SlideShare a Scribd company logo

There is no impenetrable system - So, why we are still waiting to get breached?

Nane Kratzke
Nane Kratzke

This is some input for a panel discussion about "Security and Safety in Cloud-based Systems and Services" (9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018) in Barcelona, Spain in February 2018). Although it might be hard to accept. By principle, attackers can establish footholds in our systems whenever they want (zero-day exploits). Cloud application security engineering efforts focus to harden the "fortress walls". Therefore, cloud applications rely on these defensive walls but seldom attack intruders actively. There is the somehow the need for a more reactive component. A component that could be inspired by biological systems. Biological systems consider by design that defensive "walls" can be breached at several layers. So, biological systems provide an additional active defense system to attack potential successful intruders - an immune system. Although several experts find this approach "intriguing", there are follow-up questions arising. What is about exploits that adapt to bio-inspired systems? How to protect the immune system against direct attacks? Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self-attacking)?

Software
1 of 11
Download to read offline
There is no impenetrable system So, why we are still waiting to get breached? Nane Kratzke Panel Discussion: “Security and Safety in Cloud-based Systems and Services“ 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018
The Fortress Walls of Cloud Applications Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 • Security Groups • Firewalls • VPNs • Intrusion Detection Systems • Unattended Security Updates • Symmetric and asymmetric encryption • Password (checks) • SSH Keys • Authentication • Authorization • Two (Multi) Factor Authentication • …
How to defense against unknown vulnerabilities? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 3 Reported in January 2018. Mainly x86 microprocessors with out-of-order execution and branch-prediction affected since 1995 (says Google). CVE-2017-5754 CVE-2017-5715 CVE-2017-5753 I started my computer science studies in 1996! My microprocessorprofessor told me,out-of-order execution and branch-prediction isone of the coolestthings on earth.
How long can presence be maintained? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4 Answer: Surprisingly long!
Some scary considerations • In principle attackers can establish footholds in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5
We need a reactive component as well Biological systems are different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 6
Let us make the game more challenging for the attacker (act, do not react) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)
It is all about Pets versus Cattle Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 8 • Assume you are a rancher • Assume one of your cattle is deadly infectious • Be professional, shoot – and replace it • Yes, life is not fair (maybe for the cute kitty) • However, we should remember that for security (and that zero-day attacks are not fair as well)
Immune systems for cloud applications? Yes, there are questions worth to be discussed … • Can we reduce regenerations? • Can we identify suspect nodes automatically? • Limited to what kind of applications? • What is about exploits/attacks that are adaptable to bio- inspired systems? • How to protect the regeneration mechanism against attackers? • Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self- attacking)? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 9
Acknowledgement • Ninja: Pixabay (CC0 Public Domain) • Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Cattle: Pixabay (CC0 Public Domain) • Cell: Pixabay (CC0 Public Domain) • Air Transport: Pixabay (CC0 Public Domain) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 Picture Reference Our research is funded by German Federal Ministry of Education and Research (13FH021PX4). Presentation URL
About Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 11 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka

Recommended

Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosObtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosElasticsearch
 
Operar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaOperar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaElasticsearch
 
Poner en funcionamiento con alertas, dashboards customizados y líneas de tiempo
Poner en funcionamiento con alertas, dashboards customizados y líneas de tiempoPoner en funcionamiento con alertas, dashboards customizados y líneas de tiempo
Poner en funcionamiento con alertas, dashboards customizados y líneas de tiempoElasticsearch
 
Automatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsAutomatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsElasticsearch
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Elasticsearch
 
October 2020 meetup
October 2020 meetupOctober 2020 meetup
October 2020 meetupDaliya Spasova
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 

Recommended

Obtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosObtén visibilidad completa y encuentra problemas de seguridad ocultos
Obtén visibilidad completa y encuentra problemas de seguridad ocultosElasticsearch
 
Operar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaOperar con alertas, dashboards customizados y cronología
Operar con alertas, dashboards customizados y cronologíaElasticsearch
 
