SlideShare une entreprise Scribd logo

The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018

P
Pukhraj Singh

My keynote at RootConf 2018.

Technologie
1  sur  39
Télécharger pour lire hors ligne
The Death Of Enterprise Security As We Know It Pukhraj Singh @mleccha RootConf – 2018, Bangalore
Other titles • Why am I still running an antivirus after 30 years? • Hackers are atheists, but there are gods in cybersecurity
About me • 13 years of off-and-on experience in security • 5.5 years in the government • Imparts you with an altogether different worldview • “It was the best of times, it was the worst of times” – Charles Dickens
This talk • Ideas gathered from a six-month research on a manuscript • Not a microscopic, technical deep-dive • Security can’t be enumerated using feature-sets • Relying on aphorisms • How mystics expose the deeper truths the listeners already know • I truly stand on the shoulder of giants • Cyber is over-classified; lack of empirical data makes it difficult to see patterns • I rely on experts who are *way* more prophetic than I am
Focus areas • The security industry is cursed with unpredictability • “In IT security, offensive problems are technical - but most defensive problems are political and organisational” • Small things you could do to liberate your security architecture
Cognitive dissonance in security “The test of a first-rate intelligence is the ability to hold two opposed ideas in mind at the same time and still retain the ability to function” -- F. Scott Fitzgerald, The Crack-Up
Dense or sparse? Are vulnerabilities dense or sparse, asks cryptologist Bruce Schneier Cognitive dissonance: The very lack of an answer may make vulnerabilities dense
Cyber is totally offense-centric “If we were to score cyber the way we score soccer, the tally would be 462- 456, twenty minutes into the game” -- Chris Inglis, former Deputy Director of the National Security Agency
Insecurity is an emergent property “Above some threshold of system complexity, it is no longer possible to test, it is only possible to react to emergent behaviour” -- Dan Geer, In-Q-Tel
Every interface is an attack surface “Know your network” -- Advice from Rob Joyce, former head of TAO, NSA BUT CAN YOU, REALLY? “Ecology professor Philip Greear would challenge his graduate students to catalog all the life in a cubic yard of forest floor. Computer science professor Donald Knuth would challenge his graduate students to catalog everything their computers had done in the last ten seconds” -- Dan Geer, In-Q-Tel
Data is code “Your computer is a state-space, and our data explores it. When it has no input, your computer program is in all potential quantum states - literally anything is possible because it is Turing complete if it has enough complexity. When we give it data, we collapse that waveform into a particular state of our choosing” -- Dave Aitel, CEO of Immunity
Is the security complexity a threat in itself? Source: Mudge, Black Hat 2011
Is the security complexity a threat in itself?
“If you want to learn exploits today, start with the soft targets, go with the antivirus” -- Justin Schuh, Director, Google Chrome Security
The animal spirits of the offensive underground Source: Cyber ITL (Mudge, Sarah Zatko et al), 2016
The animal spirits of the offensive underground Source: Cyber ITL (Mudge, Sarah Zatko et al), 2016
The animal spirits of the offensive underground Source: Cyber ITL (Mudge, Sarah Zatko et al), 2016
The human spatial bias in security “Your perimeter is not the boundary of your network, it’s the boundary of your telemetry” -- The Grugq
So, is true situational awareness really possible?
The defenders are just plain lucky • Dave Aitel and a Fireeye executive walk into a bar… • We’ve fully regressed as an industry • DirtyCow • “A data centre to protect a data centre” – Alex Stamos, ex-CISO of Facebook • Market rut: Endpoint instrumentation & telemetry-economies-of-scale • ML: We don’t have enough to computation to run the full state-space of an enterprise
“In IT security, offensive problems are technical - but most defensive problems are political and organisational” -- Halvar Flake, Google
"But let me be clear about one thing that may make cybersecurity different than all else and that is that we have sentient opponents. The physicist does not. The chemist does not. Not even the economist has sentient opponents. We do.” -- Dan Geer, In-Q-Tel And politics has the biggest influence on human sentience
Politics influences: • The ciphers you use • The processors, routers and antivirus you run • The defensive “innovations” in the security industry • The unjustifiable persistence of centralized architectures like DNS, SSL and BGP, etc. • Bug classes like Spectre and Meltdown • What hackers say, or do not say • …
The hybrid war is at an enterprise’s doorstep “We are fighting at the intersection of a Venn diagram where the finances of a non-state actor meet the capabilities of a state actor” -- Le me • An enterprise can survive a gust of wind, not a Category-4 hurricane • No demarcation anymore between the private and the public
The hybrid war is at an enterprise’s doorstep “If the cost of attack < the value of information = you will be attacked” -- Dino Dai Zavi
The four misconceptions about offense • That it is cheap • That the attacker has an inherent and unprecedented advantage • That it is a purely a technical thing • That the attackers use ‘atomic’ exploits (they use toolchains) • Some rhetoric: • Defenders need to protect everything, whereas an attacker just needs to compromise one • Attackers think in graphs, defenders think in lists • Attackers target infrastructure
The three cardinal principles of offense -- Matthew Monte, former cyber-offense expert at the Central Intelligence Agency Source: Network Attacks & Exploitation
+ The fourth principle: time “If you attack faster than log replication, you are free” -- Sacha Faust, Microsoft Azure Red Team
+ And maybe, the fifth principle: bureaucracy
+ And maybe, the fifth principle: bureaucracy Source: http://addxorrol.blogspot.in/2006/04/more-on-automated-malware.html
Things defenders could do… • Expand the boundary of their telemetry. Collaborate in state-space • Escalate the attackers’ costs and degrade their toolchains • Include geopolitics in their defensive spectrum • Liberate their security analytics and situational awareness
The general’s patents
Machine-to-machine standards: STIX/TAXII
Machine-to-machine standards: OpenC2
Open attack taxonomy: MITRE’s ATT&CK
Open security analytics stacks: Apache Metron
Open security analytics stacks: Apache Spot
Security response: dumb it down • Apoptosis • Human immune system has a remarkably low signature memory • Even the variance among defensive cells is minimal • Analysis and response are an anathema • Creates an artificial resource scarcity • Don’t analyse, just reset • In-Q-Tel’s Cyber Reboot • “Rebalance the equation to increase the cost and complexity for our adversaries…while reducing cost and complexity for our defenders” • Threat Intel & Info Sharing + Security Enhanced SDNs + Endpoint Fluxing
Thanks When it comes to driving security innovation, my motto is “Strong opinions, loosely held” -- Gunter Ollman, CTO (Security), Microsoft

