SlideShare a Scribd company logo

Product security by Blockchain, AI and Security Certs

Download as PPTX, PDF
LabSharegroup
LabSharegroup

Three themes You need to think about Product Security — and some tips for How to Do It I have been working with software security laboratories and IT security firms for years. I have talked with clients, read and watched dozens of articles/videos and talked with several experts about product security themes, future, technologies. The three themes are: Is the blockchain the new technology of trust? Blockchain has the potential to transform industries. However, some security experts raised questions: If blockchain is broadly used in technology solutions will security standards be adopted? How to protect the cryptographic keys that allow access to the blockchain applications? Although it is true that the potential is huge such as securing IoT nodes, edge devices with authentication, improved confidentiality and data integrity, disrupting current PKI systems, reducing DDoS attacks etc. AI (Machine Learning, Deep Learning, Reinforcement Learning algorithm) potential in Product Security Machine learning can help in creating products that analyse threats and respond to attacks and security incidents. There are several repositories on GitHub or open-source codes by IBM available for developers. Deep learning networks are rapidly growing due to cheap cloud GPU services and after Reinforcement learning algorithm’s last success nobody knows the upper limit. Product Security by International security standards and practices The present, future, and developmental orientations of independent third party certificates Industry. How can the international standards answer the rapid growth of new technologies and maintain secure applications in IoT, Blockchain or AI-driven industries? Are IT products reliable, secure and will they stay that way? I would like to explain Product Security in a simple way. My goal is the introduction of product security for Tech startups, fast-growing Tech firms. Furthermore, I would like to emphasize the benefits of product security certification.

