Successfully reported this slideshow.
Your SlideShare is downloading. ×

There is no impenetrable system - So, why we are still waiting to get breached?

Jan. 22, 2018
1 like 327 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Loading in …3
×

Check these out next

Conferencia principal: Evolución y visión de Elastic Security
Elasticsearch
Operacionalize com alerta, dashboards customizados e linhas do tempo
Elasticsearch
Elastic Security: Protección empresarial basada en Elastic Stack
Elasticsearch
Architecting trust in the digital landscape, or lack thereof
Jonathan Sinclair
Elastic SIEM (Endpoint Security)
Kangaroot
Palestra de abertura: Evolução e visão do Elastic Security
Elasticsearch
Elastic Security Solution Brief
Joseph DeFever
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
saeid ghasemshirazi
1 of 11 Ad

There is no impenetrable system - So, why we are still waiting to get breached?

Jan. 22, 2018
1 like 327 views

Download to read offline

Software

This is some input for a panel discussion about "Security and Safety in Cloud-based Systems and Services" (9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain in February 2018).

Although it might be hard to accept. By principle, attackers can establish footholds in our systems whenever they want (zero-day exploits). Cloud application security engineering efforts focus to harden the "fortress walls". Therefore, cloud applications rely on these defensive walls but seldom attack intruders actively. There is the somehow the need for a more reactive component. A component that could be inspired by biological systems. Biological systems consider by design that defensive "walls" can be breached at several layers. So, biological systems provide an additional active defense system to attack potential successful intruders - an immune system. Although several experts find this approach "intriguing", there are follow-up questions arising. What is about exploits that adapt to bio-inspired systems? How to protect the immune system against direct attacks? Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self-attacking)?

This is some input for a panel discussion about "Security and Safety in Cloud-based Systems and Services" (9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain in February 2018).

Although it might be hard to accept. By principle, attackers can establish footholds in our systems whenever they want (zero-day exploits). Cloud application security engineering efforts focus to harden the "fortress walls". Therefore, cloud applications rely on these defensive walls but seldom attack intruders actively. There is the somehow the need for a more reactive component. A component that could be inspired by biological systems. Biological systems consider by design that defensive "walls" can be breached at several layers. So, biological systems provide an additional active defense system to attack potential successful intruders - an immune system. Although several experts find this approach "intriguing", there are follow-up questions arising. What is about exploits that adapt to bio-inspired systems? How to protect the immune system against direct attacks? Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self-attacking)?

Software
License: CC Attribution-ShareAlike License
Advertisement

Recommended

Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Elasticsearch
294 views
21 slides
Operar con alertas, dashboards customizados y cronología
Elasticsearch
322 views
24 slides
Poner en funcionamiento con alertas, dashboards customizados y líneas de tiempo
Elasticsearch
513 views
24 slides
Automatisez la détection des menaces et évitez les faux positifs
Elasticsearch
343 views
32 slides
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Elasticsearch
317 views
23 slides
October 2020 meetup
Daliya Spasova
128 views
11 slides
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elasticsearch
421 views
13 slides
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elasticsearch
2.2k views
13 slides
Advertisement

More Related Content

Slideshows for you (20)

Conferencia principal: Evolución y visión de Elastic Security
Elasticsearch
244 views
Operacionalize com alerta, dashboards customizados e linhas do tempo
Elasticsearch
380 views
Elastic Security: Protección empresarial basada en Elastic Stack
Elasticsearch
262 views
Architecting trust in the digital landscape, or lack thereof
Jonathan Sinclair
69 views
Elastic SIEM (Endpoint Security)
Kangaroot
2.7k views
Palestra de abertura: Evolução e visão do Elastic Security
Elasticsearch
455 views
Elastic Security Solution Brief
Joseph DeFever
507 views
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
saeid ghasemshirazi
58 views
Security Research Projects Guidance
Network Simulation Tools
34 views
Automatiza las detecciones de amenazas y evita los falsos positivos
Elasticsearch
222 views
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019
Aaron Rinehart
261 views
Operationalize with alerting, custom dashboards, and timelines
Elasticsearch
735 views
Braveheart Cloud Storage 2014 Student Showcase
Travis McAdams
294 views
The Art and Science of Alert Triage
Sqrrl
1.1k views
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...
Ecway Technologies
12 views
Keynote: Elastic Security evolution and vision
Elasticsearch
369 views
Binary Clone Wars at CanSecWest 2009
Derek Callaway
114 views
Machine Learning para detección de anomalías, modelado de series temporales y...
Elasticsearch
1.8k views
Adaptive Intrusion Detection Using Learning Classifiers
Patrick Nicolas
1.9k views
Building Elastic into security operations
Elasticsearch
710 views
Conferencia principal: Evolución y visión de Elastic Security
Elasticsearch
244 views
28 slides
Operacionalize com alerta, dashboards customizados e linhas do tempo
Elasticsearch
380 views
22 slides
Elastic Security: Protección empresarial basada en Elastic Stack
Elasticsearch
262 views
13 slides
Architecting trust in the digital landscape, or lack thereof
Jonathan Sinclair
69 views
31 slides
Elastic SIEM (Endpoint Security)
Kangaroot
2.7k views
42 slides
Palestra de abertura: Evolução e visão do Elastic Security
Elasticsearch
455 views
28 slides