Poner en funcionamiento con alertas, dashboards customizados y líneas de tiempo
Poner en funcionamiento con alertas, dashboards customizados y líneas de tiempoPoner en funcionamiento con alertas, dashboards customizados y líneas de tiempo
Poner en funcionamiento con alertas, dashboards customizados y líneas de tiempoElasticsearch
 
Automatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsAutomatisez la détection des menaces et évitez les faux positifs
Automatisez la détection des menaces et évitez les faux positifsElasticsearch
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Elasticsearch
 
October 2020 meetup
October 2020 meetupOctober 2020 meetup
October 2020 meetupDaliya Spasova
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityElasticsearch
 
Operacionalize com alerta, dashboards customizados e linhas do tempo
Operacionalize com alerta, dashboards customizados e linhas do tempoOperacionalize com alerta, dashboards customizados e linhas do tempo
Operacionalize com alerta, dashboards customizados e linhas do tempoElasticsearch
 
Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElasticsearch
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofJonathan Sinclair
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityElasticsearch
 
Elastic Security Solution Brief
Elastic Security Solution BriefElastic Security Solution Brief
Elastic Security Solution BriefJoseph DeFever
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesSaeidGhasemshirazi
 
Security Research Projects Guidance
Security Research Projects GuidanceSecurity Research Projects Guidance
Security Research Projects GuidanceNetwork Simulation Tools
 
Automatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosAutomatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosElasticsearch
 
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019Aaron Rinehart
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesElasticsearch
 
Braveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student ShowcaseBraveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student ShowcaseTravis McAdams
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...Ecway Technologies
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionElasticsearch
 
Binary Clone Wars at CanSecWest 2009
Binary Clone Wars at CanSecWest 2009Binary Clone Wars at CanSecWest 2009
Binary Clone Wars at CanSecWest 2009Derek Callaway
 
Machine Learning para detección de anomalías, modelado de series temporales y...
Machine Learning para detección de anomalías, modelado de series temporales y...Machine Learning para detección de anomalías, modelado de series temporales y...
Machine Learning para detección de anomalías, modelado de series temporales y...Elasticsearch
 
Adaptive Intrusion Detection Using Learning Classifiers
Adaptive Intrusion Detection Using Learning ClassifiersAdaptive Intrusion Detection Using Learning Classifiers
Adaptive Intrusion Detection Using Learning ClassifiersPatrick Nicolas
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...Nane Kratzke
 
About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...Nane Kratzke
 

More Related Content

What's hot

Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityElasticsearch
 
Operacionalize com alerta, dashboards customizados e linhas do tempo
Operacionalize com alerta, dashboards customizados e linhas do tempoOperacionalize com alerta, dashboards customizados e linhas do tempo
Operacionalize com alerta, dashboards customizados e linhas do tempoElasticsearch
 
Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElasticsearch
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofJonathan Sinclair
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityElasticsearch
 
Elastic Security Solution Brief
Elastic Security Solution BriefElastic Security Solution Brief
Elastic Security Solution BriefJoseph DeFever
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesSaeidGhasemshirazi
 
Automatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosAutomatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosElasticsearch
 
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019Aaron Rinehart
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesElasticsearch
 
Braveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student ShowcaseBraveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student ShowcaseTravis McAdams
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...Ecway Technologies
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionElasticsearch
 
Binary Clone Wars at CanSecWest 2009
Binary Clone Wars at CanSecWest 2009Binary Clone Wars at CanSecWest 2009
Binary Clone Wars at CanSecWest 2009Derek Callaway
 
Machine Learning para detección de anomalías, modelado de series temporales y...
Machine Learning para detección de anomalías, modelado de series temporales y...Machine Learning para detección de anomalías, modelado de series temporales y...
Machine Learning para detección de anomalías, modelado de series temporales y...Elasticsearch
 
Adaptive Intrusion Detection Using Learning Classifiers
Adaptive Intrusion Detection Using Learning ClassifiersAdaptive Intrusion Detection Using Learning Classifiers
Adaptive Intrusion Detection Using Learning ClassifiersPatrick Nicolas
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operationsElasticsearch
 