Technology
1 of 38
2 Product Security by Blockchain, by Tibor Zahorecz AI and Security Certification landing page for Startups (series B, C), SME and Technology Fast 500 send me feedback here
AGENDA PROBLEM BLOCKCHAIN, AI PRODUCT SECURITY SOLUTION BEHIND Are IT products reliable and secure? Blockchain, AI is the new Technology of Trust? Product Security by International security standards and practices Why International security certs are good for the world, markets and the vendors Behind this deck 3
4 Are (Information Technology) products reliable & secure?
Over 8600 Vulnerabilities found in pacemakers (Medical sector) media: https://thehackernews.com/2017/06/pacemaker-vulnerability.html In a recent study, researchers from security firm White Scope analysed seven pacemaker products from four different vendors and discovered that they use more than 300 third-party libraries, 174 of which are known to have over 8,600 vulnerabilities that hackers could exploit in pacemaker programmers. 5
Deep flaw in your car (Mobility sector) media: https://www.wired.com/story/car-hack-shut-down-safety-features/ Highlighting a little-noticed automotive hacking technique it presented at the DIVMA security conference in Bonn, Germany. Along with researchers at LinkLayer Labs and the Polytechnic University of Milan. Their work points to a fundamental security issue in the CAN protocol that car components use to communicate and send commands to one another within the car's network, one that would allow a hacker who accesses the car's internals to shut off key automated components, including safety mechanisms 6
Hacking industrial robots (Industry 4.0) Group of researchers from Polytechnic University of Milan and Trend Micro has discovered that some robots are directly connected to the Internet (for example, for receiving updates from the manufacturer or sending telemetry to company headquarters), or to an insufficiently isolated factory Wi-Fi network. This enables malefactors to discover robots with the help of a dedicated scanner. The robots are easy prey. With no encryption used when updating firmware, no digitally signed firmware at all, and default user names and passwords used, anyone who finds a robot’s IP address can modify its configuration files and change its operation logic. 7 media: https://www.kaspersky.com/blog/hacking-industrial-robots/17879/
Hacking IoT Devices: How to Create a Botnet of Refrigerators (IoT) source: https://www.thesslstore.com/blog/hacking-iot-devices-create-botnet-refrigerators/ DDoS attacks that use botnets made of IoT devices are not just possible—they’re happening. Mirai primarily targeted IoT devices. It did this by using devices it had already infected to scan the internet for IoT devices. Once it identified its targets, it used a table of over 60 common factory default usernames and passwords to hack into the devices. Deep dive into IoT Hacks 8
9 Blockchain, AI is the new Technology of Trust?
Blockchain is secure Blockchain has the potential to change the way we buy and sell, interact with government and verify the authenticity of everything See the interactive intro
What is Blockchain? Deep Dive Blockchain at Berkeley The Blockchain Fundamentals DeCal is a comprehensive survey of relevant topics in cryptocurrency and the wider blockchain space… See in the Lecture notes for more information 11
What is AI? Deep Dive Google deck about ML, AI, DL The system implemented today are a form of narrow AI - a system that can do just one defined things better than humans. See in the Lecture notes for more information 12
What is a Decentralized AI? Blockchains and deep learning Content: Why decentralized and AI are relevant to each other Overview of deep learning Problems with centralized machine learning What decentralization is and isn't Problems with the web today First generation peer-to-peer networks Applications of cryptography Decentralizing the web; storage, transport, & computation Smart contracts and automation Decentralized autonomous organizations See in the Lecture notes for more information 13
Decentralized Artificial Intelligence in Practice OpenMined OpenMined is a community focused on building open-source technology for the decentralized ownership of data and intelligence. The OpenMined ecosystem incorporates a number of technologies including federated machine learning, blockchain, multi-party computation, and homomorphic encryption. See in the Lecture notes for more information 14
AI and DL current topics for Product Security Hands-On Workshop: Creating Intelligent Physical Security Products Using AI and Deep Learning by NVIDIA: link Machine Learning in Cyber Security Domain: blog How machine learning can be used to write more secure computer programs (link) IoT Security Techniques Based on Machine Learning (study) MLconf 2017 Seattle presentations Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database (paper link) GitHub Repo (https://github.com/ANSSI-FR/ASCAD) ● Copyright (C) 2018, ANSSI and CEA 15
Blockchain Protocol Analysis and Security Engineering 2017 /Stanford/ deep dive How Formal Analysis and Verification Add Security to Blockchain Layers for security consideration: Key Management, Audit, Backup: ISO/IEC 27000 Program Code, Secure Hardware: ISO/IEC 15408 (Common Criteria) Privacy protection, Secure transaction: ISO/IEC 29128 The 2018 agenda link in the lecture note 16
How Formal Analysis and Verification Add Security to Blockchain- based Systems by Shin’ichiro Matsuo (MIT Media Lab) Pindar Wong (VeriFi Ltd.) source 17
Blockchain Protocol Analysis and Security Engineering 2018 /Stanford/ deep dive The conference materials are online Some topics Charles Guillemet; State-of-the-art Attacks on Secure Hardware Wallets Florian Tramèr et al.; Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts Michael Egorov; NuCypher KMS: Decentralized key management system Agenda, and materials 18
19 Product Security by International security standards & practices
Selected Security Certifications and Security Validations 20
Common Criteria is an International security scheme Common Criteria Certification provides independent, objective validation of the reliability, quality, and trustworthiness of IT products. XEROX ‘It is a standard that customers can rely on to help them make informed decisions about their IT purchases’ https://www.xerox.com/information- security/common-criteria/enus.html Dell EMC ‘Certification for Common Criteria for Information Technology Security Evaluation (Common Criteria) is part of our comprehensive Product Security Program that ensures delivery of secure products to enable information infrastructure security for organizations.’ https://australia.emc.com/products/se curity/external-security-validation.htm NATO ‘By establishing a common base, the results of an IT security evaluation are more meaningful to a wider audience.’ https://www.ia.nato.int/guidance-more 21
Some Certified IT Product categories (lists are in the lecture note) COMMUNICATIONS AND SURVEILLANCE: Secure Communications, Devices and Management, Tactical Radios, Tablets, Phones and Mobile etc. CRYPTOGRAPHY & CRYPTOGRAPHIC LIBRARIES NETWORK SECURITY: IT Management Systems for Infrastructure Network Automation, Configuration and Management Virtual Networking Server Mgmt Solutions VPN, Switches and Routers Network & Network Related Devices and Systems Data Compression and Network Security Solutions Server Automation & Management Secure Web Gateway STORAGE DATA MANAGEMENT: Encryption Management Strategy Data Compression and Network Security Solutions, Virtual Machine Storage etc. APPLICATION SOFTWARE: Assertively implement one-to-one platforms whereas cooperative schemas. CLOUD SERVICES SECURITY INFORMATION & EVENT MANAGEMENT (SIEM), LOG ANALYSIS SMART CARD & READER OPERATING SYSTEMS INTRUSION & VULNERABILITY PREVENTION 22
