Upload File

security is hard

31
© 2010 – MAD Security, LLC All rights reserved Security Is Hard. Mike Murray Managing Partner MAD Security / Hacker Academy [email protected] Twitter: @mmurray

Upload: mike-murray

Post on 21-Jun-2015

125 views

Category:

Technology


0 download

Report

Tags:

TRANSCRIPT

Page 1: Security is Hard

© 2010 – MAD Security, LLCAll rights reserved

Security Is Hard.Mike MurrayManaging Partner

MAD Security / Hacker Academy

[email protected]

Twitter: @mmurray

mailto:[email protected]
Page 2: Security is Hard
Page 3: Security is Hard
Page 4: Security is Hard

Information Security is Constantly Evolving

No I mean REALLY evolving.

Page 5: Security is Hard

Innovators

Page 6: Security is Hard

Early Adopters

Page 7: Security is Hard

Early Majority

Page 8: Security is Hard

Late Majority

Page 9: Security is Hard

Laggards

Page 10: Security is Hard

Vulnerability Distribution

Page 11: Security is Hard

11

So what?

Page 12: Security is Hard

NetworkHuman /Organization

Service /Server

Page 13: Security is Hard

2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 20110

100

200

300

400

500

600

700

800

900

0

20,000,000

40,000,000

60,000,000

80,000,000

100,000,000

120,000,000

140,000,000

160,000,000

180,000,000

200,000,000

Datalossdb.org Incidents over Time

Number of Incidents

Total Records

Page 14: Security is Hard

Network

Client

Human /Organization

Application

Service /Server

Page 15: Security is Hard

WiFi Security

Vulnerability Management

IDS IPS

Web Application Security

Endpoint Security

ApplicationWhitelisting

Database Security

Secure Coding / SDLC

APTData Extrusion

GRC

Phishing

Spear Phishing

Mobile Apps

BYOD

Page 16: Security is Hard
Page 17: Security is Hard
Page 18: Security is Hard

SecurityTraining

Role-Based Security

End User “Awareness”

Page 19: Security is Hard

Least Technical Most Technical

Security Awareness

Architecture

Audit

Management

Forensics/IR

Operations

Hacker

Page 20: Security is Hard
Page 21: Security is Hard

The Incentives are Wrong.

Page 22: Security is Hard
Page 23: Security is Hard
Page 24: Security is Hard

What do we do about it?

Page 25: Security is Hard

Skills, Not Certifications

Page 26: Security is Hard

Systems Thinking

Page 27: Security is Hard

Just-In-Time (JIT)Education

Page 28: Security is Hard

Constantly Evolving Education

• Materials need to evolve as our industry does

• Educators need to be rewriting courses on a monthly timeframe, not a yearly or every 3 year timeframe.

Page 29: Security is Hard

Education needs to Change!

Page 30: Security is Hard
Page 31: Security is Hard

Improve your HUMANS…

Improve your

SECURITY.


If security is hard, you are doing it wrong - Fabio Locati - Codemotion Amsterdam 2016

Hard Core Security Screen Solutions - Byrne Security Doors · Hard Core Security Screen Solutions Security never looked this good

Grid Security: The Globus Perspective2004/04/07  · April 2004 Security: The Globus Perspective 17 Why Grid Security is Hard zResources being used may be valuable & the problems being

Is cyber security now too hard for enterprises?

Why is Security Management So Hard?

SCADA Security: Why is it so hard? - Hack In Paris · 2016-03-10 · HACK IN PARIS SCADA Security: Why is it so hard? Amol Sarwate, Director of Vulnerability Labs, Qualys Inc. June

Mobile Security. Security is Hard Just this year: Denial of service Credit card compromise I Love you Cost to manage security quickly becomes prohibitive

Enhancing Security Against Hard AI Problems in User ... Security Against Hard AI Problems in User Authentication Using Captcha as Graphical Passwords Murugavalli S1, Jainulabudeen

Cyber-Physical Systems Security - cybok.org · National Cyber Security Centre 2019, licensed under the ... Security is a Hard Business Case • “Making a strong business case for

bizhub Security: Hard Disk Drive Data Protection · bizhub Security: Hard Disk Drive Data Protection bizhub Office/Workgroup Product Reference Guide. Disclaimer This guide is intended

A Security Approved Hard Drive & Tape Degausser

Cloud, The Hard Way - Information Security Training · The Hard Way is Easier 3 @__muscles Cover the basics Build on them Run free THE HARD WAY IS EASIER 4 @__muscles. 1. INTRODUCTION

The Heatmap - Why is Security Visualization so Hard?

Hard Drive Data Security

Hard vs Soft Law in International Security

Network firewalls - IEEE Communications Magazine · PDF fileNetwork Firewalls Computer security is a hard problem. Security on networked computers is much harder. Firewalls (barriers

Hard [numbers, plans] is Soft. Soft [people/relationships] is Hard

Hard Drive Data Security - Marco - Copiers/Printers ... · Hard Drive Data Security Chris Bilello Director, Business Development Konica Minolta Business Solutions U.S.A., Inc.

Breaking Up is Hard to Do: Security and …sigops.org/s/conferences/sosp/2011/current/2011-Cascais/...Breaking Up is Hard to Do: Security and Functionality in a Commodity Hypervisor

Hard Core Security Screen Solutions · In addition, for added security, all doors are fitted with a triple point lock. Like many other security screens, Hard Core Security Screens:

Security Week 2019 - ETSI · Why is IoT Security so Hard? • Current security methods are 35 to 45 years old • Were not contemplating low‐resource IoT devices • 8‐16‐and

Network firewalls - IEEE Communications Magazinecourses.isi.jhu.edu/netsec/papers/network_firewalls.pdf · Network Firewalls Computer security is a hard problem. Security on networked

Software Security Security Principleserikpoll/teaching/SoftwareSecurity2007/SecurityPrinciples.pdfIt’s hard to keep secrets • Don’t rely on security by obscurity [Kerckhoffs

DEFENDER EXTERNAL HARD DRIVE ADVANcED SEcuRITy · 2018-04-06 · DEFENDER™ H100 EXTERNAL HARD DRIVE ADVANcED SEcuRITy The Defender™ H100 External Hard Drive is suited for government

Why is Internet Security So Hard? Dr. Stephen Kent Chief Scientist- Information Security

How Hard Is Hard Science, How Soft Is Soft Science?

Breaking Up is Hard to Do: Security and Functionality in a

CSCI 331 Introduction to Computer Security...2019/09/04  · computer security is… Attacks are easy. Defenses are hard. It’s hard to know your vulnerabilities. It helps to think

Why “Work Hard - Play Hard” Is Key!

1 TECI Jointness in Homeland Security. 2 TECI Jointness between Government Agencies is hard. However, during the second "Intifada", National Security

Why Security Testing is Hard

Why measuring security is hard ?

OFFICE OF SOCIAL SECURITY ADMINISTRATIONthe Social Security Administration's Laptop Computers, Cellular Telephones, and Pagers ... The hard disk drive is the main, and usually largest,

Network firewalls - IEEE Communications Magazinepeople.scs.carleton.ca/~soma/id/readings/bellovin-firewalls.pdf · Network Firewalls Computer security is a hard problem. Security

Real Security for Real Provenance is Really Hard