Security Trends: 2007 and Beyond Dr Anton Chuvakin, GCIA, GCIH, GCFA Chief Logging Evangelist Interop Moscow, May 2007
Who is Anton? <ul><li>Chief  Logging Evangelist @ LogLogic (San Jose, CA) </li></ul><ul><li>Book author: “Security Warrior...
Today’s Outline <ul><li>The World of Security Now </li></ul><ul><li>1990s Security vs Early 2000s vs Late 2000s </li></ul>...
Question: What is Security Today? <ul><li>Fighting hackers? </li></ul><ul><li>Protecting networks? </li></ul><ul><li>Fixin...
Answer: What is Security Today and Tomorrow? <ul><li>Protecting Information!  </li></ul>
<ul><li>Q: Why Start Security From 1990s? </li></ul><ul><li>A: Before 90s, There Was Security (Of Course!), But  No Securi...
Trends: 1990s <ul><li>Explosive global malware : Blaster, Slammer, ILoveYou </li></ul><ul><li>Server exploits : IIS is a k...
Trends: Early 2000s <ul><li>Small circulation  commercial malware , spyware (but lots of it!) </li></ul><ul><li>Bots : “ i...
Trends: Late 2000s – Near Future <ul><li>Mobile malware?  Cell/mobile phones, PDAs, other connected devices </li></ul><ul>...
Final Thoughts <ul><li>Security is here not because of “TCP/IP” or Mr Bill G.  It is here because of  humans    </li></ul...
Thank You For Attending!!! <ul><li>Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA </li></ul><ul><li>http://www.chuvakin.org </li>...
Upcoming SlideShare
Loading in …5
×

Interop 2007 Keynote Teaser

2,185 views
2,094 views

Published on

Anton Chuvakin Interop Mscow 2007 Keynote Teaser on security trends in 2007 and beyond

Published in: Technology, News & Politics
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,185
On SlideShare
0
From Embeds
0
Number of Embeds
45
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • &amp;quot;Security Trends: 2007 and Beyond&amp;quot; &amp;quot;The presentation will cover current and emerging trends in information security, that are affecting broader IT industry. New threats, new types of vulnerabilities as well as increasing regulatory compliance pressures worldwide will be addressed. Changes in cybercrime that have been occurring in the last few years and where it all might end up will be mentioned as well.“
  • Interop 2007 Keynote Teaser

    1. 1. Security Trends: 2007 and Beyond Dr Anton Chuvakin, GCIA, GCIH, GCFA Chief Logging Evangelist Interop Moscow, May 2007
    2. 2. Who is Anton? <ul><li>Chief Logging Evangelist @ LogLogic (San Jose, CA) </li></ul><ul><li>Book author: “Security Warrior”, “Hacker’s Challenge 3”, “PCI”, “Know Your Enemy 2”, etc </li></ul><ul><li>Presentations: SANS, CSI, FBI, USMA, others </li></ul><ul><li>Involved with security standards: CEE, CVSS </li></ul><ul><li>Security blogger – www.securitywarrior.org </li></ul>
    3. 3. Today’s Outline <ul><li>The World of Security Now </li></ul><ul><li>1990s Security vs Early 2000s vs Late 2000s </li></ul><ul><li>Attacks, Vulnerabilities, Defenses, Laws: Now and in the Future </li></ul><ul><li>What Works and What Doesn’t? </li></ul>
    4. 4. Question: What is Security Today? <ul><li>Fighting hackers? </li></ul><ul><li>Protecting networks? </li></ul><ul><li>Fixing vulnerabilities? </li></ul><ul><li>Selling “boxes”?  </li></ul><ul><li>Managing risk? </li></ul><ul><li>Hardening systems? </li></ul>?
    5. 5. Answer: What is Security Today and Tomorrow? <ul><li>Protecting Information! </li></ul>
    6. 6. <ul><li>Q: Why Start Security From 1990s? </li></ul><ul><li>A: Before 90s, There Was Security (Of Course!), But No Security Industry ! </li></ul>
    7. 7. Trends: 1990s <ul><li>Explosive global malware : Blaster, Slammer, ILoveYou </li></ul><ul><li>Server exploits : IIS is a kind of Swiss cheese </li></ul><ul><li>Hacking for fun and fame…mostly : system penetrations, DDoS “for fun” </li></ul><ul><li>Buffer overflows everywhere </li></ul><ul><li>Purchasing : Incident-driven (or F.U.D.-based) </li></ul><ul><li>Think about it! - we call this “ good old days !”  </li></ul>
    8. 8. Trends: Early 2000s <ul><li>Small circulation commercial malware , spyware (but lots of it!) </li></ul><ul><li>Bots : “ industrial revolution ” in hacking </li></ul><ul><li>Web and “Web 2.0” attacks </li></ul><ul><li>Rapid rise of client-side attacks </li></ul><ul><li>Hacking for money : Phishing, Spam, DDoS for ransom, etc </li></ul><ul><li>Purchasing : Incident-driven + regulatory purchasing + some “best practices” </li></ul>
    9. 9. Trends: Late 2000s – Near Future <ul><li>Mobile malware? Cell/mobile phones, PDAs, other connected devices </li></ul><ul><li>New Technologies : VOIP, “Web 2.0”, etc </li></ul><ul><li>More application and web application hacking: more stuff moves to the web </li></ul><ul><li>Attackers focus more on data , less on infrastructure </li></ul><ul><li>Purchasing: Mostly regulatory + “best practices” + some incident-driven </li></ul>
    10. 10. Final Thoughts <ul><li>Security is here not because of “TCP/IP” or Mr Bill G. It is here because of humans  </li></ul><ul><li>New technologies -> new attacks -> new defenses: endless cycle </li></ul><ul><li>Following “ checkbox security ” of the near future -> protected as much as the next guy -> get 0wned as much as him  </li></ul><ul><li>Now go review your incident response plans! </li></ul>
    11. 11. Thank You For Attending!!! <ul><li>Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA </li></ul><ul><li>http://www.chuvakin.org </li></ul><ul><li>Chief Logging Evangelist </li></ul><ul><li>LogLogic, Inc </li></ul><ul><li>Author of “Security Warrior” book (O’Reilly 2004) – www.securitywarrior.org </li></ul><ul><li>See www.info-secure.org for my papers, books, reviews and other security resources related to security and logs </li></ul>

    ×