Database products - Product Security Practice - by MarkLogic Deep Dive Building Security Into MarkLogic Given the increase in data breaches, securing the perimeter is no longer enough. The database itself must be secure. That is why according to MarkLogic, an industry leader in next-gen database technology, Common Criteria Certification* and advanced security features like element level security and advanced encryption are critical elements a database must include in today’s constantly evolving threat environment. 23 * Building Security Into MarkLogic white paper, MarkLogic
Cybersecurity - Product Security Practice - by McAfee Deep Dive McAfee Product Security Practices McAfee’s takes product security very seriously. Our practices include designing for both security and privacy, in software and applications. We have rigorous product security policies and processes designed to proactively find and remove software security defects, e.g. security vulnerabilities. We understand that our products must not only fulfill the stated function to help protect our customers, the McAfee software itself must also aim to protect itself from vulnerabilities and attackers. McAfee strives to build software that demonstrates resilience against attacks. (url) Core Software Security book by Dr. James Ransome ( Senior Director of Product Security McAfee): link Advice for software companies in lecture notes 24
Experiences from the certification of an open source product - PrimeKey Key messages: Benefits of Common Criteria ● Improved software quality ● Improved security documentation ● Independent security audit ● Secure development processes ● Increased market potential Applicability of Certification Although it does provide security benefits as described, the cost and work involved is usually too high for any organization to perform a certification unless there are clear business requirements or advantages. There are huge differences depending on the product type and area. Lecture notes contains more information 25 * Tomas Gustavsson, M.Sc has been researching and implementing PKI systems since 1994. CTO at PrimeKey, founder of open source PKI project EJBCA and committed follower of open standards.
BSIMM - Bringing science to software security Deep Dive About the BSIMM BSIMM, pronounced “bee simm” is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variations that make each unique. Why Join? https://www.bsimm.com/about/membership.htm l 26
Why International security certs are good for the people, vendors and the world?
Customers and Market benefits from product security certification BY GENE KEELING, DIRECTOR, GLOBAL CERTIFICATION TEAM, CISCO (read more) Improved availability of assessed, security-enhanced IT products Improved citizen confidence in products Consumers are able to compare their needs beside the Common Criteria’s consistent standards to decide on the level of security required. Allowing vendors to focus resources on standard requirements for the improvement of security in products Buyers can be more definitive when determining if particular products meet their specific requirements 28
Vendors benefits from product security certification Regulated Industries market access (unlocking): > $500 Billion FED Total Addressable Market access: $90 Billion Governments market access (globally) Transnational Organization market access: NATO, EU, Banking etc. Gain competitive edge in the marketplace Elevate company’s brand as products are independently evaluated against transparent and auditable standards for security. Build secure products with less vulnerabilities (branding) 29
Vendors benefits from product security certification - New Markets 30
Worldwide Recognition Twenty-seven countries, including the United States and Canada, have signed the Common Criteria Recognition Arrangement (CCRA), making it an unparalleled measure of security for the international commerce of IT products. Why Pursue Common Criteria Validation? Access previously untapped markets, such as the Intelligence Community, Financial Services, Healthcare, Critical Infrastructure, and US and Foreign governments Demonstrate corporate commitment to product security Elevate company’s brand to potential customers that products have been independently evaluated against transparent and auditable standards for security 31
Minimize the uncertainty with Readiness Assessment Avoid speculation over wide ranging estimates, conflicting timelines, and confusing requirements with an internal audit of your company’s certification readiness Problem: These certifications are fraught with uncertainties and challenges which if not properly understood and addressed can lead to missteps, perils, and significant opportunity costs for most companies. Questions always on client side: How much does this cost? How long will this take? How much impact will this have on our engineering staff? Solution: The Readiness Assessment is a highly engaged and interactive session which goes beyond assessing a product’s security gaps to addressing a company’s overall preparedness when embarking on a certification effort. Examines the critical success factors in every certification effort as well as uncovers potential failure points in the process for your specific projects. Finally, the teams work together to produce a roadmap that best fits your organization and certification goals. It will encompass all aspects of the certification effort; including costs, potential human capital considerations, product readiness, and timing. Inputs and Discussion Topics: • Libraries & Cryptographic Health Analysis • User I&A/AAA Analysis • Vulnerability Assessment & Patch/Update Strategy • Product Architecture & Security Review • Intellectual Property Protection • Documentation, Testing, & Program Requirements 32
Behind this deck
Security validation & certification benefits SECURE PRODUCTS 75% TRUST 90% BRAND AWARENESS 45% GLOBAL ACCEPTANCE 75% 34
WHY CORSEC DISCOVER REQUIRED PRODUCT CHANGES EARLY IN THE PROCESS 75% FIXED PRICE & FIXED TIMELINES 90% PRODUCT SECURITY EXPERIENCE > 325 UNIQUE PRODUCTS 95% > 1 million HOURS SECURITY VALIDATION 99% For two decades Corsec has partnered with companies around the world to accelerate go-to-market readiness, improve brand reputation, and significantly increase financial returns for our clients. Our turnkey approach gets companies through FIPS 140-2, Common Criteria, and listing on the DoD APL while reducing the internal engineering burden associated with product security compliance and security hardening while mitigating the risks associated with security certifications. References DONE ONCE, DONE RIGHT 35
WHY CCLab RESPONSIVENESS 90% AGILE - SPEED - TIME TO MARKET 95% AFFORDABLE 99% CCLab is an accredited Common Criteria evaluation laboratory based in Budapest operating under the Italian governmental security scheme (OCSI). It has experience in the evaluation of crypto libraries, SmartCards, digital signature applications, digital wallets, PKI and Blockchain-based applications. References We help to make products secure and internationally accepted. 36
LabShare Find and obtain software security, secure software development and niche engineering services from audited Labs and firms. Improve your product security level 37
CONTACT US email: tibor.zahorecz@dosell.io , send feedbacks here, landing page