Similar to There is no impenetrable system - So, why we are still waiting to get breached? (20)

About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
Nane Kratzke
528 views
About an Immune System Understanding for Cloud-native Applications - Biology ...
Nane Kratzke
622 views
Huntpedia
Jc Sv
68 views
Quantum Safety in Certified Cryptographic Modules
OnBoard Security, Inc. - a Qualcomm Company
309 views
One Time Pad Journal
Amirul Wiramuda
735 views
Artificial Intelligence Techniques for Cyber Security
IRJET Journal
116 views
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET Journal
24 views
Real-time fallacy: how real-time your security really is?
Anton Chuvakin
455 views
AI for Cybersecurity Innovation
Pete Burnap
53 views
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Barry Greene
747 views
Are you ready for the next attack? Reviewing the SP Security Checklist
APNIC
267 views
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET Journal
5 views
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
347 views
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
Mark Underwood
142 views
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
TI Safe
337 views
BsidesLVPresso2016_JZeditsv6
Rod Soto
259 views
BE-EEE-8th sem-Presentation Artificial intelligence in security managenent
MOHAMMED SAQIB
424 views
Monitoring your organization against threats - Critical System Control
Marc-Andre Heroux
1.2k views
Security Transformation
Faisal Yahya
447 views
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
151 views
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
Nane Kratzke
528 views
13 slides
About an Immune System Understanding for Cloud-native Applications - Biology ...
Nane Kratzke
622 views
20 slides
Huntpedia
Jc Sv
68 views
107 slides
Quantum Safety in Certified Cryptographic Modules
OnBoard Security, Inc. - a Qualcomm Company
309 views
36 slides
One Time Pad Journal
Amirul Wiramuda
735 views
5 slides
Artificial Intelligence Techniques for Cyber Security
IRJET Journal
116 views
3 slides
Advertisement

More from Nane Kratzke (20)

Smart like a Fox: How clever students trick dumb programming assignment asses...
Nane Kratzke
1.2k views
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
Nane Kratzke
464 views
Serverless Architectures - Where have all the servers gone?
Nane Kratzke
1.2k views
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Nane Kratzke
454 views
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
Nane Kratzke
415 views
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Nane Kratzke
1.2k views
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Nane Kratzke
1.7k views
Was die Cloud mit einem brennenden Haus zu tun hat
Nane Kratzke
622 views
What the cloud has to do with a burning house?
Nane Kratzke
772 views
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
Nane Kratzke
2.2k views
RESTful APIs mit Dart
Nane Kratzke
961 views
ppbench - A Visualizing Network Benchmark for Microservices
Nane Kratzke
1.8k views
About Microservices, Containers and their Underestimated Impact on Network Pe...
Nane Kratzke
9.9k views
Java Streams und Lambdas
Nane Kratzke
3.7k views
Dart (Teil II der Tour de Dart)
Nane Kratzke
6.5k views
Dart (Teil I der Tour de Dart)
Nane Kratzke
11.2k views
Cloud Economics in Training and Simulation
Nane Kratzke
601 views
Are cloud based virtual labs cost effective? (CSEDU 2012)
Nane Kratzke
895 views
What Cost Us Cloud Computing
Nane Kratzke
303 views
Overcoming Cost Intransparency of Cloud Computing
Nane Kratzke
592 views
Smart like a Fox: How clever students trick dumb programming assignment asses...
Nane Kratzke
1.2k views
28 slides
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
Nane Kratzke
464 views
18 slides
Serverless Architectures - Where have all the servers gone?
Nane Kratzke
1.2k views
33 slides
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Nane Kratzke
454 views
24 slides
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
Nane Kratzke
415 views
11 slides
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Nane Kratzke
1.2k views
35 slides