What's hot (20)

Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic Security
 
Operacionalize com alerta, dashboards customizados e linhas do tempo
Operacionalize com alerta, dashboards customizados e linhas do tempoOperacionalize com alerta, dashboards customizados e linhas do tempo
Operacionalize com alerta, dashboards customizados e linhas do tempo
 
Elastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic StackElastic Security: Protección empresarial basada en Elastic Stack
Elastic Security: Protección empresarial basada en Elastic Stack
 
Architecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereofArchitecting trust in the digital landscape, or lack thereof
Architecting trust in the digital landscape, or lack thereof
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic Security
 
Elastic Security Solution Brief
Elastic Security Solution BriefElastic Security Solution Brief
Elastic Security Solution Brief
 
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based DevicesIoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
IoT-Shield: A Novel DDoS Detection Approach for IoT-Based Devices
 
Security Research Projects Guidance
Security Research Projects GuidanceSecurity Research Projects Guidance
Security Research Projects Guidance
 
Automatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivosAutomatiza las detecciones de amenazas y evita los falsos positivos
Automatiza las detecciones de amenazas y evita los falsos positivos
 
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019
 
Operationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelinesOperationalize with alerting, custom dashboards, and timelines
Operationalize with alerting, custom dashboards, and timelines
 
Braveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student ShowcaseBraveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student Showcase
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...
Dotnet modeling and optimizing the performance- security tradeoff on d-ncs u...
 
Keynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and visionKeynote: Elastic Security evolution and vision
Keynote: Elastic Security evolution and vision
 
Binary Clone Wars at CanSecWest 2009
Binary Clone Wars at CanSecWest 2009Binary Clone Wars at CanSecWest 2009
Binary Clone Wars at CanSecWest 2009
 
Machine Learning para detección de anomalías, modelado de series temporales y...
Machine Learning para detección de anomalías, modelado de series temporales y...Machine Learning para detección de anomalías, modelado de series temporales y...
Machine Learning para detección de anomalías, modelado de series temporales y...
 
Adaptive Intrusion Detection Using Learning Classifiers
Adaptive Intrusion Detection Using Learning ClassifiersAdaptive Intrusion Detection Using Learning Classifiers
Adaptive Intrusion Detection Using Learning Classifiers
 
Building Elastic into security operations
Building Elastic into security operationsBuilding Elastic into security operations
Building Elastic into security operations
 

Similar to There is no impenetrable system - So, why we are still waiting to get breached?

About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...Nane Kratzke
 
About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...Nane Kratzke
 
huntpedia.pdf
huntpedia.pdfhuntpedia.pdf
huntpedia.pdfCecilSu
 
Huntpedia
HuntpediaHuntpedia
HuntpediaJc Sv
 
Artificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityArtificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityIRJET Journal
 
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET Journal
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYCynthia King
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Anton Chuvakin
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity InnovationPete Burnap
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAPNIC
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET Journal
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...Mark Underwood
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical HackingJennifer Wood
 
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)TI Safe
 
BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6Rod Soto
 
BE-EEE-8th sem-Presentation Artificial intelligence in security managenent
BE-EEE-8th sem-Presentation Artificial intelligence in security managenentBE-EEE-8th sem-Presentation Artificial intelligence in security managenent
BE-EEE-8th sem-Presentation Artificial intelligence in security managenentMOHAMMED SAQIB
 

Similar to There is no impenetrable system - So, why we are still waiting to get breached? (20)

About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
 
About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...
 
huntpedia.pdf
huntpedia.pdfhuntpedia.pdf
huntpedia.pdf
 
Huntpedia
HuntpediaHuntpedia
Huntpedia
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic Modules
 
One Time Pad Journal
One Time Pad JournalOne Time Pad Journal
One Time Pad Journal
 
Artificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber SecurityArtificial Intelligence Techniques for Cyber Security
Artificial Intelligence Techniques for Cyber Security
 
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdfIRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
IRJET-https://www.irjet.net/archives/V5/i3/IRJET-V5I377.pdf
 
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITYARTIFICIAL INTELLIGENCE IN CYBER SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER SECURITY
 
Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?Real-time fallacy: how real-time your security really is?
Real-time fallacy: how real-time your security really is?
 
