Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015


Published on

My keynote address at Intuit's #Hacktober2015 event.

Published in: Software
  • Made me laugh when I saw pictures of credit cards :)
    Are you sure you want to  Yes  No
    Your message goes here

2016: The Infosec Crossroads - Keynote at Intuit #Hacktober2015

  1. 1. net-square INTUIT #Hacktober2015 2016: THE INFOSEC crossroads > SAUMIL SHAH - CEO,NET-SQUARE - INTUIT HACKTOBER 2015
  2. 2. net-square INTUIT #Hacktober2015 About Me @therealsaumil saumilshah hacker, trainer, speaker, author, photographer educating, entertaining and exasperating audiences since 1999 Saumil Shah CEO, Net-Square
  3. 3. net-square INTUIT #Hacktober2015 The Evolution of Attacks
  4. 4. net-square INTUIT #Hacktober2015 Servers Applications Desktops Browsers Identities How Have Targets Shifted?
  5. 5. net-square INTUIT #Hacktober2015 Perimeter Security Web Apps Broadband Networks WiFi Social Networks Cellular Data The Game Changers
  6. 6. net-square INTUIT #Hacktober2015 Attacks Follow The Money Defacement DDoS Phishing ID Theft Credit Card Transactions Targeted APT
  7. 7. net-square INTUIT #Hacktober2015 Today's Fashion: Breaches
  8. 8. net-square INTUIT #Hacktober2015 Today's attacks succeed because the defense is REACTIVE
  9. 9. net-square INTUIT #Hacktober2015 Firewalls IDS/IPS Antivirus WAF Endpoint Security ASLR, DEP Sandbox One-way Hacking Packet Fragmentation Obfuscation Character Encoding DNS Exfiltration Return Oriented Programming Jailbreak net-square
  10. 10. net-square INTUIT #Hacktober2015 It was different 12 years ago! Individual effort. 1 week dev time. 3-6 months shelf life. Hundreds of public domain exploits. "We did it for the fame. lols."
  11. 11. net-square INTUIT #Hacktober2015 Today... Team effort. 2-12 month dev time. 24h to 10d shelf life. Public domain exploits nearly zero. Cost,value of exploits has significantly risen. WEAPONIZATION.
  12. 12. net-square INTUIT #Hacktober2015 Haroon Meer "For a few hundred K, could you put together a team that would break-in just about anywhere?" CCDCOE Conference on Cyber Conflict - 2010
  13. 13. net-square INTUIT #Hacktober2015 $100k – 500k
  14. 14. net-square INTUIT #Hacktober2015 Attacking is (much) cheaper than defence. Attacker toolchains are far more complex than the public demonstrations we have seen so far.
  15. 15. net-square INTUIT #Hacktober2015 The defenders tried to buy back their bugs...
  16. 16. net-square INTUIT #Hacktober2015 Bug Bounties: high stakes game Chris Evans – Pwnium: Element 1337
  17. 17. net-square INTUIT #Hacktober2015 Bug Bounties tried to fill a reactive need.
  18. 18. net-square INTUIT #Hacktober2015 Bug Bounties: backfiring?
  19. 19. net-square INTUIT #Hacktober2015
  20. 20. net-square INTUIT #Hacktober2015 The (d)evolution of Users
  21. 21. net-square INTUIT #Hacktober2015 Advanced Technology Is...Advanced
  22. 22. net-square INTUIT #Hacktober2015 Technology in the hands of users
  23. 23. net-square INTUIT #Hacktober2015 The user's going to pick dancing pigs over security every time. Bruce Schneier
  24. 24. net-square INTUIT #Hacktober2015 The more sophisticated the technology, the more vulnerable it is to primitive attack. People often overlook the obvious. Doctor Who, "Pirate Planet" XKCD 358 "Security"
  25. 25. net-square INTUIT #Hacktober2015
  26. 26. net-square INTUIT #Hacktober2015 The Wrong Approach to defense
  27. 27. net-square INTUIT #Hacktober2015 Compliance != Security
  28. 28. net-square INTUIT #Hacktober2015 Compliance != Security
  29. 29. net-square INTUIT #Hacktober2015
  30. 30. net-square INTUIT #Hacktober2015 Attackers don't follow standards and certifications.
  31. 31. net-square INTUIT #Hacktober2015 Who are you more scared of? Attackers or Auditors?
  32. 32. net-square INTUIT #Hacktober2015 Today's Infosec Architecture is... Reactive UTM, IDS, IPS, WAF, SIEM, DLP, AV, MDM Rules, Signatures, Updates OUTSIDE-IN APPROACH
  33. 33. net-square INTUIT #Hacktober2015 REACTIVE defense technology Expensive to deploy Very short shelf life
  34. 34. net-square INTUIT #Hacktober2015 Existing Testing strategies do not match attacker tactics.
  35. 35. net-square INTUIT #Hacktober2015 UNREALISTIC TESTING SCENARIOS - Wait for new version release. - Don't test on production. - Don't perform intrusive testing. - X is out of scope. - Test during off-peak hours.
  36. 36. net-square INTUIT #Hacktober2015 A PROACTIVE Security Architecture
  37. 37. net-square INTUIT #Hacktober2015 Security Data Warehouse ANALYSIS AND INTELLIGENCE GATHERING Collectors SENSORS Actions Applications Internal Users External Users Perimeter Activity
  38. 38. net-square INTUIT #Hacktober2015 Intelligence Driven Security net-square From REACTIVE to PROACTIVE
  39. 39. net-square INTUIT #Hacktober2015 We already have all the information needed to defend our organization.
  40. 40. net-square INTUIT #Hacktober2015 "The Universe tells you everything you need to know about it as long as you are prepared to watch, to listen, to smell, in short to OBSERVE."
  41. 41. net-square INTUIT #Hacktober2015 PROACTIVE Security Testing
  42. 42. net-square INTUIT #Hacktober2015 Makers make, Breakers break Deep study of adversarial strategies and tactics.
  43. 43. net-square INTUIT #Hacktober2015 Collect EVERYTHING! Can't Measure? Can't Use. DevOps Model – AGILE. Testing independent of releases. Test like an attacker – RED TEAM. Know your users. EDUCATE your users. Look for anomalies – Booby traps. Analysis decide Actions.
  44. 44. net-square INTUIT #Hacktober2015 How fast can you detect anomalies and respond?
  45. 45. net-square INTUIT #Hacktober2015 THANK YOU > saumil shah net-square