1 / 14

Challenges and Opportunities in Cyber Security Innovation

Challenges and Opportunities in Cyber Security Innovation . Fall, 2011. Paul Barford Qualys Inc. and University of Wisconsin. Internet Cambrian explosion. Internet threat landscape exploded in ‘01 Virus, DoS , worms, bots We’re in a time of evolving cyber ecosystems

dior
Download Presentation

Challenges and Opportunities in Cyber Security Innovation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Challenges and Opportunities in Cyber Security Innovation Fall, 2011 Paul Barford Qualys Inc. and University of Wisconsin

  2. Internet Cambrian explosion • Internet threat landscape exploded in ‘01 • Virus, DoS, worms, bots • We’re in a time of evolving cyberecosystems • Highly complex, dynamic and diverse • Expanding challenges and opportunities • Addressing threats requires innovation • Step functions vs. increments • We’ve not seen much in the security domain lately… pb@cs.wisc.edu

  3. Challenge: tech vs. innovation • What is the “next big thing”? • Threats: many possibilities • Counter measures: new architectures • Where will the “next big thing” come from? • Companies typically develop technology • gov/mil are fairly dark and highly diverse • Academia needs better processes • Entrepreneurs are the innovators pb@cs.wisc.edu

  4. Challenge: antiquated edu • Processes in academia can stifle innovation • Tenure is a conundrum • Unenlightened IP management • Incubation support is … incubating • It’s not just about physical space or $$ • The Utah example • Why isn’t entrepreneurship taught in CS? • Gates, Page/Brin, etc. were not B-school grads • Young people areoftenignored pb@cs.wisc.edu

  5. Challenge: bridging the gap • Standard start-up issues • Business plan, funding, hiring, execution, etc. • Complexities and privacy concerns of security operations • Highly sensitive nature of sec ops limit feedback • Regulations • SOX, PCI, international, etc. • Moving targets • New threats change perception of value pb@cs.wisc.edu

  6. Challenge: metrics • How do we assess the impact of something innovative in the security space? • No analog of FLOPS or bps • Security is good when nothing happens • Sends wrong message • Changing the conversation • Being proactive • Being robust • Value add for products pb@cs.wisc.edu

  7. Challenge: deployment • Hardware is pretty much out • “You want to deploy IN LINE!?!” • Easy integration is essential • Complex architectures • Home grown solutions • Privacy concerns • Ad hoc evaluation methods and tools • Related to metrics • Everyone is busy pb@cs.wisc.edu

  8. Chall-atunity: O vs. D • Standard focus of cyber security is defense • Threats determine policies, processes, systems • Robust but fragile • Offense (attacker) always has the advantage • Only one entry point is required • Humans are in the loop • Offense can clearly have an impact • Stuxnet is a game changer • Offense is clearly controversial! pb@cs.wisc.edu

  9. Opportunity: data*/service • Many security systems and processes depend on different types of data • Aggregates • Signatures • S,S,SaaS via the cloud • Simplifies deployment • Lowers costs • Changes playing field • But, risks are difficult to assess pb@cs.wisc.edu

  10. Opportunity: secure software • Software system vulnerabilities will be with us forever • System complexity • Humans in the loop • Secure software development methods • Requires careful consideration of threats • Software testing methods, tools, processes • Fast, accurate identification of a myriad of bugs • However, humans are in the loop… pb@cs.wisc.edu

  11. Opportunity: education • Educate “consumers” on best practices • Private users • Simple things can make all the difference • Developers • Evolving threats make this an on-going challenge • Public/enterprise/SMB • How to assess risk & make good decisions on security • Educate policy makers on security landscape • Regulation must be considered VERY carefully • Educate the next generation of innovators • These resources must be fostered carefully pb@cs.wisc.edu

  12. Opportunity: partnerships • Public + private > {public, private} • Sharing perspectives is a good starting point • Trusted relationships enable sound decisions and effective use of technology • Bring academia to the table (gov/com/edu) • Unfettered perspective • Neutral third party • Foster consistent evaluation for innovative technologies • National Cyber Security Assessment Center pb@cs.wisc.edu

  13. Opportunity: innovation • Situational awareness • Unifying theme for sec ops • Embrace cloud-mobile environment • Solutions for the cloud and from the cloud • Policy, regulation and enforcement • Important part of ecosystem • Facilitate via gov/com/edu partnerships • Change the playing field • Group-centric security pb@cs.wisc.edu

  14. Conclusions • Dynamic and diverse threat landscape • Obviates incremental solutions • Necessitates innovation • Challenges abound • Entrenchment based on unknown risks • Opportunities abound • Data centric innovation • Software security • Partnerships • Changing the playing field pb@cs.wisc.edu

More Related