Recommandé

Understanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghUnderstanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghPukhraj Singh
 
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...Pukhraj Singh
 
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)Pukhraj Singh
 
Cyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceCyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceJarno Limnéll
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckJarno Limnéll
 
Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for CyberwarfareAurin Sheikh
 

Recommandé

Understanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghUnderstanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghPukhraj Singh
 
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...Pukhraj Singh
 
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Pukhraj Singh
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)Pukhraj Singh
 
Cyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceCyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceJarno Limnéll
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckJarno Limnéll
 
Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for CyberwarfareAurin Sheikh
 
Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllJarno Limnéll
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015AFCEA International
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286Udaysharma3
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber warDavid Willson, Attorney, CISSP, Security +
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinAFCEA International
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Dr. Lydia Kostopoulos
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
Why_TG
Why_TGWhy_TG
Why_TGTOP GUN
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
Security Concerns and International Relations
Security Concerns and International RelationsSecurity Concerns and International Relations
Security Concerns and International RelationsJarno Limnéll
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
Cyber security
Cyber securityCyber security
Cyber securityTanmoyMaitra
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 

Contenu connexe

Tendances

Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllJarno Limnéll
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015AFCEA International
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copySara-Jayne Terp
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286Udaysharma3
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopoliticstnwac
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinAFCEA International
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Dr. Lydia Kostopoulos
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)BeyondTrust
 
Security Concerns and International Relations
Security Concerns and International RelationsSecurity Concerns and International Relations
Security Concerns and International RelationsJarno Limnéll
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 

Tendances (20)

Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéll
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
About cyber war
About cyber warAbout cyber war
About cyber war
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
Why_TG
Why_TGWhy_TG
Why_TG
 
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
Why Federal Systems are Immune from Ransomware...& other Grim Fairy Tales)
 
Security Concerns and International Relations
Security Concerns and International RelationsSecurity Concerns and International Relations
Security Concerns and International Relations
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
 

