Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Unseen Threat Surfaces and How They Can Hurt You

No description
by

Dave Aitel

on 19 February 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Unseen Threat Surfaces and How They Can Hurt You

Foresight is the essential problem of
your Information Security team
What is an attack surface?
Any place in your defensive structure where the attacker gets massive returns on minimal additional investment
Databases are Self-Threats
One interesting addition is that in the age of mass collection of information, the database itself is vulnerable to a "leaker". The key defense is to make all databases boring to an outsider.
The Cloud and the Recent Past
Things that cannot possibly work versus things that just don't work yet
static analysis
Success!
Just as insecurity is an emergent behavior of a complex enterprise, so can security be.
Attack Surfaces - The Long View
Lunch Prezi by Dave Aitel, CEO Immunity, Inc.
Security is the one area in your business where "revelation" is always painful
"Threat Intelligence" must evolve from signatures to defining insanely complex anomaly models at all levels of your computing infrastructure

Response must co-evolve to be faster, more proactive, and less intelligent.
You can not overlook the importance of a broad, long-term view in Information Security, despite the fad-like nature of the business
Attackers invest their time building engines which
will work over and over again. Essentially they build Competencies rather than Tools.
SQL Injection
Client-side attacks against browsers, Adobe Reader
Server side buffer overflows, format string attacks
1995
2001
2005
VM-based sandboxy exploit detectors (f.e. FireEye)
Sandboxes and Integrity Levels
Global databases of software reputation
Click-to-run Java/Adblock/etc.
Modern Browsers (Chrome)
...
Source code analysis
Penetration testing
Massive Defensive Scanning
WAF
Defensive Programming Techniques
Host hardening
Compiler hardening
Least privileges
2010
2012
2014
Sophisticated Malware
Commoditized Hardware attacks
Man in the Middle
"Indicators of Compromise"
Continuous Monitoring
Software Defined Networking
If you have matched your future defense to the future attack surfaces correctly, you get to continue to have trust in your network assets (and hence
your business assets)
2010
Fuzzing
VM-based detectors
Anti-Virus signatures
"Indicators of Compromise" and
"Threat Intelligence"
The biological model of threat intelligence
The problem is reaction
The solution is an unintelligent reaction
intelligence costs you time in a game where speed is
of utmost importance
Anomaly based self-death - instantly rebuild at any sign of trouble
The answer is not "Better malware analysis", the answer is to never do malware analysis.
Actual signature memory of human body amazingly small
10^12 (commonly quoted number)
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2996594/
a mature adult (age 50) has 29 memory B cells per uL of blood. Which, given that a human has 5 liters of blood, is a total memory capacity of 145 million
Each memory B cell has 50-100K antibody antennas, all slightly randomized
But in fact, most of these are similar to each other
So in effect for all of 3d space, antigens will protect you
from much less than 145M things.
The main defense of animal immune systems is probably "I feel weird, time to violently self destruct"
Find different bugs than humans do, or than any two versions of themselves do. Basically random level of security.
trivial to detect, minor work to hypervisor escape
Good luck! :>
The Chinese D-Team is your "Advanced Persistent Threat"
HUMINT is the true blended threat
Full transcript