ! Did those guys get funded the 2nd time around ?  So – think it through, if you include your good Sec hygiene practices to investors, it might make the difference about funding (at least to us !) Certainly Not Confidential 14Almaz Capital Partners !
Thanks For Listening Certainly Not Confidential 15Almaz Capital Partners

Recommandé

Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
Introduction and a Look at Security Trends
Introduction and a Look at Security TrendsIntroduction and a Look at Security Trends
Introduction and a Look at Security TrendsPriyanka Aash
 

Recommandé

Jason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 PredictionsJason Samide - State of Security & 2016 Predictions
Jason Samide - State of Security & 2016 Predictionscentralohioissa
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligencecentralohioissa
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsChris Gates
 
Introduction and a Look at Security Trends
Introduction and a Look at Security TrendsIntroduction and a Look at Security Trends
Introduction and a Look at Security TrendsPriyanka Aash
 
LK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, граблиLK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, граблиPositive Hack Days
 
Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...NUS-ISS
 
World of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityWorld of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityKeith Redman
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationClare Nelson, CISSP, CIPP-E
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Nevada County Tech Connection
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Clare Nelson, CISSP, CIPP-E
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringAaron Rinehart
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]Jeremiah Grossman
 
Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedStanford University
 
GITA March 2015 Newsletter
GITA March 2015 NewsletterGITA March 2015 Newsletter
GITA March 2015 NewsletterKevin Moore MSIT, MISM
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeCosmin Bratu
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Customer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsCustomer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsJoAnna Cheshire
 
Internet transaction and communication security
Internet transaction and communication securityInternet transaction and communication security
Internet transaction and communication securityDianoesis
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...CODE BLUE
 
Network cloaking sansv2_
Network cloaking sansv2_Network cloaking sansv2_
Network cloaking sansv2_CMR WORLD TECH
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
 

Contenu connexe

Tendances

LK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, граблиLK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, граблиPositive Hack Days
 
Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...NUS-ISS
 
World of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityWorld of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityKeith Redman
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationClare Nelson, CISSP, CIPP-E
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetCrowdStrike
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Clare Nelson, CISSP, CIPP-E
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringAaron Rinehart
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]Jeremiah Grossman
 
Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedStanford University
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeCosmin Bratu
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksMighty Guides, Inc.
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityEnergySec
 
Customer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsCustomer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsJoAnna Cheshire
 
Internet transaction and communication security
Internet transaction and communication securityInternet transaction and communication security
Internet transaction and communication securityDianoesis
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...CODE BLUE
 
Network cloaking sansv2_
Network cloaking sansv2_Network cloaking sansv2_
Network cloaking sansv2_CMR WORLD TECH
 

Tendances (20)

LK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, граблиLK Inhouse SOC — команда, задачи, грабли
LK Inhouse SOC — команда, задачи, грабли
 
Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...Architecting cybersecurity to future proof smart cities against emerging cybe...
Architecting cybersecurity to future proof smart cities against emerging cybe...
 
World of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityWorld of Watson 2016 - Information Insecurity
World of Watson 2016 - Information Insecurity
 
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and AuthenticationZero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and Authentication
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Evolving Cybersecurity Threats
Evolving Cybersecurity Threats Evolving Cybersecurity Threats
Evolving Cybersecurity Threats
 
State of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers MindsetState of Endpoint Security: The Buyers Mindset
State of Endpoint Security: The Buyers Mindset
 
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
 
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos EngineeringRSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering
 
WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]WhiteHat’s 12th Website Security Statistics [Full Report]
WhiteHat’s 12th Website Security Statistics [Full Report]
 
Mongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons LearnedMongoose H4D 2021 Lessons Learned
Mongoose H4D 2021 Lessons Learned
 
GITA March 2015 Newsletter
GITA March 2015 NewsletterGITA March 2015 Newsletter
GITA March 2015 Newsletter
 
DevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @CrowdstrikeDevTalks 2021 Cloud Engineering @Crowdstrike
DevTalks 2021 Cloud Engineering @Crowdstrike
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber SecurityDaniel Lance - What "You've Got Mail" Taught Me About Cyber Security
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
 
Customer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsCustomer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny Objects
 
Internet transaction and communication security
Internet transaction and communication securityInternet transaction and communication security
Internet transaction and communication security
 
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
[CB20] Operation Chimera - APT Operation Targets Semiconductor Vendors by CK ...
 