Recommended

AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
OA_Cyber security course with AI
OA_Cyber security course with AIOA_Cyber security course with AI
OA_Cyber security course with AI
Object Automation
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
SahilRao25
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
Infosec
 

Recommended

AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey Gordeychik
Sergey Gordeychik
 
OA_Cyber security course with AI
OA_Cyber security course with AIOA_Cyber security course with AI
OA_Cyber security course with AI
Object Automation
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
SahilRao25
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for Thought
NUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurity
Mohammad Khreesha
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on Cybersecurity
Graham Mann
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
Infosec
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
DevOps.com
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
Harsh Bhanushali
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
PECB
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise Cybersecurity
Tahseen Shabab
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
Sri Ambati
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
Dr. Umesh Rao.Hodeghatta
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
BGA Cyber Security
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
Burhan Ahmed
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Cybereason
 
Blackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityBlackbox Testing in AI Cybersecurity
Blackbox Testing in AI Cybersecurity
ShauryaGupta38
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITYARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
venkatvajradhar1
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika University
Avantika University
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
Ahmed Banafa
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Forcepoint LLC
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
Aladdin Dandis
 
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyayCareer guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Sabyasachi Mukhopadhyay
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
Source Code Control Limited
 

More Related Content

What's hot

How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
DevOps.com
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
Harsh Bhanushali
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
PECB
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise Cybersecurity
Tahseen Shabab
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
DLabs
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
Sri Ambati
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
Dr. Umesh Rao.Hodeghatta
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
DexterJanPineda
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
BGA Cyber Security
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
Burhan Ahmed
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Cybereason
 
Blackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityBlackbox Testing in AI Cybersecurity
Blackbox Testing in AI Cybersecurity
ShauryaGupta38
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITYARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
venkatvajradhar1
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika University
Avantika University
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
Ahmed Banafa
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Forcepoint LLC
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Shawn Tuma
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
Aladdin Dandis
 
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyayCareer guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Sabyasachi Mukhopadhyay
 

What's hot (20)

How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise Cybersecurity
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
 
Blackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityBlackbox Testing in AI Cybersecurity
Blackbox Testing in AI Cybersecurity
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITYARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika University
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
 
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyayCareer guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
 

Similar to Product security by Blockchain, AI and Security Certs

Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
LabSharegroup
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
Source Code Control Limited
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
WoMaster
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
Felipe Prado
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
Savinder Puri
 
Top 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfTop 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdf
SonaliG6
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Black Duck by Synopsys
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
IJRES Journal
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
Trends in IoT 2017
Trends in IoT 2017Trends in IoT 2017
Trends in IoT 2017
Dr Ganesh Iyer
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
Cigniti Technologies Ltd
 
CompTIA CySA+ Domain 2 Software and Systems Security.pptx
CompTIA CySA+ Domain 2 Software and Systems Security.pptxCompTIA CySA+ Domain 2 Software and Systems Security.pptx
CompTIA CySA+ Domain 2 Software and Systems Security.pptx
Infosectrain3
 
Industrial Control Systems Go Mobile in the Cloud
Industrial Control Systems Go Mobile in the CloudIndustrial Control Systems Go Mobile in the Cloud
Industrial Control Systems Go Mobile in the Cloud
Lockheed Martin
 
Top Cybersecurity vendors.pptx
Top Cybersecurity vendors.pptxTop Cybersecurity vendors.pptx
Top Cybersecurity vendors.pptx
SonaliG6
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
Jim Kaplan CIA CFE
 
Software Piracy Protection
Software Piracy ProtectionSoftware Piracy Protection
Software Piracy Protection
ijtsrd
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 

Similar to Product security by Blockchain, AI and Security Certs (20)

Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
 
Top 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfTop 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdf
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
 
Insecure mag-19
Insecure mag-19Insecure mag-19
Insecure mag-19
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Trends in IoT 2017
Trends in IoT 2017Trends in IoT 2017
Trends in IoT 2017
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
CompTIA CySA+ Domain 2 Software and Systems Security.pptx
CompTIA CySA+ Domain 2 Software and Systems Security.pptxCompTIA CySA+ Domain 2 Software and Systems Security.pptx
CompTIA CySA+ Domain 2 Software and Systems Security.pptx
 
