Interop 2007 Keynote Teaser

Security Trends: 2007 and Beyond Dr Anton Chuvakin, GCIA, GCIH, GCFA Chief Logging Evangelist Interop Moscow, May 2007

Who is Anton?
Chief Logging Evangelist @ LogLogic (San Jose, CA)
Book author: “Security Warrior”, “Hacker’s Challenge 3”, “PCI”, “Know Your Enemy 2”, etc
Presentations: SANS, CSI, FBI, USMA, others
Involved with security standards: CEE, CVSS
Security blogger – www.securitywarrior.org

Today’s Outline
The World of Security Now
1990s Security vs Early 2000s vs Late 2000s
Attacks, Vulnerabilities, Defenses, Laws: Now and in the Future
What Works and What Doesn’t?

Question: What is Security Today?
Fighting hackers?
Protecting networks?
Fixing vulnerabilities?
Selling “boxes”? 
Managing risk?
Hardening systems?
?

Answer: What is Security Today and Tomorrow?
Protecting Information!

Q: Why Start Security From 1990s?
A: Before 90s, There Was Security (Of Course!), But No Security Industry !

Trends: 1990s
Explosive global malware : Blaster, Slammer, ILoveYou
Server exploits : IIS is a kind of Swiss cheese
Hacking for fun and fame…mostly : system penetrations, DDoS “for fun”
Buffer overflows everywhere
Purchasing : Incident-driven (or F.U.D.-based)
Think about it! - we call this “ good old days !” 

Trends: Early 2000s
Small circulation commercial malware , spyware (but lots of it!)
Bots : “ industrial revolution ” in hacking
Web and “Web 2.0” attacks
Rapid rise of client-side attacks
Hacking for money : Phishing, Spam, DDoS for ransom, etc
Purchasing : Incident-driven + regulatory purchasing + some “best practices”

Trends: Late 2000s – Near Future
Mobile malware? Cell/mobile phones, PDAs, other connected devices
New Technologies : VOIP, “Web 2.0”, etc
More application and web application hacking: more stuff moves to the web
Attackers focus more on data , less on infrastructure
Purchasing: Mostly regulatory + “best practices” + some incident-driven

Final Thoughts
Security is here not because of “TCP/IP” or Mr Bill G. It is here because of humans 
New technologies -> new attacks -> new defenses: endless cycle
Following “ checkbox security ” of the near future -> protected as much as the next guy -> get 0wned as much as him 
Now go review your incident response plans!

Thank You For Attending!!!
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
Chief Logging Evangelist
LogLogic, Inc
Author of “Security Warrior” book (O’Reilly 2004) – www.securitywarrior.org
See www.info-secure.org for my papers, books, reviews and other security resources related to security and logs

Interop 2007 Keynote Teaser

by Anton Chuvakin on Jun 04, 2007

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 1

Statistics

Interop 2007 Keynote Teaser — Presentation Transcript