Challenges and opportunities in cyber security innovation
This presentation is the property of its rightful owner.
Sponsored Links
1 / 14

Challenges and Opportunities in Cyber Security Innovation PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on
  • Presentation posted in: General

Challenges and Opportunities in Cyber Security Innovation . Fall, 2011. Paul Barford Qualys Inc. and University of Wisconsin. Internet Cambrian explosion. Internet threat landscape exploded in ‘01 Virus, DoS , worms, bots We’re in a time of evolving cyber ecosystems

Download Presentation

Challenges and Opportunities in Cyber Security Innovation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Challenges and opportunities in cyber security innovation

Challenges and Opportunities in Cyber Security Innovation

Fall, 2011

Paul Barford

Qualys Inc.

and

University of Wisconsin


Internet cambrian explosion

Internet Cambrian explosion

  • Internet threat landscape exploded in ‘01

    • Virus, DoS, worms, bots

  • We’re in a time of evolving cyberecosystems

    • Highly complex, dynamic and diverse

    • Expanding challenges and opportunities

  • Addressing threats requires innovation

    • Step functions vs. increments

    • We’ve not seen much in the security domain lately…

[email protected]


Challenge tech vs innovation

Challenge: tech vs. innovation

  • What is the “next big thing”?

    • Threats: many possibilities

    • Counter measures: new architectures

  • Where will the “next big thing” come from?

    • Companies typically develop technology

    • gov/mil are fairly dark and highly diverse

    • Academia needs better processes

    • Entrepreneurs are the innovators

[email protected]


Challenge antiquated edu

Challenge: antiquated edu

  • Processes in academia can stifle innovation

    • Tenure is a conundrum

    • Unenlightened IP management

  • Incubation support is … incubating

    • It’s not just about physical space or $$

    • The Utah example

  • Why isn’t entrepreneurship taught in CS?

    • Gates, Page/Brin, etc. were not B-school grads

    • Young people areoftenignored

[email protected]


Challenge bridging the gap

Challenge: bridging the gap

  • Standard start-up issues

    • Business plan, funding, hiring, execution, etc.

  • Complexities and privacy concerns of security operations

    • Highly sensitive nature of sec ops limit feedback

  • Regulations

    • SOX, PCI, international, etc.

  • Moving targets

    • New threats change perception of value

[email protected]


Challenge metrics

Challenge: metrics

  • How do we assess the impact of something innovative in the security space?

    • No analog of FLOPS or bps

  • Security is good when nothing happens

    • Sends wrong message

  • Changing the conversation

    • Being proactive

    • Being robust

    • Value add for products

[email protected]


Challenge deployment

Challenge: deployment

  • Hardware is pretty much out

    • “You want to deploy IN LINE!?!”

  • Easy integration is essential

    • Complex architectures

    • Home grown solutions

    • Privacy concerns

  • Ad hoc evaluation methods and tools

    • Related to metrics

  • Everyone is busy

[email protected]


Chall atunity o vs d

Chall-atunity: O vs. D

  • Standard focus of cyber security is defense

    • Threats determine policies, processes, systems

    • Robust but fragile

  • Offense (attacker) always has the advantage

    • Only one entry point is required

    • Humans are in the loop

  • Offense can clearly have an impact

    • Stuxnet is a game changer

  • Offense is clearly controversial!

[email protected]


Opportunity data service

Opportunity: data*/service

  • Many security systems and processes depend on different types of data

    • Aggregates

    • Signatures

  • S,S,SaaS via the cloud

    • Simplifies deployment

    • Lowers costs

    • Changes playing field

    • But, risks are difficult to assess

[email protected]


Opportunity secure software

Opportunity: secure software

  • Software system vulnerabilities will be with us forever

    • System complexity

    • Humans in the loop

  • Secure software development methods

    • Requires careful consideration of threats

  • Software testing methods, tools, processes

    • Fast, accurate identification of a myriad of bugs

  • However, humans are in the loop…

[email protected]


Opportunity education

Opportunity: education

  • Educate “consumers” on best practices

    • Private users

      • Simple things can make all the difference

    • Developers

      • Evolving threats make this an on-going challenge

    • Public/enterprise/SMB

      • How to assess risk & make good decisions on security

  • Educate policy makers on security landscape

    • Regulation must be considered VERY carefully

  • Educate the next generation of innovators

    • These resources must be fostered carefully

[email protected]


Opportunity partnerships

Opportunity: partnerships

  • Public + private > {public, private}

    • Sharing perspectives is a good starting point

    • Trusted relationships enable sound decisions and effective use of technology

  • Bring academia to the table (gov/com/edu)

    • Unfettered perspective

    • Neutral third party

  • Foster consistent evaluation for innovative technologies

    • National Cyber Security Assessment Center

[email protected]


Opportunity innovation

Opportunity: innovation

  • Situational awareness

    • Unifying theme for sec ops

  • Embrace cloud-mobile environment

    • Solutions for the cloud and from the cloud

  • Policy, regulation and enforcement

    • Important part of ecosystem

    • Facilitate via gov/com/edu partnerships

  • Change the playing field

    • Group-centric security

[email protected]


Conclusions

Conclusions

  • Dynamic and diverse threat landscape

    • Obviates incremental solutions

    • Necessitates innovation

  • Challenges abound

    • Entrenchment based on unknown risks

  • Opportunities abound

    • Data centric innovation

    • Software security

    • Partnerships

    • Changing the playing field

[email protected]


  • Login