Industrial Control System Applications go Mobile in the Cloud 20150825 v1
Industrial Control System Applications go Mobile in the Cloud 20150825 v1Industrial Control System Applications go Mobile in the Cloud 20150825 v1
Industrial Control System Applications go Mobile in the Cloud 20150825 v1
 
Industrial Control Systems Go Mobile in the Cloud
Industrial Control Systems Go Mobile in the CloudIndustrial Control Systems Go Mobile in the Cloud
Industrial Control Systems Go Mobile in the Cloud
 
Top Cybersecurity vendors.pptx
Top Cybersecurity vendors.pptxTop Cybersecurity vendors.pptx
Top Cybersecurity vendors.pptx
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Software Piracy Protection
Software Piracy ProtectionSoftware Piracy Protection
Software Piracy Protection
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 

More from LabSharegroup

Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017
LabSharegroup
 
Accelerate your company
Accelerate your companyAccelerate your company
Accelerate your company
LabSharegroup
 
Build venture - engineering services
Build venture - engineering servicesBuild venture - engineering services
Build venture - engineering services
LabSharegroup
 
Production ergonomics
Production ergonomicsProduction ergonomics
Production ergonomics
LabSharegroup
 
DAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformDAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell Platform
LabSharegroup
 
Machinery design & engineering
Machinery design & engineeringMachinery design & engineering
Machinery design & engineering
LabSharegroup
 
B2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthB2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and Growth
LabSharegroup
 
B2B venture reference guide - part II.
B2B venture reference guide - part II.B2B venture reference guide - part II.
B2B venture reference guide - part II.
LabSharegroup
 
B2B reference guide for company makers
B2B reference guide for company makersB2B reference guide for company makers
B2B reference guide for company makers
LabSharegroup
 
DoSell pitch deck
DoSell pitch deckDoSell pitch deck
DoSell pitch deck
LabSharegroup
 
DoSell vision, services overview
DoSell vision, services overviewDoSell vision, services overview
DoSell vision, services overview
LabSharegroup
 
How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.
LabSharegroup
 
The true story of building up our venture
The true story of building up our ventureThe true story of building up our venture
The true story of building up our venture
LabSharegroup
 
Industrial Design www.dosell.io
Industrial Design www.dosell.ioIndustrial Design www.dosell.io
Industrial Design www.dosell.io
LabSharegroup
 
Common Criteria Lab Hungary
Common Criteria Lab HungaryCommon Criteria Lab Hungary
Common Criteria Lab Hungary
LabSharegroup
 
The best way to design secure software products
The best way to design secure software productsThe best way to design secure software products
The best way to design secure software products
LabSharegroup
 
Bring your Ideas to Life
Bring your Ideas to LifeBring your Ideas to Life
Bring your Ideas to Life
LabSharegroup
 
DoSell Virtual Verification
DoSell Virtual VerificationDoSell Virtual Verification
DoSell Virtual Verification
LabSharegroup
 
Cathay general intro
Cathay general introCathay general intro
Cathay general intro
LabSharegroup
 
ViveLab
ViveLabViveLab
ViveLab
LabSharegroup
 

More from LabSharegroup (20)

Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017
 
Accelerate your company
Accelerate your companyAccelerate your company
Accelerate your company
 
Build venture - engineering services
Build venture - engineering servicesBuild venture - engineering services
Build venture - engineering services
 
Production ergonomics
Production ergonomicsProduction ergonomics
Production ergonomics
 
DAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformDAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell Platform
 
Machinery design & engineering
Machinery design & engineeringMachinery design & engineering
Machinery design & engineering
 
B2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthB2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and Growth
 
B2B venture reference guide - part II.
B2B venture reference guide - part II.B2B venture reference guide - part II.
B2B venture reference guide - part II.
 
B2B reference guide for company makers
B2B reference guide for company makersB2B reference guide for company makers
B2B reference guide for company makers
 
DoSell pitch deck
DoSell pitch deckDoSell pitch deck
DoSell pitch deck
 
DoSell vision, services overview
DoSell vision, services overviewDoSell vision, services overview
DoSell vision, services overview
 
How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.
 