AI for Cybersecurity Innovation
AI for Cybersecurity InnovationAI for Cybersecurity Innovation
AI for Cybersecurity Innovation
 
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security ChecklistAre you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
 
Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
 
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection SystemIRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
IRJET- Preventing of Key-Recovery Attacks on Keyed Intrusion Detection System
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
 
Certified Ethical Hacking
Certified Ethical HackingCertified Ethical Hacking
Certified Ethical Hacking
 
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)
 
BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6
 
BE-EEE-8th sem-Presentation Artificial intelligence in security managenent
BE-EEE-8th sem-Presentation Artificial intelligence in security managenentBE-EEE-8th sem-Presentation Artificial intelligence in security managenent
BE-EEE-8th sem-Presentation Artificial intelligence in security managenent
 

More from Nane Kratzke

Smart like a Fox: How clever students trick dumb programming assignment asses...
Smart like a Fox: How clever students trick dumb programming assignment asses...Smart like a Fox: How clever students trick dumb programming assignment asses...
Smart like a Fox: How clever students trick dumb programming assignment asses...Nane Kratzke
 
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...Nane Kratzke
 
Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?Nane Kratzke
 
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...Nane Kratzke
 
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?Nane Kratzke
 
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Nane Kratzke
 
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Nane Kratzke
 
Was die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hatWas die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hatNane Kratzke
 
What the cloud has to do with a burning house?
What the cloud has to do with a burning house?What the cloud has to do with a burning house?
What the cloud has to do with a burning house?Nane Kratzke
 
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsNane Kratzke
 
RESTful APIs mit Dart
RESTful APIs mit DartRESTful APIs mit Dart
RESTful APIs mit DartNane Kratzke
 
ppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservicesppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for MicroservicesNane Kratzke
 
About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...Nane Kratzke
 
Java Streams und Lambdas
Java Streams und LambdasJava Streams und Lambdas
Java Streams und LambdasNane Kratzke
 
Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)Nane Kratzke
 
Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)Nane Kratzke
 
Cloud Economics in Training and Simulation
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and SimulationNane Kratzke
 
Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)Nane Kratzke
 
What Cost Us Cloud Computing
What Cost Us Cloud ComputingWhat Cost Us Cloud Computing
What Cost Us Cloud ComputingNane Kratzke
 
Overcoming Cost Intransparency of Cloud Computing
Overcoming Cost Intransparency of Cloud ComputingOvercoming Cost Intransparency of Cloud Computing
Overcoming Cost Intransparency of Cloud ComputingNane Kratzke
 

More from Nane Kratzke (20)

Smart like a Fox: How clever students trick dumb programming assignment asses...
Smart like a Fox: How clever students trick dumb programming assignment asses...Smart like a Fox: How clever students trick dumb programming assignment asses...
Smart like a Fox: How clever students trick dumb programming assignment asses...
 
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
 
Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?
 
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
 
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
 
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
 
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
 
Was die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hatWas die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hat
 
What the cloud has to do with a burning house?
What the cloud has to do with a burning house?What the cloud has to do with a burning house?
What the cloud has to do with a burning house?
 
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
 
RESTful APIs mit Dart
RESTful APIs mit DartRESTful APIs mit Dart
RESTful APIs mit Dart
 
ppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservicesppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservices
 
About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...
 
