Download presentation
Presentation is loading. Please wait.
Published byCamron Carpenter Modified over 9 years ago
1
Challenges and Opportunities in Cyber Security Innovation Paul Barford Qualys Inc. and University of Wisconsin Fall, 2011
2
Internet Cambrian explosion Internet threat landscape exploded in ‘01 –Virus, DoS, worms, bots We’re in a time of evolving cyber ecosystems –Highly complex, dynamic and diverse –Expanding challenges and opportunities Addressing threats requires innovation –Step functions vs. increments –We’ve not seen much in the security domain lately… 1pb@cs.wisc.edu
3
Challenge: tech vs. innovation What is the “next big thing”? –Threats: many possibilities –Counter measures: new architectures Where will the “next big thing” come from? –Companies typically develop technology –gov/mil are fairly dark and highly diverse –Academia needs better processes –Entrepreneurs are the innovators pb@cs.wisc.edu2
4
Challenge: antiquated edu Processes in academia can stifle innovation –Tenure is a conundrum –Unenlightened IP management Incubation support is … incubating –It’s not just about physical space or $$ –The Utah example Why isn’t entrepreneurship taught in CS? –Gates, Page/Brin, etc. were not B-school grads –Young people are often ignored pb@cs.wisc.edu3
5
Challenge: bridging the gap Standard start-up issues –Business plan, funding, hiring, execution, etc. Complexities and privacy concerns of security operations –Highly sensitive nature of sec ops limit feedback Regulations –SOX, PCI, international, etc. Moving targets –New threats change perception of value pb@cs.wisc.edu4
6
Challenge: metrics How do we assess the impact of something innovative in the security space? –No analog of FLOPS or bps Security is good when nothing happens –Sends wrong message Changing the conversation –Being proactive –Being robust –Value add for products pb@cs.wisc.edu5
7
Challenge: deployment Hardware is pretty much out –“You want to deploy IN LINE!?!” Easy integration is essential –Complex architectures –Home grown solutions –Privacy concerns Ad hoc evaluation methods and tools –Related to metrics Everyone is busy pb@cs.wisc.edu6
8
Chall-atunity: O vs. D Standard focus of cyber security is defense –Threats determine policies, processes, systems –Robust but fragile Offense (attacker) always has the advantage –Only one entry point is required –Humans are in the loop Offense can clearly have an impact –Stuxnet is a game changer Offense is clearly controversial! pb@cs.wisc.edu7
9
Opportunity: data*/service Many security systems and processes depend on different types of data –Aggregates –Signatures S,S,SaaS via the cloud –Simplifies deployment –Lowers costs –Changes playing field –But, risks are difficult to assess pb@cs.wisc.edu8
10
Opportunity: secure software Software system vulnerabilities will be with us forever –System complexity –Humans in the loop Secure software development methods –Requires careful consideration of threats Software testing methods, tools, processes –Fast, accurate identification of a myriad of bugs However, humans are in the loop… pb@cs.wisc.edu9
11
Opportunity: education Educate “consumers” on best practices –Private users Simple things can make all the difference –Developers Evolving threats make this an on-going challenge –Public/enterprise/SMB How to assess risk & make good decisions on security Educate policy makers on security landscape –Regulation must be considered VERY carefully Educate the next generation of innovators –These resources must be fostered carefully pb@cs.wisc.edu10
12
Opportunity: partnerships Public + private > {public, private} –Sharing perspectives is a good starting point –Trusted relationships enable sound decisions and effective use of technology Bring academia to the table (gov/com/edu) –Unfettered perspective –Neutral third party Foster consistent evaluation for innovative technologies –National Cyber Security Assessment Center pb@cs.wisc.edu11
13
Opportunity: innovation Situational awareness –Unifying theme for sec ops Embrace cloud-mobile environment –Solutions for the cloud and from the cloud Policy, regulation and enforcement –Important part of ecosystem –Facilitate via gov/com/edu partnerships Change the playing field –Group-centric security pb@cs.wisc.edu12
14
Conclusions Dynamic and diverse threat landscape –Obviates incremental solutions –Necessitates innovation Challenges abound –Entrenchment based on unknown risks Opportunities abound –Data centric innovation –Software security –Partnerships –Changing the playing field 13pb@cs.wisc.edu
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.