Recently uploaded (20)

Assignment Organizational Behavior.docx
AltafKhadim
3 views
GENERAL PRINCIPLES OF PIPELINING.pptx
chaddasingh
0 views
FuzzyRelations.pptx
VaishaliBagewadikar
1 view
SOFTWARE PROTOTYPING.ppt
KavithaNair28
3 views
12682076.ppt
priyanshugautam46
2 views
More the merrier: a microservices anti-pattern
Chris Richardson
0 views
REST.ppt
Mohit Joshi
4 views
Getting Started With Android Studio.pptx
GDSCUOWMKDUPG
5 views
Dan GreinerIBMTarihçe.ppt
ssuser0f411f
0 views
Jfokus_Bringing the cloud back down to earth.pptx
Grace Jansen
0 views
AI.PDF
PremKumar850677
0 views
Cfgmgmtcamp 2023 — eBPF Superpowers
Raphaël PINSON
0 views
database1.pptx
OmarKamil1
3 views
OOP.pptx
saifnasir3
3 views
angular-tesla-home.pdf
Riccardo Vettore
18 views
Firewalls in cryptography
T7Unknown
1 view
AR Series Routers V600R021C00.pptx
Kipsindo Kibet
3 views
Revit_Keyboard_Shortcuts_Guide.pdf
WilsonPoikayil
5 views
API Testing.pptx
GurzuInc
5 views
GRID TECH..pptx
ANANT SONI
9 views
Assignment Organizational Behavior.docx
AltafKhadim
3 views
48 slides
GENERAL PRINCIPLES OF PIPELINING.pptx
chaddasingh
0 views
9 slides
FuzzyRelations.pptx
VaishaliBagewadikar
1 view
31 slides
SOFTWARE PROTOTYPING.ppt
KavithaNair28
3 views
4 slides
12682076.ppt
priyanshugautam46
2 views
24 slides
More the merrier: a microservices anti-pattern
Chris Richardson
0 views
49 slides
Advertisement

There is no impenetrable system - So, why we are still waiting to get breached?

  1. 1. There is no impenetrable system So, why we are still waiting to get breached? Nane Kratzke Panel Discussion: “Security and Safety in Cloud-based Systems and Services“ 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018
  2. 2. The Fortress Walls of Cloud Applications Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 • Security Groups • Firewalls • VPNs • Intrusion Detection Systems • Unattended Security Updates • Symmetric and asymmetric encryption • Password (checks) • SSH Keys • Authentication • Authorization • Two (Multi) Factor Authentication • …
  3. 3. How to defense against unknown vulnerabilities? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 3 Reported in January 2018. Mainly x86 microprocessors with out-of-order execution and branch-prediction affected since 1995 (says Google). CVE-2017-5754 CVE-2017-5715 CVE-2017-5753 I started my computer science studies in 1996! My microprocessorprofessor told me,out-of-order execution and branch-prediction isone of the coolestthings on earth.
  4. 4. How long can presence be maintained? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4 Answer: Surprisingly long!
  5. 5. Some scary considerations • In principle attackers can establish footholds in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5
  6. 6. We need a reactive component as well Biological systems are different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 6
  7. 7. Let us make the game more challenging for the attacker (act, do not react) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)
  8. 8. It is all about Pets versus Cattle Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 8 • Assume you are a rancher • Assume one of your cattle is deadly infectious • Be professional, shoot – and replace it • Yes, life is not fair (maybe for the cute kitty) • However, we should remember that for security (and that zero-day attacks are not fair as well)
  9. 9. Immune systems for cloud applications? Yes, there are questions worth to be discussed … • Can we reduce regenerations? • Can we identify suspect nodes automatically? • Limited to what kind of applications? • What is about exploits/attacks that are adaptable to bio- inspired systems? • How to protect the regeneration mechanism against attackers? • Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self- attacking)? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 9
  10. 10. Acknowledgement • Ninja: Pixabay (CC0 Public Domain) • Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Cattle: Pixabay (CC0 Public Domain) • Cell: Pixabay (CC0 Public Domain) • Air Transport: Pixabay (CC0 Public Domain) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 Picture Reference Our research is funded by German Federal Ministry of Education and Research (13FH021PX4). Presentation URL
  11. 11. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 11 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka

×