The true story of building up our venture
The true story of building up our ventureThe true story of building up our venture
The true story of building up our venture
 
Industrial Design www.dosell.io
Industrial Design www.dosell.ioIndustrial Design www.dosell.io
Industrial Design www.dosell.io
 
Common Criteria Lab Hungary
Common Criteria Lab HungaryCommon Criteria Lab Hungary
Common Criteria Lab Hungary
 
The best way to design secure software products
The best way to design secure software productsThe best way to design secure software products
The best way to design secure software products
 
Bring your Ideas to Life
Bring your Ideas to LifeBring your Ideas to Life
Bring your Ideas to Life
 
DoSell Virtual Verification
DoSell Virtual VerificationDoSell Virtual Verification
DoSell Virtual Verification
 
Cathay general intro
Cathay general introCathay general intro
Cathay general intro
 
ViveLab
ViveLabViveLab
ViveLab
 

Recently uploaded

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Product security by Blockchain, AI and Security Certs

  • 1.
  • 2. 2 Product Security by Blockchain, by Tibor Zahorecz AI and Security Certification landing page for Startups (series B, C), SME and Technology Fast 500 send me feedback here
  • 3. AGENDA PROBLEM BLOCKCHAIN, AI PRODUCT SECURITY SOLUTION BEHIND Are IT products reliable and secure? Blockchain, AI is the new Technology of Trust? Product Security by International security standards and practices Why International security certs are good for the world, markets and the vendors Behind this deck 3
  • 5. Over 8600 Vulnerabilities found in pacemakers (Medical sector) media: https://thehackernews.com/2017/06/pacemaker-vulnerability.html In a recent study, researchers from security firm White Scope analysed seven pacemaker products from four different vendors and discovered that they use more than 300 third-party libraries, 174 of which are known to have over 8,600 vulnerabilities that hackers could exploit in pacemaker programmers. 5
  • 6. Deep flaw in your car (Mobility sector) media: https://www.wired.com/story/car-hack-shut-down-safety-features/ Highlighting a little-noticed automotive hacking technique it presented at the DIVMA security conference in Bonn, Germany. Along with researchers at LinkLayer Labs and the Polytechnic University of Milan. Their work points to a fundamental security issue in the CAN protocol that car components use to communicate and send commands to one another within the car's network, one that would allow a hacker who accesses the car's internals to shut off key automated components, including safety mechanisms 6
  • 7. Hacking industrial robots (Industry 4.0) Group of researchers from Polytechnic University of Milan and Trend Micro has discovered that some robots are directly connected to the Internet (for example, for receiving updates from the manufacturer or sending telemetry to company headquarters), or to an insufficiently isolated factory Wi-Fi network. This enables malefactors to discover robots with the help of a dedicated scanner. The robots are easy prey. With no encryption used when updating firmware, no digitally signed firmware at all, and default user names and passwords used, anyone who finds a robot’s IP address can modify its configuration files and change its operation logic. 7 media: https://www.kaspersky.com/blog/hacking-industrial-robots/17879/
  • 8. Hacking IoT Devices: How to Create a Botnet of Refrigerators (IoT) source: https://www.thesslstore.com/blog/hacking-iot-devices-create-botnet-refrigerators/ DDoS attacks that use botnets made of IoT devices are not just possible—they’re happening. Mirai primarily targeted IoT devices. It did this by using devices it had already infected to scan the internet for IoT devices. Once it identified its targets, it used a table of over 60 common factory default usernames and passwords to hack into the devices. Deep dive into IoT Hacks 8
  • 9. 9 Blockchain, AI is the new Technology of Trust?
  • 10. Blockchain is secure Blockchain has the potential to change the way we buy and sell, interact with government and verify the authenticity of everything See the interactive intro
  • 11. What is Blockchain? Deep Dive Blockchain at Berkeley The Blockchain Fundamentals DeCal is a comprehensive survey of relevant topics in cryptocurrency and the wider blockchain space… See in the Lecture notes for more information 11
  • 12. What is AI? Deep Dive Google deck about ML, AI, DL The system implemented today are a form of narrow AI - a system that can do just one defined things better than humans. See in the Lecture notes for more information 12
  • 13. What is a Decentralized AI? Blockchains and deep learning Content: Why decentralized and AI are relevant to each other Overview of deep learning Problems with centralized machine learning What decentralization is and isn't Problems with the web today First generation peer-to-peer networks Applications of cryptography Decentralizing the web; storage, transport, & computation Smart contracts and automation Decentralized autonomous organizations See in the Lecture notes for more information 13
  • 14. Decentralized Artificial Intelligence in Practice OpenMined OpenMined is a community focused on building open-source technology for the decentralized ownership of data and intelligence. The OpenMined ecosystem incorporates a number of technologies including federated machine learning, blockchain, multi-party computation, and homomorphic encryption. See in the Lecture notes for more information 14
