The Cybersecurity Challenge - How Do The Good Guys Win?

Dave DeWalt, Chief Executive Officer and President, McAfee, Inc.

It's a tough job to run security.

Wants to talk about two things: 1) State of security, seeing some trends. 2) Path forward.

Obviously the economy has had a downward slope, conversely data breaches, malware and ftc complaints are increasing like crazy.

Talking about the 1 trillian dollars in intellectual property losses worldwide.

"Several years ago zero countries armed for cyber-warfare" Everybody was about protecting, defensive.

"Today 20+ countries armed for cyber-warefare" offensive strategies.

Not limited to governments. There are individuals and groups.

Talking about Conficker and how we don't really understand what it is about yet.

"Why is this happening?" (Growth of cyber crime)

Malware growth, countries do not work together well yet. Looks like a 500% increase in malware is possiblein 2009 again.

Many many devices coming online, mobile devices, critical infrastructure becoming IP addressable. The huge growth of social networking and web 2.0 technologies.

"What's the outlook?"  Not so good. Using weather analogy. Rain, thunder and lightning for the next five years.

Why? No protection, security cutbacks, complex attack vectors.

Attack Scenarios. Multi-vector attacks. Point products don't work well because the don't share data. Integration and learning between products is vital to protecting against these types of attacks.

The CISO nightmare: Money, reputation, and jobs.

The Future. What are we going to do about it?

Weather analogy again. Sensors anywhere. There are weather sensors all over the place. Reporting information back to a correlation point. We need to do the same with security. Gives us global intelligence.

Visibility is very important.

The future is mulit-layered, multi-correlated with real-time visibility.

Multi-layered from silicon to satellite. Sensors everywhere. chips, storage, os, vm, database, web, satellite.

Correlate across sensors and products now becomes very important.  Trying to figure out ways to quickly correlate information. Correlate to a cloud mentioned several times.

Real-time visibility across all products.

Now going through an attack scenario to demonstrate what this might look like.  Demonstrating how the this can work when we can see multiple vectors and how correlation lets us determine something more quickly.

Global Threat Intelligence database in the cloud.

Re-iterating multi-layered, multi-correlated, and real-time visibility.

All done.

{ 0 comments }

Collaborate with Confidence

John Chambers, Chairman and CEO, Cisco Systems, Inc.

We must be able to collaborate securely

Mobility and collaboration is changing how business is get done.

Integration of voice and data.

Cloud computing, virtualizaiont. You won't know where your data is. You won't know where your content is.

This is a all a security nightmare.

Three major questions:

1. How are we going to use tech. to protect us from attacks?
2. How do we trust what we are using? Not been changed
3. How do we keep "bad stuff" out and the "good stuff" in?

Believes we are entering a decade where productivity will grow by 3-5 percent.

Innovation and Security must coexist, have to do it architecturally and integrated.

Operational excellence is very import to the c-suite. Even more so than innovation.

Gotta have a 5-10 year vision, strategy 2-4 years, execution 12-18 months. Need these plans.

Talking about Cisco market Transitions.

Keep bad stuff out, keep good stuff in - Simple concept, complex solution.

Reiterates that we must have a secure architecture to keep ahead of the bad guys.

"Network is he platform for Security"

Says that security is at an inflection point.

Starting to talk about how Cisco is approaching this.

Talking about Cisco security intelligence operations now. 500 GB of info daily inspected, 500 people, 700k sensors, this includes customer assets.

Now talking about Cisco Cloud Services.

Talking about things like twitter, social networking, vloggin etc.  Showing how quickly this type of traffic is growing.

Growth in the huge percentages.

Collaboration requires process changes, understanding where technologies are going, and how it affects your culture and people.

Some rah rah, we're Cisco and we're great talk.

All done now.

{ 3 comments }

Information Governance Goes to Court

Moderator:Jeffrey Toobin, Senior Analyst, CNN
Panelists: John Facciola, United States Magistrate Judge; Shira Scheindlin,  United States District Judge; Jon Stanley, Director of InfoTech Legal Research, Elchemy; Steven Teppler, Senior Counsel, KamberEdelson, LLC

Toobin mentions two cases that took so long because of electronic discovery. Why did they take so long.

Shira: The first case was gender related. She kept all email. When requested from the company only 7 showed up. Pushed hard and got more from the backup which actually told the story. The verdict was in her favor.

Facciola: Disabled people said they were being discriminated against. Again missing email was key. Backup tapes again were used to get emails. Case settled.

How to avoid problems?

Steven: Setting up in advance is key. Having a plan.

Mod: What about the cost?

Jon: Cost is almost everything. Both money and time. Be prepared up front for this process. It will be much less costly. Legal and tech must work together.

Shira: Commenting about cost shifting and sharing. Should the plaintif share in that cost. New rules have a cost sharing and/or shifting portion.

Mod: How do you measure what is an appropriate cost?