Similaire à The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018

Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityMighty Guides, Inc.
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxdonnajames55
 
Ethical hacking: Safeguarding your digital world.
Ethical hacking: Safeguarding your digital world.Ethical hacking: Safeguarding your digital world.
Ethical hacking: Safeguarding your digital world.Cetpa Infotech
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securitysiswarren
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSACipherCloud
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sectorCore Security
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLexume1
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Common themes in cyber attacks and what they mean for defenders' presentation...
Common themes in cyber attacks and what they mean for defenders' presentation...Common themes in cyber attacks and what they mean for defenders' presentation...
Common themes in cyber attacks and what they mean for defenders' presentation...APNIC
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
 

Similaire à The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018 (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
 
Advice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT CybersecurityAdvice for CISOs: How to Approach OT Cybersecurity
Advice for CISOs: How to Approach OT Cybersecurity
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
 
Ethical hacking: Safeguarding your digital world.
Ethical hacking: Safeguarding your digital world.Ethical hacking: Safeguarding your digital world.
Ethical hacking: Safeguarding your digital world.
 
ACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of securityACS Talk (Melbourne) - The future of security
ACS Talk (Melbourne) - The future of security
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSA
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Common themes in cyber attacks and what they mean for defenders' presentation...
Common themes in cyber attacks and what they mean for defenders' presentation...Common themes in cyber attacks and what they mean for defenders' presentation...
Common themes in cyber attacks and what they mean for defenders' presentation...
 
Art Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat PreventionArt Hathaway - Artificial Intelligence - Real Threat Prevention
Art Hathaway - Artificial Intelligence - Real Threat Prevention
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Key Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The ExpertsKey Challenges Facing IT/OT: Hear From The Experts
Key Challenges Facing IT/OT: Hear From The Experts
 

Dernier

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Dernier (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018