  • 15. AI and DL current topics for Product Security Hands-On Workshop: Creating Intelligent Physical Security Products Using AI and Deep Learning by NVIDIA: link Machine Learning in Cyber Security Domain: blog How machine learning can be used to write more secure computer programs (link) IoT Security Techniques Based on Machine Learning (study) MLconf 2017 Seattle presentations Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database (paper link) GitHub Repo (https://github.com/ANSSI-FR/ASCAD) ● Copyright (C) 2018, ANSSI and CEA 15
  • 16. Blockchain Protocol Analysis and Security Engineering 2017 /Stanford/ deep dive How Formal Analysis and Verification Add Security to Blockchain Layers for security consideration: Key Management, Audit, Backup: ISO/IEC 27000 Program Code, Secure Hardware: ISO/IEC 15408 (Common Criteria) Privacy protection, Secure transaction: ISO/IEC 29128 The 2018 agenda link in the lecture note 16
  • 17. How Formal Analysis and Verification Add Security to Blockchain- based Systems by Shin’ichiro Matsuo (MIT Media Lab) Pindar Wong (VeriFi Ltd.) source 17
  • 18. Blockchain Protocol Analysis and Security Engineering 2018 /Stanford/ deep dive The conference materials are online Some topics Charles Guillemet; State-of-the-art Attacks on Secure Hardware Wallets Florian Tramèr et al.; Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts Michael Egorov; NuCypher KMS: Decentralized key management system Agenda, and materials 18
  • 19. 19 Product Security by International security standards & practices
  • 20. Selected Security Certifications and Security Validations 20
  • 21. Common Criteria is an International security scheme Common Criteria Certification provides independent, objective validation of the reliability, quality, and trustworthiness of IT products. XEROX ‘It is a standard that customers can rely on to help them make informed decisions about their IT purchases’ https://www.xerox.com/information- security/common-criteria/enus.html Dell EMC ‘Certification for Common Criteria for Information Technology Security Evaluation (Common Criteria) is part of our comprehensive Product Security Program that ensures delivery of secure products to enable information infrastructure security for organizations.’ https://australia.emc.com/products/se curity/external-security-validation.htm NATO ‘By establishing a common base, the results of an IT security evaluation are more meaningful to a wider audience.’ https://www.ia.nato.int/guidance-more 21
  • 22. Some Certified IT Product categories (lists are in the lecture note) COMMUNICATIONS AND SURVEILLANCE: Secure Communications, Devices and Management, Tactical Radios, Tablets, Phones and Mobile etc. CRYPTOGRAPHY & CRYPTOGRAPHIC LIBRARIES NETWORK SECURITY: IT Management Systems for Infrastructure Network Automation, Configuration and Management Virtual Networking Server Mgmt Solutions VPN, Switches and Routers Network & Network Related Devices and Systems Data Compression and Network Security Solutions Server Automation & Management Secure Web Gateway STORAGE DATA MANAGEMENT: Encryption Management Strategy Data Compression and Network Security Solutions, Virtual Machine Storage etc. APPLICATION SOFTWARE: Assertively implement one-to-one platforms whereas cooperative schemas. CLOUD SERVICES SECURITY INFORMATION & EVENT MANAGEMENT (SIEM), LOG ANALYSIS SMART CARD & READER OPERATING SYSTEMS INTRUSION & VULNERABILITY PREVENTION 22
  • 23. Database products - Product Security Practice - by MarkLogic Deep Dive Building Security Into MarkLogic Given the increase in data breaches, securing the perimeter is no longer enough. The database itself must be secure. That is why according to MarkLogic, an industry leader in next-gen database technology, Common Criteria Certification* and advanced security features like element level security and advanced encryption are critical elements a database must include in today’s constantly evolving threat environment. 23 * Building Security Into MarkLogic white paper, MarkLogic
  • 24. Cybersecurity - Product Security Practice - by McAfee Deep Dive McAfee Product Security Practices McAfee’s takes product security very seriously. Our practices include designing for both security and privacy, in software and applications. We have rigorous product security policies and processes designed to proactively find and remove software security defects, e.g. security vulnerabilities. We understand that our products must not only fulfill the stated function to help protect our customers, the McAfee software itself must also aim to protect itself from vulnerabilities and attackers. McAfee strives to build software that demonstrates resilience against attacks. (url) Core Software Security book by Dr. James Ransome ( Senior Director of Product Security McAfee): link Advice for software companies in lecture notes 24
  • 25. Experiences from the certification of an open source product - PrimeKey Key messages: Benefits of Common Criteria ● Improved software quality ● Improved security documentation ● Independent security audit ● Secure development processes ● Increased market potential Applicability of Certification Although it does provide security benefits as described, the cost and work involved is usually too high for any organization to perform a certification unless there are clear business requirements or advantages. There are huge differences depending on the product type and area. Lecture notes contains more information 25 * Tomas Gustavsson, M.Sc has been researching and implementing PKI systems since 1994. CTO at PrimeKey, founder of open source PKI project EJBCA and committed follower of open standards.
