Challenges and opportunities in cyber security innovation
Sponsored Links
This presentation is the property of its rightful owner.
1 / 14

Challenges and Opportunities in Cyber Security Innovation PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Challenges and Opportunities in Cyber Security Innovation . Fall, 2011. Paul Barford Qualys Inc. and University of Wisconsin. Internet Cambrian explosion. Internet threat landscape exploded in ‘01 Virus, DoS , worms, bots We’re in a time of evolving cyber ecosystems

Download Presentation

Challenges and Opportunities in Cyber Security Innovation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Challenges and Opportunities in Cyber Security Innovation

Fall, 2011

Paul Barford

Qualys Inc.


University of Wisconsin

Internet Cambrian explosion

  • Internet threat landscape exploded in ‘01

    • Virus, DoS, worms, bots

  • We’re in a time of evolving cyberecosystems

    • Highly complex, dynamic and diverse

    • Expanding challenges and opportunities

  • Addressing threats requires innovation

    • Step functions vs. increments

    • We’ve not seen much in the security domain lately…

[email protected]

Challenge: tech vs. innovation

  • What is the “next big thing”?

    • Threats: many possibilities

    • Counter measures: new architectures

  • Where will the “next big thing” come from?

    • Companies typically develop technology

    • gov/mil are fairly dark and highly diverse

    • Academia needs better processes

    • Entrepreneurs are the innovators

[email protected]

Challenge: antiquated edu

  • Processes in academia can stifle innovation

    • Tenure is a conundrum

    • Unenlightened IP management

  • Incubation support is … incubating

    • It’s not just about physical space or $$

    • The Utah example

  • Why isn’t entrepreneurship taught in CS?

    • Gates, Page/Brin, etc. were not B-school grads

    • Young people areoftenignored

[email protected]

Challenge: bridging the gap

  • Standard start-up issues

    • Business plan, funding, hiring, execution, etc.

  • Complexities and privacy concerns of security operations

    • Highly sensitive nature of sec ops limit feedback

  • Regulations

    • SOX, PCI, international, etc.

  • Moving targets

    • New threats change perception of value

[email protected]

Challenge: metrics

  • How do we assess the impact of something innovative in the security space?

    • No analog of FLOPS or bps

  • Security is good when nothing happens

    • Sends wrong message

  • Changing the conversation

    • Being proactive

    • Being robust

    • Value add for products

[email protected]

Challenge: deployment

  • Hardware is pretty much out

    • “You want to deploy IN LINE!?!”

  • Easy integration is essential

    • Complex architectures

    • Home grown solutions

    • Privacy concerns

  • Ad hoc evaluation methods and tools

    • Related to metrics

  • Everyone is busy

[email protected]

Chall-atunity: O vs. D

  • Standard focus of cyber security is defense

    • Threats determine policies, processes, systems

    • Robust but fragile

  • Offense (attacker) always has the advantage

    • Only one entry point is required

    • Humans are in the loop

  • Offense can clearly have an impact

    • Stuxnet is a game changer

  • Offense is clearly controversial!

[email protected]

Opportunity: data*/service

  • Many security systems and processes depend on different types of data

    • Aggregates

    • Signatures

  • S,S,SaaS via the cloud

    • Simplifies deployment

    • Lowers costs

    • Changes playing field

    • But, risks are difficult to assess

[email protected]

Opportunity: secure software

  • Software system vulnerabilities will be with us forever

    • System complexity

    • Humans in the loop

  • Secure software development methods

    • Requires careful consideration of threats

  • Software testing methods, tools, processes

    • Fast, accurate identification of a myriad of bugs

  • However, humans are in the loop…

[email protected]

Opportunity: education

  • Educate “consumers” on best practices

    • Private users

      • Simple things can make all the difference

    • Developers

      • Evolving threats make this an on-going challenge

    • Public/enterprise/SMB

      • How to assess risk & make good decisions on security

  • Educate policy makers on security landscape

    • Regulation must be considered VERY carefully

  • Educate the next generation of innovators

    • These resources must be fostered carefully

[email protected]

Opportunity: partnerships

  • Public + private > {public, private}

    • Sharing perspectives is a good starting point

    • Trusted relationships enable sound decisions and effective use of technology

  • Bring academia to the table (gov/com/edu)

    • Unfettered perspective

    • Neutral third party

  • Foster consistent evaluation for innovative technologies

    • National Cyber Security Assessment Center

[email protected]

Opportunity: innovation

  • Situational awareness

    • Unifying theme for sec ops

  • Embrace cloud-mobile environment

    • Solutions for the cloud and from the cloud

  • Policy, regulation and enforcement

    • Important part of ecosystem

    • Facilitate via gov/com/edu partnerships

  • Change the playing field

    • Group-centric security

[email protected]


  • Dynamic and diverse threat landscape

    • Obviates incremental solutions

    • Necessitates innovation

  • Challenges abound

    • Entrenchment based on unknown risks

  • Opportunities abound

    • Data centric innovation

    • Software security

    • Partnerships

    • Changing the playing field

[email protected]

  • Login