Shire: Nobody has an absolute right to everything. We (courts) to be reasonable. Is the data reasonably accessible?

Lots more discussion of cost.

Seeing a decrease in cost.

Shire: Evidence is not always against you. Make sure you remember that. Mentions the assumption of asymmetric cases.

Current talk about why civil litigation is not going to trial.

Shira: 97% settle out of course.

Facciola: Judges are still very involved in settling cases.

Mod: What is reasonable treatment?

Shira: Discovery ruling are at lower court level. No hard guidance.

Mod: What does it mean to look for data in a modern company?

Steven: Where is your data stored? Where is backed up? Cloud computing, data is everywhere and anywhere. Searching and preserving gets much more complicated. No real legal precepts at this point.

Mod: Advice?

Steven: Outreach programs. Working with standards bodies.

Mod: Same question

Jon: Groups (ABA, etc.) are trying to come up with "best practices" and standards by working with groups like RSA and others and feeding that input back to lawyers.

Humor about not needing to describe data breach to the audience.

Jon: There is no case law to support data breach notification, patch management, etc.

Mod: What kind of sanctions are available to judges?

Facciola: They do everything in their power to avoid the need.

Shira: Sliding scale of sanctions, money to evidential sanctions to default judgments all the way up to contempt of court.

Mod: How do you convince people that it is worth to spend the time and money ahead of time?

Steven: Current processes to keep data secure and intact are in general the same processes you would use to get evidential data. More of a repurposing.

Jon: Doing it is kind of like insurance. It could save you in the future

Shira: Litigation is a cost of doing business. Companies of this.

Mod: What records other than email?

Steven: System meta data, application meta data, logs, processes, procedures, etc.

Jon: Audit logs.

Back to lots of discussion about cost.

Interesting comment from Facciola about the human component in the review of the amount of data to be looked at. Automation required.

Mod: Discussion about search now.

Steven: keyword searches and boolean searches. Context and content searches, looks for patterns.

Shari: New techniques always being developed.

Mod: What's the first thing a company should do when sued?

Steven: Make sure the "litigation button" gets turned on. Make sure documentation is being saved.

Jon: Activate a team that can make decisions and responsibilities established.

Shira: Litigation hold must go into effect immediately. Suspend auto deletes.

Facciola: Get a competent legal advice.

Some discussion about out-sourceing of e-discovery review. Causing some problems.

Panel closes.

{ 0 comments }

The Obama Administration's Cyberspace Policy Review

Melissa E. Hathaway, Acting Senior Director for Cyberspace for the National Security and Homeland Security Councils

Mission Impossilbe theme starts up describing the current situation and giving her the mission to derive a strategy to protect out infrastructure.

The united states is at a crossroads. Cyberspace underpins all facets of our society.

The review was requested to get a common understanding of the problem

Talking about the current issues such at the ATM network heist and others.

The infrastructure is neither secure enough nor resilient enough.

Talking about the details of what they looked at in the review. Lots of stats. Legal issues were dealt with.

Talking about engaging all kinds of areas, academic, government, business, etc.

Transparency was vital to the success of the review. Saying there is a lot of work to do. Won't be done over night. It is a marathon.

Security is a marathon. The review was completed April 17th. IT provides the President with a recommendation for a White House org. to guide the implementation.

Leading must come from the top. From a broader perspective.

Pubic and private interests are intertwined in securing the digital infrastructure.

Partnerships will be required to truly enhance cyber security. Research and development will be key.

Cyber security is not just the responsibility of the government and business, but of everyone.

That's it.

{ 0 comments }

Cryptographer's Panel

Moderator: Ari Juels, RSA Laboratories

Panelists: Whitfield Diffie, Sun Microsystems; Martin E. Hellman, Standord Univercity; Ronald Rivest, MIT; Bruce Schneier, BT Counterpain; Adi Shamir, Weizmann Institute of Science, Israel.

I'm not sure how well this is going to work for a panel. We'll see. It will be starting in the next few minutes.

Here we go.

Ari mentions the catastrophic failure in risk management in financial securities.

Opening thoughts by panelists.

Diffie: Mentions some prominent cryptographers who have passed in the last year. He is bullish on cloud computing that represents a challenge to information security that we haven't really seen before. You have to put your best information out there or you are going to go out of business. How do you protect it.

Hellman: http://NuclearRisk.org. How risky is it? 1000 times riskier than a nuclear power plant near your home. Paper on site. "Soaring, Cryptography and Nuclear Weapons". Technology can be a great enabler and also a great danger. We have the power of gods and the maturity of 16 year olds. Human beings ignore risk until it is too late. Points out that many warnings were given about the financial issues prior to the recent issues.

Blarg. Computer malfunction. Lost update for last three. Current question: Are we headed for a infosec Pearl Harbor.

Bruce says no. Diffie thinks we are headed for more of a 911 instead of a Pearl Harbo. Adi says very low likelyhood, but could be very significant if it happened.

