• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Interop 2007 Keynote Teaser
 

Interop 2007 Keynote Teaser

on

  • 4,016 views

Anton Chuvakin Interop Mscow 2007 Keynote Teaser on security trends in 2007 and beyond

Anton Chuvakin Interop Mscow 2007 Keynote Teaser on security trends in 2007 and beyond

Statistics

Views

Total Views
4,016
Views on SlideShare
4,015
Embed Views
1

Actions

Likes
3
Downloads
0
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • "Security Trends: 2007 and Beyond" "The presentation will cover current and emerging trends in information security, that are affecting broader IT industry. New threats, new types of vulnerabilities as well as increasing regulatory compliance pressures worldwide will be addressed. Changes in cybercrime that have been occurring in the last few years and where it all might end up will be mentioned as well.“

Interop 2007 Keynote Teaser Interop 2007 Keynote Teaser Presentation Transcript

  • Security Trends: 2007 and Beyond Dr Anton Chuvakin, GCIA, GCIH, GCFA Chief Logging Evangelist Interop Moscow, May 2007
  • Who is Anton?
    • Chief Logging Evangelist @ LogLogic (San Jose, CA)
    • Book author: “Security Warrior”, “Hacker’s Challenge 3”, “PCI”, “Know Your Enemy 2”, etc
    • Presentations: SANS, CSI, FBI, USMA, others
    • Involved with security standards: CEE, CVSS
    • Security blogger – www.securitywarrior.org
  • Today’s Outline
    • The World of Security Now
    • 1990s Security vs Early 2000s vs Late 2000s
    • Attacks, Vulnerabilities, Defenses, Laws: Now and in the Future
    • What Works and What Doesn’t?
  • Question: What is Security Today?
    • Fighting hackers?
    • Protecting networks?
    • Fixing vulnerabilities?
    • Selling “boxes”? 
    • Managing risk?
    • Hardening systems?
    ?
  • Answer: What is Security Today and Tomorrow?
    • Protecting Information!
    • Q: Why Start Security From 1990s?
    • A: Before 90s, There Was Security (Of Course!), But No Security Industry !
  • Trends: 1990s
    • Explosive global malware : Blaster, Slammer, ILoveYou
    • Server exploits : IIS is a kind of Swiss cheese
    • Hacking for fun and fame…mostly : system penetrations, DDoS “for fun”
    • Buffer overflows everywhere
    • Purchasing : Incident-driven (or F.U.D.-based)
    • Think about it! - we call this “ good old days !” 
  • Trends: Early 2000s
    • Small circulation commercial malware , spyware (but lots of it!)
    • Bots : “ industrial revolution ” in hacking
    • Web and “Web 2.0” attacks
    • Rapid rise of client-side attacks
    • Hacking for money : Phishing, Spam, DDoS for ransom, etc
    • Purchasing : Incident-driven + regulatory purchasing + some “best practices”
  • Trends: Late 2000s – Near Future
    • Mobile malware? Cell/mobile phones, PDAs, other connected devices
    • New Technologies : VOIP, “Web 2.0”, etc
    • More application and web application hacking: more stuff moves to the web
    • Attackers focus more on data , less on infrastructure
    • Purchasing: Mostly regulatory + “best practices” + some incident-driven
  • Final Thoughts
    • Security is here not because of “TCP/IP” or Mr Bill G. It is here because of humans 
    • New technologies -> new attacks -> new defenses: endless cycle
    • Following “ checkbox security ” of the near future -> protected as much as the next guy -> get 0wned as much as him 
    • Now go review your incident response plans!
  • Thank You For Attending!!!
    • Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
    • http://www.chuvakin.org
    • Chief Logging Evangelist
    • LogLogic, Inc
    • Author of “Security Warrior” book (O’Reilly 2004) – www.securitywarrior.org
    • See www.info-secure.org for my papers, books, reviews and other security resources related to security and logs