• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Vale Security Conference - 2011 - 9 - Andrew Cushman

Vale Security Conference - 2011 - 9 - Andrew Cushman



Vale Security Conference - 2011 ...

Vale Security Conference - 2011
Sábado - 9ª Palestra
Palestrante : Andrew Cushman
Palestra : Strategies for evolving threats
Slide (SlideShare) : http://www.slideshare.net/valesecconf/andrew-9665573



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • The            setup            in            the            video            no            longer            works.           
    And            all            other            links            in            comment            are            fake            too.           
    But            luckily,            we            found            a            working            one            here (copy paste link in browser) :            www.goo.gl/yT1SNP
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Vale Security Conference - 2011 - 9 - Andrew Cushman Vale Security Conference - 2011 - 9 - Andrew Cushman Presentation Transcript

    • Andrew CushmanSenior DirectorTrustworthy Computing SecurityMicrosoft Corporation
    • Who Am I? Joined Microsoft in 1990 Worked on MSMoney, IIS, & now Security Also Worked on “Patch Tuesday” & BlueHat New-ish Job this Year – Seeking Non-Technical Security SolutionsWhy Am I Here? Discuss Changes and Suggest Responses Adaptive Challenge Facing Us Microsoft & Andrew are committed Brasil Brasil is Special & Unique
    • Product Life Cycle Policy and Ecosystem Creation Conception AlignmentRelease
    • ManagementIdentity For Government For Citizens For the Supply Chain Employees Incident Response People Awareness and Know-How (Citizen, Children, Government Employees…) Collaboration with Critical Information/Data Protection InfrastructureTrusted Stack Solutions Public National Intelligence (incl. eGovernment Education Health Safety Security CERT) Infra- Critical National Infrastructure Trusted Government Security structure (CoreIO) Infrastructure (CoreIO) Community Engagement Supply Chain Security Secure Defense TrainingFundamentals Partnerships with National Risk Privacy Cyberwarefare Security/Priv. Development and Private Sector Management Legislation Doctrine Standards Collaboration Law Enforcement Intelligence Incident Cybersecurity Enable Secure Training and Training and Preparedness Legislation Innovation Collaboration Collaboration
    • 7th largest IT market WW6th country in PC Shipments WW3rd in online time per user – 22h50min/month5th largest cell phone market - 147M units60% of all 3G Cell Phones in Latin America2nd largest WW in number of Companies (620knew Companies only in 2010)In the last 5 years, internet active users in totalPopulation grew from 24% to 43% in 200910th in broadband (256 kb) users - 9.1M users(4.8% of total 190M population)
    • People Friendly, Smart, Hard-working, Creative, Stylish!, Proud & Humble at the same timeCulture Diverse Society and a Rich History Di Cavalcanti, Vinicius, Jorge AmadoLand of Opportunity Geography – Huge country that is rich in resources (and people) Government - Foundational Principles Rule of LawIt Works There is a Brazilian Way
    • Rapid Evolution and Adoption of Technology
    • Internet users estimated to reach 3 Billion by 2015 w/ bulk ofPeople users coming from Brazil, Russia, India, China and Indonesia The number of internet connected devices is predicted toDevices exceed over 15 billion - twice the worlds population by 2015 and will likely 50 Billion by 2020. It’s estimated that 1 billion new Web pages are created daily Data and about 32 million domain names are added to the Web every year with this number expected to rise dramatically in
    • 25 million Facebook users in the country of 1.16 billion people, an increaseof 1.78 million from the start of last month.Indian Internet to grow from 81 M to 237 M Internet users by 2015
    • Military EconomicCybercrime Espionage Cyber Warfare Espionage
    • Usage Every aspect of our lives is now dependent on computers Food, Energy, Finances, Entertainment, Clothing, GovernmentFuture Connectivity is like Oxygen Data, Data, Data Every aspect of our lives is now dependent on computers
    • Within a decade, more than 50billion everyday objects couldbe collecting data and making itavailable onlineA growing amount of Internettraffic is originating with non-PCdevices. In 2010, only 3 percentof Internet traffic originatedwith non-PC devices, but by2015 the non-PC share ofInternet traffic will grow to 15percent.PC-originated traffic will grow ata CAGR of 33 percent, whileTVs, tablets, smartphones, andmachine-to-machine (M2M)modules will have growth ratesof 101 percent, 216 percent, 144percent, and 258 percent,respectively.
    • Non-traditional data sources Sensors GPS tracks Web click streamsNon-traditional processing Massive processing over semi-structured data Less formal structural schemata Machine learning grows upProbabilistic Ranking CorrelationNovel use cases Historical mining to create real-time models Saving and processing “all-data”