Java Streams und Lambdas
Java Streams und LambdasJava Streams und Lambdas
Java Streams und Lambdas
 
Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)
 
Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)
 
Cloud Economics in Training and Simulation
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and Simulation
 
Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)
 
What Cost Us Cloud Computing
What Cost Us Cloud ComputingWhat Cost Us Cloud Computing
What Cost Us Cloud Computing
 
Overcoming Cost Intransparency of Cloud Computing
Overcoming Cost Intransparency of Cloud ComputingOvercoming Cost Intransparency of Cloud Computing
Overcoming Cost Intransparency of Cloud Computing
 

Recently uploaded

AI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAlluxio, Inc.
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageGlobus
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownloadvrstrong314
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
 
Breaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfBreaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfMeon Technology
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...rajkumar669520
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAlluxio, Inc.
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptxGeorgi Kodinov
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobus
 
Studiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareStudiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareinfo611746
 

Recently uploaded (20)

AI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning Framework
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Breaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfBreaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdf
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Studiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareStudiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting software
 

There is no impenetrable system - So, why we are still waiting to get breached?

  • 1. There is no impenetrable system So, why we are still waiting to get breached? Nane Kratzke Panel Discussion: “Security and Safety in Cloud-based Systems and Services“ 9th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2018); Barcelona, Spain, 2018
  • 2. The Fortress Walls of Cloud Applications Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 2 • Security Groups • Firewalls • VPNs • Intrusion Detection Systems • Unattended Security Updates • Symmetric and asymmetric encryption • Password (checks) • SSH Keys • Authentication • Authorization • Two (Multi) Factor Authentication • …
  • 3. How to defense against unknown vulnerabilities? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 3 Reported in January 2018. Mainly x86 microprocessors with out-of-order execution and branch-prediction affected since 1995 (says Google). CVE-2017-5754 CVE-2017-5715 CVE-2017-5753 I started my computer science studies in 1996! My microprocessorprofessor told me,out-of-order execution and branch-prediction isone of the coolestthings on earth.
  • 4. How long can presence be maintained? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 4 Answer: Surprisingly long!
  • 5. Some scary considerations • In principle attackers can establish footholds in our systems whenever they want (zero-day exploits) • Cloud application security engineering efforts focus to harden the fortress walls. • Cloud applications rely on their defensive walls but seldom attack intruders actively. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 5
  • 6. We need a reactive component as well Biological systems are different. Defensive “walls” can be breached at several layers. An additional active defense system is needed to attack potential successful intruders - an immune system. Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 6
  • 7. Let us make the game more challenging for the attacker (act, do not react) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 7 We can create a race between a manual (time-intensive) breach and a fully automatic (and fast) regeneration. Regenerated node (randomly chosen at some point in time) Successfully breached node (lateral movement)
  • 8. It is all about Pets versus Cattle Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 8 • Assume you are a rancher • Assume one of your cattle is deadly infectious • Be professional, shoot – and replace it • Yes, life is not fair (maybe for the cute kitty) • However, we should remember that for security (and that zero-day attacks are not fair as well)
  • 9. Immune systems for cloud applications? Yes, there are questions worth to be discussed … • Can we reduce regenerations? • Can we identify suspect nodes automatically? • Limited to what kind of applications? • What is about exploits/attacks that are adaptable to bio- inspired systems? • How to protect the regeneration mechanism against attackers? • Are cloud immune systems prone to phenomenons like fever (running hot) or auto-immune diseases (self- attacking)? Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 9
  • 10. Acknowledgement • Ninja: Pixabay (CC0 Public Domain) • Fortress: Pixabay (CC0 Public Domain) • Bowman: Pixabay (CC0 Public Domain) • Cattle: Pixabay (CC0 Public Domain) • Cell: Pixabay (CC0 Public Domain) • Air Transport: Pixabay (CC0 Public Domain) Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 10 Picture Reference Our research is funded by German Federal Ministry of Education and Research (13FH021PX4). Presentation URL
  • 11. About Prof. Dr. rer. nat. Nane Kratzke Computer Science and Business Information Systems 11 Nane Kratzke CoSA: http://cosa.fh-luebeck.de/en/contact/people/n-kratzke Blog: http://www.nkode.io Twitter: @NaneKratzke GooglePlus: +NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka