Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Interop 2007 Keynote Teaser


Published on

Anton Chuvakin Interop Mscow 2007 Keynote Teaser on security trends in 2007 and beyond

Published in: Technology, News & Politics
  • Be the first to comment

Interop 2007 Keynote Teaser

  1. 1. Security Trends: 2007 and Beyond Dr Anton Chuvakin, GCIA, GCIH, GCFA Chief Logging Evangelist Interop Moscow, May 2007
  2. 2. Who is Anton? <ul><li>Chief Logging Evangelist @ LogLogic (San Jose, CA) </li></ul><ul><li>Book author: “Security Warrior”, “Hacker’s Challenge 3”, “PCI”, “Know Your Enemy 2”, etc </li></ul><ul><li>Presentations: SANS, CSI, FBI, USMA, others </li></ul><ul><li>Involved with security standards: CEE, CVSS </li></ul><ul><li>Security blogger – </li></ul>
  3. 3. Today’s Outline <ul><li>The World of Security Now </li></ul><ul><li>1990s Security vs Early 2000s vs Late 2000s </li></ul><ul><li>Attacks, Vulnerabilities, Defenses, Laws: Now and in the Future </li></ul><ul><li>What Works and What Doesn’t? </li></ul>
  4. 4. Question: What is Security Today? <ul><li>Fighting hackers? </li></ul><ul><li>Protecting networks? </li></ul><ul><li>Fixing vulnerabilities? </li></ul><ul><li>Selling “boxes”?  </li></ul><ul><li>Managing risk? </li></ul><ul><li>Hardening systems? </li></ul>?
  5. 5. Answer: What is Security Today and Tomorrow? <ul><li>Protecting Information! </li></ul>
  6. 6. <ul><li>Q: Why Start Security From 1990s? </li></ul><ul><li>A: Before 90s, There Was Security (Of Course!), But No Security Industry ! </li></ul>
  7. 7. Trends: 1990s <ul><li>Explosive global malware : Blaster, Slammer, ILoveYou </li></ul><ul><li>Server exploits : IIS is a kind of Swiss cheese </li></ul><ul><li>Hacking for fun and fame…mostly : system penetrations, DDoS “for fun” </li></ul><ul><li>Buffer overflows everywhere </li></ul><ul><li>Purchasing : Incident-driven (or F.U.D.-based) </li></ul><ul><li>Think about it! - we call this “ good old days !”  </li></ul>
  8. 8. Trends: Early 2000s <ul><li>Small circulation commercial malware , spyware (but lots of it!) </li></ul><ul><li>Bots : “ industrial revolution ” in hacking </li></ul><ul><li>Web and “Web 2.0” attacks </li></ul><ul><li>Rapid rise of client-side attacks </li></ul><ul><li>Hacking for money : Phishing, Spam, DDoS for ransom, etc </li></ul><ul><li>Purchasing : Incident-driven + regulatory purchasing + some “best practices” </li></ul>
  9. 9. Trends: Late 2000s – Near Future <ul><li>Mobile malware? Cell/mobile phones, PDAs, other connected devices </li></ul><ul><li>New Technologies : VOIP, “Web 2.0”, etc </li></ul><ul><li>More application and web application hacking: more stuff moves to the web </li></ul><ul><li>Attackers focus more on data , less on infrastructure </li></ul><ul><li>Purchasing: Mostly regulatory + “best practices” + some incident-driven </li></ul>
  10. 10. Final Thoughts <ul><li>Security is here not because of “TCP/IP” or Mr Bill G. It is here because of humans  </li></ul><ul><li>New technologies -> new attacks -> new defenses: endless cycle </li></ul><ul><li>Following “ checkbox security ” of the near future -> protected as much as the next guy -> get 0wned as much as him  </li></ul><ul><li>Now go review your incident response plans! </li></ul>
  11. 11. Thank You For Attending!!! <ul><li>Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA </li></ul><ul><li> </li></ul><ul><li>Chief Logging Evangelist </li></ul><ul><li>LogLogic, Inc </li></ul><ul><li>Author of “Security Warrior” book (O’Reilly 2004) – </li></ul><ul><li>See for my papers, books, reviews and other security resources related to security and logs </li></ul>