Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Unseen Threat Surfaces and How They Can Hurt You
Transcript of Unseen Threat Surfaces and How They Can Hurt You
your Information Security team
What is an attack surface?
Any place in your defensive structure where the attacker gets massive returns on minimal additional investment
Databases are Self-Threats
One interesting addition is that in the age of mass collection of information, the database itself is vulnerable to a "leaker". The key defense is to make all databases boring to an outsider.
The Cloud and the Recent Past
Things that cannot possibly work versus things that just don't work yet
Just as insecurity is an emergent behavior of a complex enterprise, so can security be.
Attack Surfaces - The Long View
Lunch Prezi by Dave Aitel, CEO Immunity, Inc.
Security is the one area in your business where "revelation" is always painful
"Threat Intelligence" must evolve from signatures to defining insanely complex anomaly models at all levels of your computing infrastructure
Response must co-evolve to be faster, more proactive, and less intelligent.
You can not overlook the importance of a broad, long-term view in Information Security, despite the fad-like nature of the business
Attackers invest their time building engines which
will work over and over again. Essentially they build Competencies rather than Tools.
Client-side attacks against browsers, Adobe Reader
Server side buffer overflows, format string attacks
VM-based sandboxy exploit detectors (f.e. FireEye)
Sandboxes and Integrity Levels
Global databases of software reputation
Modern Browsers (Chrome)
Source code analysis
Massive Defensive Scanning
Defensive Programming Techniques
Commoditized Hardware attacks
Man in the Middle
"Indicators of Compromise"
Software Defined Networking
If you have matched your future defense to the future attack surfaces correctly, you get to continue to have trust in your network assets (and hence
your business assets)
"Indicators of Compromise" and
The biological model of threat intelligence
The problem is reaction
The solution is an unintelligent reaction
intelligence costs you time in a game where speed is
of utmost importance
Anomaly based self-death - instantly rebuild at any sign of trouble
The answer is not "Better malware analysis", the answer is to never do malware analysis.
Actual signature memory of human body amazingly small
10^12 (commonly quoted number)
a mature adult (age 50) has 29 memory B cells per uL of blood. Which, given that a human has 5 liters of blood, is a total memory capacity of 145 million
Each memory B cell has 50-100K antibody antennas, all slightly randomized
But in fact, most of these are similar to each other
So in effect for all of 3d space, antigens will protect you
from much less than 145M things.
The main defense of animal immune systems is probably "I feel weird, time to violently self destruct"
Find different bugs than humans do, or than any two versions of themselves do. Basically random level of security.
trivial to detect, minor work to hypervisor escape
Good luck! :>
The Chinese D-Team is your "Advanced Persistent Threat"
HUMINT is the true blended threat