  • 26. BSIMM - Bringing science to software security Deep Dive About the BSIMM BSIMM, pronounced “bee simm” is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variations that make each unique. Why Join? https://www.bsimm.com/about/membership.htm l 26
  • 27. Why International security certs are good for the people, vendors and the world?
  • 28. Customers and Market benefits from product security certification BY GENE KEELING, DIRECTOR, GLOBAL CERTIFICATION TEAM, CISCO (read more) Improved availability of assessed, security-enhanced IT products Improved citizen confidence in products Consumers are able to compare their needs beside the Common Criteria’s consistent standards to decide on the level of security required. Allowing vendors to focus resources on standard requirements for the improvement of security in products Buyers can be more definitive when determining if particular products meet their specific requirements 28
  • 29. Vendors benefits from product security certification Regulated Industries market access (unlocking): > $500 Billion FED Total Addressable Market access: $90 Billion Governments market access (globally) Transnational Organization market access: NATO, EU, Banking etc. Gain competitive edge in the marketplace Elevate company’s brand as products are independently evaluated against transparent and auditable standards for security. Build secure products with less vulnerabilities (branding) 29
  • 30. Vendors benefits from product security certification - New Markets 30
  • 31. Worldwide Recognition Twenty-seven countries, including the United States and Canada, have signed the Common Criteria Recognition Arrangement (CCRA), making it an unparalleled measure of security for the international commerce of IT products. Why Pursue Common Criteria Validation? Access previously untapped markets, such as the Intelligence Community, Financial Services, Healthcare, Critical Infrastructure, and US and Foreign governments Demonstrate corporate commitment to product security Elevate company’s brand to potential customers that products have been independently evaluated against transparent and auditable standards for security 31
  • 32. Minimize the uncertainty with Readiness Assessment Avoid speculation over wide ranging estimates, conflicting timelines, and confusing requirements with an internal audit of your company’s certification readiness Problem: These certifications are fraught with uncertainties and challenges which if not properly understood and addressed can lead to missteps, perils, and significant opportunity costs for most companies. Questions always on client side: How much does this cost? How long will this take? How much impact will this have on our engineering staff? Solution: The Readiness Assessment is a highly engaged and interactive session which goes beyond assessing a product’s security gaps to addressing a company’s overall preparedness when embarking on a certification effort. Examines the critical success factors in every certification effort as well as uncovers potential failure points in the process for your specific projects. Finally, the teams work together to produce a roadmap that best fits your organization and certification goals. It will encompass all aspects of the certification effort; including costs, potential human capital considerations, product readiness, and timing. Inputs and Discussion Topics: • Libraries & Cryptographic Health Analysis • User I&A/AAA Analysis • Vulnerability Assessment & Patch/Update Strategy • Product Architecture & Security Review • Intellectual Property Protection • Documentation, Testing, & Program Requirements 32
  • 34. Security validation & certification benefits SECURE PRODUCTS 75% TRUST 90% BRAND AWARENESS 45% GLOBAL ACCEPTANCE 75% 34
  • 35. WHY CORSEC DISCOVER REQUIRED PRODUCT CHANGES EARLY IN THE PROCESS 75% FIXED PRICE & FIXED TIMELINES 90% PRODUCT SECURITY EXPERIENCE > 325 UNIQUE PRODUCTS 95% > 1 million HOURS SECURITY VALIDATION 99% For two decades Corsec has partnered with companies around the world to accelerate go-to-market readiness, improve brand reputation, and significantly increase financial returns for our clients. Our turnkey approach gets companies through FIPS 140-2, Common Criteria, and listing on the DoD APL while reducing the internal engineering burden associated with product security compliance and security hardening while mitigating the risks associated with security certifications. References DONE ONCE, DONE RIGHT 35
  • 36. WHY CCLab RESPONSIVENESS 90% AGILE - SPEED - TIME TO MARKET 95% AFFORDABLE 99% CCLab is an accredited Common Criteria evaluation laboratory based in Budapest operating under the Italian governmental security scheme (OCSI). It has experience in the evaluation of crypto libraries, SmartCards, digital signature applications, digital wallets, PKI and Blockchain-based applications. References We help to make products secure and internationally accepted. 36
  • 37. LabShare Find and obtain software security, secure software development and niche engineering services from audited Labs and firms. Improve your product security level 37
  • 38. CONTACT US email: tibor.zahorecz@dosell.io , send feedbacks here, landing page