Network cloaking sansv2_
Network cloaking sansv2_Network cloaking sansv2_
Network cloaking sansv2_
 

Similaire à Security Opportunities A Silicon Valley VC Perspective

Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofAdrian Sanabria
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionEoin Keary
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerGFI Software
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistMyNOG
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetWatcher
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon usJonathan Sinclair
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber SecurityGTreasury
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018Panda Security
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityDell EMC World
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeMelbourne IT
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
 

Similaire à Security Opportunities A Silicon Valley VC Perspective (20)

Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
Web security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud versionWeb security – everything we know is wrong cloud version
Web security – everything we know is wrong cloud version
 
Prevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability ScannerPrevent Getting Hacked by Using a Network Vulnerability Scanner
Prevent Getting Hacked by Using a Network Vulnerability Scanner
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
The cyber security hype cycle is upon us
The cyber security hype cycle is upon usThe cyber security hype cycle is upon us
The cyber security hype cycle is upon us
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
 
A Look Into Cyber Security
A Look Into Cyber SecurityA Look Into Cyber Security
A Look Into Cyber Security
 
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
PandaLabs Reveals its Predictions for Cybersecurity Trends in 2018
 
MT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in CybersecurityMT 117 Key Innovations in Cybersecurity
MT 117 Key Innovations in Cybersecurity
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
 
Introduction to the Current Threat Landscape
Introduction to the Current Threat LandscapeIntroduction to the Current Threat Landscape
Introduction to the Current Threat Landscape
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationTop 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA Regulation
 

Plus de Positive Hack Days

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesPositive Hack Days
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerPositive Hack Days
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesPositive Hack Days
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikPositive Hack Days
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQubePositive Hack Days
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityPositive Hack Days
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Positive Hack Days
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для ApproofPositive Hack Days
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Positive Hack Days
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложенийPositive Hack Days
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложенийPositive Hack Days
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application SecurityPositive Hack Days
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летPositive Hack Days
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиPositive Hack Days
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОPositive Hack Days
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке СиPositive Hack Days
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CorePositive Hack Days
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опытPositive Hack Days
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterPositive Hack Days
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиPositive Hack Days
 

Plus de Positive Hack Days (20)

Инструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release NotesИнструмент ChangelogBuilder для автоматической подготовки Release Notes
Инструмент ChangelogBuilder для автоматической подготовки Release Notes
 
Как мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows DockerКак мы собираем проекты в выделенном окружении в Windows Docker
Как мы собираем проекты в выделенном окружении в Windows Docker
 
Типовая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive TechnologiesТиповая сборка и деплой продуктов в Positive Technologies
Типовая сборка и деплой продуктов в Positive Technologies
 
Аналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + QlikАналитика в проектах: TFS + Qlik
Аналитика в проектах: TFS + Qlik
 
Использование анализатора кода SonarQube
Использование анализатора кода SonarQubeИспользование анализатора кода SonarQube
Использование анализатора кода SonarQube
 
Развитие сообщества Open DevOps Community
Развитие сообщества Open DevOps CommunityРазвитие сообщества Open DevOps Community
Развитие сообщества Open DevOps Community
 
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
Методика определения неиспользуемых ресурсов виртуальных машин и автоматизаци...
 
Автоматизация построения правил для Approof
Автоматизация построения правил для ApproofАвтоматизация построения правил для Approof
Автоматизация построения правил для Approof
 
Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»Мастер-класс «Трущобы Application Security»
Мастер-класс «Трущобы Application Security»
 
Формальные методы защиты приложений
Формальные методы защиты приложенийФормальные методы защиты приложений
Формальные методы защиты приложений
 
Эвристические методы защиты приложений
Эвристические методы защиты приложенийЭвристические методы защиты приложений
Эвристические методы защиты приложений
 
Теоретические основы Application Security
Теоретические основы Application SecurityТеоретические основы Application Security
Теоретические основы Application Security
 
От экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 летОт экспериментального программирования к промышленному: путь длиной в 10 лет
От экспериментального программирования к промышленному: путь длиной в 10 лет
 
Уязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на граблиУязвимое Android-приложение: N проверенных способов наступить на грабли
Уязвимое Android-приложение: N проверенных способов наступить на грабли
 
Требования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПОТребования по безопасности в архитектуре ПО
Требования по безопасности в архитектуре ПО
 
Формальная верификация кода на языке Си
Формальная верификация кода на языке СиФормальная верификация кода на языке Си
Формальная верификация кода на языке Си
 
Механизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET CoreМеханизмы предотвращения атак в ASP.NET Core
Механизмы предотвращения атак в ASP.NET Core
 
SOC для КИИ: израильский опыт
SOC для КИИ: израильский опытSOC для КИИ: израильский опыт
SOC для КИИ: израильский опыт
 
Honeywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services CenterHoneywell Industrial Cyber Security Lab & Services Center
Honeywell Industrial Cyber Security Lab & Services Center
 
Credential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атакиCredential stuffing и брутфорс-атаки
Credential stuffing и брутфорс-атаки
 

Dernier

Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 

Dernier (20)

Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 

Security Opportunities A Silicon Valley VC Perspective

  • 1. Security Opportunities A Silicon Valley VC Perspective May 2015 Geoffrey Baehr General Partner
  • 2. The Facts of Life - 2015  Security “Nightmare Scenario” exists today – State sponsored actors, also bespoke (custom), per corp customized attack vectors. – Professional dev kits, release trains, PhD level knowledge being applied (MD6) – Jumbled, confusing mish mash of Alerts, CVE’s, Patch Days, Vendor advice. Mess ! – Android ~2-4000 config settings/calls affect security of OS/device (!) across many facets of the OS. – 170 GB/s DDoS record in April 2015 – Anti virus and signature based approaches simply don’t cover enough any more  And it’s going to get a lot worse = IoT (Sensity)  We already have have numerous 5-8M node networks (Electric Utils -BitStew)  Device-Device autonomous communications proliferating  “Unexpected interactions” such as SCADA affecting AC power affecting health care  PLC’s made in the 80’s are out there.  Shodan is my friend  You can’t hide Certainly Not Confidential 2Almaz Capital Partners
  • 3. Problem: Most Enterprises don’t understand Security = Corporate DNA = Culture  Which Corp do you know which implements security as a ‘Culture’ ?  Which Corp stresses Security as its ‘primordial DNA’ ?  The practice of Security Culture is usually absent. Not Technical solution !  Which startup allows companies to easily inherit the above attributes ? NONE (opportunity). I do not mean consulting companies.  Where is your “Response Book”, pre planned, pre-staged, ready to go plan, with call up resources and policy ?  Having a non engr Senior person, with a pre-planned, multi pronged response book, following all the steps for “Breakin Type 27” is what a Corp needs.  Responding after the fact, only by engrs, is wrong. Ask me why ?  Can this be fixed ? Is it what is holding back progress ? Certainly. Certainly Not Confidential 3Almaz Capital Partners
  • 4. State of the Industry - 2015  Anti Virus a dead or dying offering, everyone in A/V scrambling to position themselves as “State Actor repellent” (APT) ! With a new Market Terminology.  The guy with the most monitoring nodes across the net wins: Think FireEye, F- Secure et al. Catch it quickly, publish in near real time is the mantra.  Real Time vs Forensic response the trend, beyond AppFWs, dynamic response  Behavioral analytics of people, packets and services emerging. Huge interest here. Heuristic monitoring. Correlation analysis across multiple axis. Rapidly evolving. Firewalls becoming heuristics collectors.  Massive scale Visualization and graphic modeling tools will be a big opportunity Certainly Not Confidential 4Almaz Capital Partners
  • 5. 2015 What’s Not Working Giving an illusion of Security  Full Disk Encryption – TPM  Firewalls facing the wrong way, with no micro analytic feeds for heuristics.  Most anti virus SW, in fact, AV makers are searching for new business models, it’s so bad that sales are rapidly declining !  Fiddling with PAM, Active Dir and permission based usage/access.  PCI, HIPPA, ISO 27002, NERC, GLPA, GPG13, FIPS 140 compliance mean little to bad actors but give the illusion of progress to mgmt. An acronym never kept anyone safe. Certainly Not Confidential 5Almaz Capital Partners
  • 6. Crowded Market but many opportunities exist Certainly Not Confidential 6Almaz Capital Partners The Secure Enterprise AAA Perimeter Control Internal/ File Integrity Authentication Intrusion Detection Vulnerability Assessment Threat Management Administration Authenti- cation Authorization Application Security Kernel Security IDVA Security Antivirus VPN Firewall Entegrity Content Inspection DENIAL OF SERVICE $ $ $ $ $ $ $ $ $ $ $ $ $
  • 7. Craft your Pitch: Using VC Evaluation Criteria (cheat sheet)  #1 TEAM – is the team world class ? have they done this before ? Before anything else, TEAM is everything. Nothing can fix a poor team.  #2 Technology – is this world class thinking ? Are there Computer Science fundamentals behind it ? It the IP patentable (but don’t get hung up on that)  #3 Market – How big, how much can they get, how much will that cost ? How much to get noticed ? Is this an Enterprise Software sale, a Service, Consulting or viral ? Can you guess which model VC’s like these days ?  #4 Finance – How many $$ to get to Goal 1, Goal 2 and have 6 mos reserve in the bank. We can *always* find the money, get smart investors who will help.  Series A – make sure it doesn’t catch fire and burn up, Series B – Sales and Marketing expansion.  Mistakes: don’t worry about profit, take risks !  First mover usually wins, second mover watches first mover win.  Do you do Due Diligence on your VC’s ? You should ! Certainly Not Confidential 7Almaz Capital Partners
  • 8. Pitches/Huge Opportunities we see  Golden Rule “Do something which the customer needs and can’t do themselves” Solve their pain. Go for the largest market. Scale from there !  Use recent VM work (Docker, Jelastic) to use rapid spinup VM’s for isolation  Continuous randomized testing. Single Sweeping is dead. Chaos Monkey, Janitor Monkey, Security Monkey, Doctor Monkey – ‘Simian Army’ for continuous pounding and testing, thanks to Adrian and Netflix crew.  Multi Tenant Cloud crypto, data comingling, data hotel = Key Mgmt opportunity  Intent Analysis, Behavioral Profiling.  Behavioral Analytics, app/svc/connection/flow. Where’s OpenStack Behavioral Analysis ?  Unstructured data analytics, eventual consistency (cassandra) use for Sec  Internet <-> Data Center perimeter changing to top of rack, what does this imply?  In memory networking and computation (think VM’s, GridGain, Mongo) no pkts on the wire. Now what ? “In Memory firewall” ? A generic issue. NOT solved.  Did you know that just DLP alone was a $665M market in the USA alone 2014 (Gartner) ? Go for the big $$. Certainly Not Confidential 8Almaz Capital Partners
  • 9. Huge Opportunities (cont)  Translating CVE’s, CERT’s etc to actionable intelligence for enterprises AND applying it somehow.  Device-Device IoT traffic analysis. Super Proxy, Super Tunnels (M’s) ? CPU crypto load vs power, solve that equation.  IoT sensor fencing, distance vector too.  Plenty of OS and BIOS work to go around. Probability you can get your sec product on to the motherboard is unfortunately, Zero. A real problem.  Many IPv6 related problems, esp in Mobile Operators networks (major users) Certainly Not Confidential 9Almaz Capital Partners
  • 10. Who is doing interesting Sec work NOW (startup wise)  Automated code analysis with pointing to bad code, so less senior guys can handle the fix. As a Service for DevOps. – Tinfoil Security. A step beyond nessus, thinks “nessus plus the fix”. Cute !  Encryption of all data at rest, with selective reading/revocation: – WatchDox (used a lot in Hollywood for screenplay protection)  Secure private cloud within any cloud, multi tenancy, unstruct data protection: Varonis  Secure enterprise collaboration, used by drug discovery pharma,finance – IntraLinks  Network+VM+app+traffic analysis and microsegmentation: Illumio  Non signature, zero day, heuristic tool: Cylance  Behavioral Analysis: Veracode.  Behavorial Analytics: Fortscale Certainly Not Confidential 10Almaz Capital Partners
  • 11. Now for some Fun ! Certainly Not Confidential 11Almaz Capital Partners
  • 12. As promised: Who has the Worst Security in the World ? Hint… think VC’s put their money in to … ? Certainly Not Confidential 12Almaz Capital Partners
  • 13. STARTUPS in Silicon Valley !  Situation is laughable (maybe crying?) I have personally seen all of these….  Ask yourselves, do YOU say these words: – “Of course it’s ok that all the source code is on every laptop all the time ! How silly to ask !” – I am an ENGINEER (Cymbals Crashing sound!), I don’t maintain ….. Servers/AWS! – We have no money for a sys Admin, I am busy coding, go away ! – Password on our AP’s is same as company name or “12345” or blank – Log, what logs ? I don’t need no stinkin’ logs, besides I am too busy to read them – Engineering will rebel if they don’t have root access to everything and every router! – Locks ? Doors wide open 24x7, machines being physically stolen – Distributed teams with collaboration tools, code repos – Why of course everyone needs full access to the entire code base. GROAN !  Even more astounding is that Dumb VC’s watch their $20M investment like a hawk, but not that their precious product output is being stolen under their noses  US Senate Judiciary Committee – Estimate 1-3% US GDP trade secret theft every year via net (5/1/2015 New York Times). Try 3% of $14T = $420B.  2014 – 18% of 1598 breaches examined were used for Trade Secret theft. Certainly Not Confidential 13Almaz Capital Partners
  • 14. The Result – An Example  I was aware of an event where the bad guys came in, hit the server and thought they got the code base.  They missed and hit the wrong server, so they came back 2 nights later and did succeed.  $20M investment… poof ! Did those guys get funded the 2nd time around ?  So – think it through, if you include your good Sec hygiene practices to investors, it might make the difference about funding (at least to us !) Certainly Not Confidential 14Almaz Capital Partners !
  • 15. Thanks For Listening Certainly Not Confidential 15Almaz Capital Partners