  • 1. The Death Of Enterprise Security As We Know It Pukhraj Singh @mleccha RootConf – 2018, Bangalore
  • 2. Other titles • Why am I still running an antivirus after 30 years? • Hackers are atheists, but there are gods in cybersecurity
  • 3. About me • 13 years of off-and-on experience in security • 5.5 years in the government • Imparts you with an altogether different worldview • “It was the best of times, it was the worst of times” – Charles Dickens
  • 4. This talk • Ideas gathered from a six-month research on a manuscript • Not a microscopic, technical deep-dive • Security can’t be enumerated using feature-sets • Relying on aphorisms • How mystics expose the deeper truths the listeners already know • I truly stand on the shoulder of giants • Cyber is over-classified; lack of empirical data makes it difficult to see patterns • I rely on experts who are *way* more prophetic than I am
  • 5. Focus areas • The security industry is cursed with unpredictability • “In IT security, offensive problems are technical - but most defensive problems are political and organisational” • Small things you could do to liberate your security architecture
  • 6. Cognitive dissonance in security “The test of a first-rate intelligence is the ability to hold two opposed ideas in mind at the same time and still retain the ability to function” -- F. Scott Fitzgerald, The Crack-Up
  • 7. Dense or sparse? Are vulnerabilities dense or sparse, asks cryptologist Bruce Schneier Cognitive dissonance: The very lack of an answer may make vulnerabilities dense
  • 8. Cyber is totally offense-centric “If we were to score cyber the way we score soccer, the tally would be 462- 456, twenty minutes into the game” -- Chris Inglis, former Deputy Director of the National Security Agency
  • 9. Insecurity is an emergent property “Above some threshold of system complexity, it is no longer possible to test, it is only possible to react to emergent behaviour” -- Dan Geer, In-Q-Tel
  • 10. Every interface is an attack surface “Know your network” -- Advice from Rob Joyce, former head of TAO, NSA BUT CAN YOU, REALLY? “Ecology professor Philip Greear would challenge his graduate students to catalog all the life in a cubic yard of forest floor. Computer science professor Donald Knuth would challenge his graduate students to catalog everything their computers had done in the last ten seconds” -- Dan Geer, In-Q-Tel
  • 11. Data is code “Your computer is a state-space, and our data explores it. When it has no input, your computer program is in all potential quantum states - literally anything is possible because it is Turing complete if it has enough complexity. When we give it data, we collapse that waveform into a particular state of our choosing” -- Dave Aitel, CEO of Immunity
  • 12. Is the security complexity a threat in itself? Source: Mudge, Black Hat 2011
  • 13. Is the security complexity a threat in itself?
  • 14. “If you want to learn exploits today, start with the soft targets, go with the antivirus” -- Justin Schuh, Director, Google Chrome Security
  • 15. The animal spirits of the offensive underground Source: Cyber ITL (Mudge, Sarah Zatko et al), 2016
  • 16. The animal spirits of the offensive underground Source: Cyber ITL (Mudge, Sarah Zatko et al), 2016
  • 17. The animal spirits of the offensive underground Source: Cyber ITL (Mudge, Sarah Zatko et al), 2016
  • 18. The human spatial bias in security “Your perimeter is not the boundary of your network, it’s the boundary of your telemetry” -- The Grugq
  • 19. So, is true situational awareness really possible?
  • 20. The defenders are just plain lucky • Dave Aitel and a Fireeye executive walk into a bar… • We’ve fully regressed as an industry • DirtyCow • “A data centre to protect a data centre” – Alex Stamos, ex-CISO of Facebook • Market rut: Endpoint instrumentation & telemetry-economies-of-scale • ML: We don’t have enough to computation to run the full state-space of an enterprise
  • 21. “In IT security, offensive problems are technical - but most defensive problems are political and organisational” -- Halvar Flake, Google
  • 22. "But let me be clear about one thing that may make cybersecurity different than all else and that is that we have sentient opponents. The physicist does not. The chemist does not. Not even the economist has sentient opponents. We do.” -- Dan Geer, In-Q-Tel And politics has the biggest influence on human sentience
  • 23. Politics influences: • The ciphers you use • The processors, routers and antivirus you run • The defensive “innovations” in the security industry • The unjustifiable persistence of centralized architectures like DNS, SSL and BGP, etc. • Bug classes like Spectre and Meltdown • What hackers say, or do not say • …
  • 24. The hybrid war is at an enterprise’s doorstep “We are fighting at the intersection of a Venn diagram where the finances of a non-state actor meet the capabilities of a state actor” -- Le me • An enterprise can survive a gust of wind, not a Category-4 hurricane • No demarcation anymore between the private and the public
  • 25. The hybrid war is at an enterprise’s doorstep “If the cost of attack < the value of information = you will be attacked” -- Dino Dai Zavi
  • 26. The four misconceptions about offense • That it is cheap • That the attacker has an inherent and unprecedented advantage • That it is a purely a technical thing • That the attackers use ‘atomic’ exploits (they use toolchains) • Some rhetoric: • Defenders need to protect everything, whereas an attacker just needs to compromise one • Attackers think in graphs, defenders think in lists • Attackers target infrastructure
  • 27. The three cardinal principles of offense -- Matthew Monte, former cyber-offense expert at the Central Intelligence Agency Source: Network Attacks & Exploitation
  • 28. + The fourth principle: time “If you attack faster than log replication, you are free” -- Sacha Faust, Microsoft Azure Red Team
  • 29. + And maybe, the fifth principle: bureaucracy
  • 30. + And maybe, the fifth principle: bureaucracy Source: http://addxorrol.blogspot.in/2006/04/more-on-automated-malware.html
  • 31. Things defenders could do… • Expand the boundary of their telemetry. Collaborate in state-space • Escalate the attackers’ costs and degrade their toolchains • Include geopolitics in their defensive spectrum • Liberate their security analytics and situational awareness
  • 35. Open attack taxonomy: MITRE’s ATT&CK
  • 36. Open security analytics stacks: Apache Metron
  • 37. Open security analytics stacks: Apache Spot
  • 38. Security response: dumb it down • Apoptosis • Human immune system has a remarkably low signature memory • Even the variance among defensive cells is minimal • Analysis and response are an anathema • Creates an artificial resource scarcity • Don’t analyse, just reset • In-Q-Tel’s Cyber Reboot • “Rebalance the equation to increase the cost and complexity for our adversaries…while reducing cost and complexity for our defenders” • Threat Intel & Info Sharing + Security Enhanced SDNs + Endpoint Fluxing
  • 39. Thanks When it comes to driving security innovation, my motto is “Strong opinions, loosely held” -- Gunter Ollman, CTO (Security), Microsoft