    • 1 billion new Web pages are created daily andabout 32 million domain names are added to theWeb yearly with this sharp increases expected in2011.The “terabyte club” will reach 6 million by 2015.In 2015, there will be 6 million Internethouseholds worldwide generating over aterabyte per month in Internet traffic, up fromjust a few hundred thousand in 2010. There will beover 20 million households generating half aterabyte per month in 2015.The amount of data created, captured, andreplicated in the world is growing at acompounded rate of 60% a year. By 2011, thedigital universe will be 10 times the size it wasin 2006. (IDC)
    • Threats No longer just attacks on infrastructure Attacks against Intellectual Property And Attacks against the foundations Attacks against business modelsRecent Attacks & News Anonymous & Lulz Comodo, DigiNotar Location issues w/ smart phones Facial Recognition Talk from Black Hat http://www.face-to-facebook.net/hacking-monopolism- trilogy.php Hacking Microcontrolers - Don Bailey’s BH Europe
    • Borrowing Concept from Harvard BusinessReview Article 1997Key Concept – We need Technical Solutions&& we need to Adapt (change) our thinkingGet On the BalconyIdentify the Adaptive ChallengeAdaptive Solutions – often from bottom upRonald Heifetz & Donald Laurie – HBR articlehttp://hbr.org/2001/12/the-work-of-leadership/ar/1
    • Dynamic Rationalized Strategic and Optimal Continuous Risk Standardized Holistic and Operational Management Controlled Risk Basic Proactive Threat Management Threat Intelligence Robust Governance Tactical Understood Risk Integrated Security Automated Undefined Risk Threat Aware Quantitatively Managed Culture of Security Threat Ignorance Structured Service-Oriented Unpredictable ConsistencyAd-Hoc and Manual Awareness and Training Unaware
    • Protect DetectAsset Classification MonitorIdentity Mgmt - Baseline- Users - Intrusions- Devices AssessmentAccess Control - Vulnerabilities- Network - Configurations- Machine & Data ReportingTraining Defend Recover RespondUpdate Incident Response- Software Emergency response- Hardware Communicate- Procedures Remediate- Training - Quarantine- Defenses - CleanRestore - Patch- Data & Facilities
    • Dynamic Rationalized StrategicandOptimal ContinuousRisk Management Standardized HolisticandOperational ThreatManagement ControlledRisk Basic RobustGovernance Proactive ThreatIntelligence UnderstoodRisk Automated Tactical IntegratedSecurity ThreatAware CultureofSecurity UndefinedRisk QuantitativelyManaged ThreatIgnorance Structured Service-Oriented Unpredictable Consistency Ad-Hocand Manual Awareness and Training UnawareRespond Basic Standardized Rationalized Dynamic - Desktop Image Engineering - Desktop Optimization and - Desktop Virtualization Solutions - Server Virtualization with Advanced - Active Directory Design & Configuration Management - Server Virtualization with Advanced Management - High Availability Deployment - Security for Wireless Services Management - Virtual Desktop Solution - BitLocker Full-Volume Encryption - Secure Public Key Infrastructure Infrastructure - Seamless Access using DirectAccess Solutions - Network Access Protection with and TMG - Strong Authentication using IPSec Enforcement - Enterprise Federated Identity using Smartcards - Network Isolation Services ADFS - Application Lifecycle Management - Secure Web & Remote Access using - Application Backup using System Services 2010 Forefront TMG Center Data Protection Manager - Network Access Protection with - Enterprise Identity Lifecycle 802.1x Enforcement Management - Data Protection using Active Directory Rights Management - Client Anti-Malware Solutions - Enterprise Configuration - IT Compliance and Reporting: End- - Server Virtualization with Advanced Management to-End Monitoring Management - Centralized, Policy- - IT Enterprise Management: End-to- - Audit Collection Services driven Management End Cross-Platform Monitoring - System Error Reporting & Analysis - Enterprise Mobile Device Services Management - Client and Server Anti-Malware Solutions - Windows Error Reporting Deployment Services - Premier IR Support and Training - Secure Development Lifecycle Training and Assessment Services - Internet Crime and Forensics Investigations Education and Training Services - Enterprise Recovery Services 2
    • Convergence – SSL Trust Agility Moxie Marlinspike – BH USA https://www.blackhat.com/html/bh-us- 11/bh-us-11-archives.html#MarlinspikeDARPA RA-11-52 - The Defense AdvancedResearch Projects Agencys Cyber FastTrack program https://www.blackhat.com/html/bh-us- 11/bh-us-11-archives.html#ZatkoDan Kaminsky’s NetNoob
    • First BlueHat Prize Challenge: Design a novel runtime mitigation technology that is capable of preventing the exploitation of memory safety vulnerabilitiesEntry Period: Aug 3, 2011 – Apr 1, 2012Winners announced: BlackHat USA August 2012IP remains the property of the inventor, with a license forMicrosoft to use the technologyGrand Prize: • $200,000 in cashSecond Prize: • $50,000 in cashThird Prize: • MSDN subscription ($10,000 value)
    • Microsoft Confidential
    • Things that give me pause…
    • Technical Solutions On the Fast Track Army CDCiber Big Events – 2014 & 2016 RIC BroadbandUrgent Need for Adaptive Solutions Too But few Adaptive Solution Ideas & Environment continues to favor Technical SolutionsCloud Transformation Move to the Cloud is permanent – like concrete over farmland
    • © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.