More computer difficulties. Missed question.

Lots of discussion about black swan events and also we need to be very careful where we spend our money because those monies only get so much increase in security.

Closing Statements:

Diffie: If you are doing security you count it as a cost center, "what can you do with 20% less". If you are doing cyber operations you are seen as a profit center, i.e. spying, "what more can you do with 20% more"

Ronald: Cloud computing going to be the focal area of a lot of our work. Terminology matters.  Optimistic about it. A lot of hard work to do to make it work right and securely.

Adi: Points out that the Conficker meets the criteria of 1 month or older and on over a million systems.

Bruce: Who should be in charge of cyber security? Nobody.  Top-down is not the right model. Distrubuted, i.e. everybody is responsible.

That's a wrap of the panel.

{ 0 comments }

Moving Towards 'End to End Trust': A Collaborative Effort

Scott Charney, Corporate VP - Trustworthy Computing, Microsoft Corporation

Used to prosecute cyber crime.

Applications continue to be vulnerable.

The threat landscape continues to evolve.

A very information dense slide is up right now that depicts end to end trust. Need Security/Privacy fundamentals at the bottom, then trusted stack and identity metasystem. All covered by an integrated management and audit function. All of this needs to work within the arenas of economic forces, social requirements, and political/legislative issues in alignment with them all.

Talking about Microsoft's Security Development Lifecycle. Mentioned the threat modeling tool released last year.

Trusted stack. This talk is very specific to what Microsoft is doing with their products and partners. While interesting, it is not what I intended as a live blogging exercise.  This will be the end of this particular keynote blogging effort.

{ 2 comments }

The New Security Agenda: Changing the Game

It is about information. It is the most valuable thing we protect.

We are in an environment of increasing complexity and risk.

When the internet was young we never thought about virtualization being available over the internet.

Realities:

• External threat environment is growing at an increasing rate and changing.
  • Moving away from mass distribution. Going to micro distribution. Targeted.
• The internet continues to change from and internal perspective. Insider threat.
  • Not all malicious. Many accidental.
  • Some are malicious.
• The current security model isn't working. It is time to operationalize security.
  • It needs to be risk based, information centric, responsive, and workflow driven.

Really pushing for workflow.

Blacklisting is important, whitelisting works too. New direction, reputation based security.

Closing remarks:

Visibility and Control. Skiing metaphor about leaning forward to maintain control. Back to workflow and automation.

That's it for the second keynote. The third keynote starts iat 10:00 am PST/3:00 pm EST.

{ 0 comments }

I am going to try something new here this morning.  I am at the RSA conference in San Francisco and have a table and power at the keynote! I am going to try and live blog the first keynote. If it goes well, I may keep it up for the rest of the mornings keynotes.

Here we go!

Time for the Edgar Alan Poe slide show. Won't be saying much here.

Title: A Common Call: Architecting  a New Information Security Landscape

Talking about cyber criminals. They out number us. They are organized and purposeful.

The vendor community must take the lead to combat them.

*note: I will not be providing any editorial comments, merely notes on what is being said.

Talking about fraud is threatening the existence of the information ecosystem, like pollution.

Now on to economic crisis. Technology can enable recovery.

Rapid transformation of technologies, social networking, virtualizaiont, commercialization of IT and mobile devices are having real impacts in today's IT world.

Current infrastructure evolved with not overarching plan. No process. It's a "leaning tower of technologies."

We must embrace a common development process for informstion security.

Focus on Information Risk Management

• Policy Management
• Policy Decision
• Policy Enforcement
• Policy Audit

Today's security products protect a defined element from a defined attack. Criminals work around it.

Breaking out each area from point products to show how making them broader in scope will help us protect information better.

The whole issue being to move from a point product based implementation to a system. Cannot be done with a suite of products from a single vendor.  Vendors must collaborate.

Have to do three things.

• Collaborate on standards
• Share technology
• Integrate and Embed.

Talking about EMC, Cisco and Microsoft collaborating, sharing and integrating.

Now talking about virtualization.

VMWare making a major announcement this morning. Keep your ears tuned.

Closing thoughts:

Industries usually grow incrementally, sometimes huge changes "tipping points" happen. Art suggests we are at such a "tipping point" right now.

Vendors must take the lead, but practitioners must demand it of them.

Proverb: "If you want to go fast, go alone. If you want to go far, go together."

Last part of the first keynote is a panel with Art Cavielo and senior executives from Microsoft and Cisco. Talking about collaboration. That is collaboration in vendor space, not collaboration "tools."

Oops. Typo in title. Thanks for @drinfosec for pointing it out.

Keynote 1 finished. I hope you found this interesting. I will be continuing this through the rest of the keynotes this morning. Each in its own post. The next keynote starts at 9:00 am PST/12:00 pm EST

BTW  - I would love to hear back from you if this is helpful.

{ 4 comments }