Presentation is loading. Please wait.

Presentation is loading. Please wait.

Challenges and Opportunities in Cyber Security Innovation Paul Barford Qualys Inc. and University of Wisconsin Fall, 2011.

Published byCamron Carpenter Modified over 9 years ago

Similar presentations

Presentation on theme: "Challenges and Opportunities in Cyber Security Innovation Paul Barford Qualys Inc. and University of Wisconsin Fall, 2011."— Presentation transcript:

1 Challenges and Opportunities in Cyber Security Innovation Paul Barford Qualys Inc. and University of Wisconsin Fall, 2011

2 Internet Cambrian explosion Internet threat landscape exploded in ‘01 –Virus, DoS, worms, bots We’re in a time of evolving cyber ecosystems –Highly complex, dynamic and diverse –Expanding challenges and opportunities Addressing threats requires innovation –Step functions vs. increments –We’ve not seen much in the security domain lately… 1pb@cs.wisc.edu

3 Challenge: tech vs. innovation What is the “next big thing”? –Threats: many possibilities –Counter measures: new architectures Where will the “next big thing” come from? –Companies typically develop technology –gov/mil are fairly dark and highly diverse –Academia needs better processes –Entrepreneurs are the innovators pb@cs.wisc.edu2

4 Challenge: antiquated edu Processes in academia can stifle innovation –Tenure is a conundrum –Unenlightened IP management Incubation support is … incubating –It’s not just about physical space or $$ –The Utah example Why isn’t entrepreneurship taught in CS? –Gates, Page/Brin, etc. were not B-school grads –Young people are often ignored pb@cs.wisc.edu3

5 Challenge: bridging the gap Standard start-up issues –Business plan, funding, hiring, execution, etc. Complexities and privacy concerns of security operations –Highly sensitive nature of sec ops limit feedback Regulations –SOX, PCI, international, etc. Moving targets –New threats change perception of value pb@cs.wisc.edu4

6 Challenge: metrics How do we assess the impact of something innovative in the security space? –No analog of FLOPS or bps Security is good when nothing happens –Sends wrong message Changing the conversation –Being proactive –Being robust –Value add for products pb@cs.wisc.edu5

7 Challenge: deployment Hardware is pretty much out –“You want to deploy IN LINE!?!” Easy integration is essential –Complex architectures –Home grown solutions –Privacy concerns Ad hoc evaluation methods and tools –Related to metrics Everyone is busy pb@cs.wisc.edu6

8 Chall-atunity: O vs. D Standard focus of cyber security is defense –Threats determine policies, processes, systems –Robust but fragile Offense (attacker) always has the advantage –Only one entry point is required –Humans are in the loop Offense can clearly have an impact –Stuxnet is a game changer Offense is clearly controversial! pb@cs.wisc.edu7

9 Opportunity: data*/service Many security systems and processes depend on different types of data –Aggregates –Signatures S,S,SaaS via the cloud –Simplifies deployment –Lowers costs –Changes playing field –But, risks are difficult to assess pb@cs.wisc.edu8

10 Opportunity: secure software Software system vulnerabilities will be with us forever –System complexity –Humans in the loop Secure software development methods –Requires careful consideration of threats Software testing methods, tools, processes –Fast, accurate identification of a myriad of bugs However, humans are in the loop… pb@cs.wisc.edu9

11 Opportunity: education Educate “consumers” on best practices –Private users Simple things can make all the difference –Developers Evolving threats make this an on-going challenge –Public/enterprise/SMB How to assess risk & make good decisions on security Educate policy makers on security landscape –Regulation must be considered VERY carefully Educate the next generation of innovators –These resources must be fostered carefully pb@cs.wisc.edu10

12 Opportunity: partnerships Public + private > {public, private} –Sharing perspectives is a good starting point –Trusted relationships enable sound decisions and effective use of technology Bring academia to the table (gov/com/edu) –Unfettered perspective –Neutral third party Foster consistent evaluation for innovative technologies –National Cyber Security Assessment Center pb@cs.wisc.edu11

13 Opportunity: innovation Situational awareness –Unifying theme for sec ops Embrace cloud-mobile environment –Solutions for the cloud and from the cloud Policy, regulation and enforcement –Important part of ecosystem –Facilitate via gov/com/edu partnerships Change the playing field –Group-centric security pb@cs.wisc.edu12

14 Conclusions Dynamic and diverse threat landscape –Obviates incremental solutions –Necessitates innovation Challenges abound –Entrenchment based on unknown risks Opportunities abound –Data centric innovation –Software security –Partnerships –Changing the playing field 13pb@cs.wisc.edu

Download ppt "Challenges and Opportunities in Cyber Security Innovation Paul Barford Qualys Inc. and University of Wisconsin Fall, 2011."

Similar presentations

Secure, Scalable, Synchronizable, and Social Business oriented Rich Internet Applications to reduce costs and add value to clients Authors: Avenir Cokaj,

Secure, Scalable, Synchronizable, and Social Business oriented Rich Internet Applications to reduce costs and add value to clients Authors: Avenir Cokaj,
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
FIA Prague Preparation February 6, 2008. Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.
Tony Lorentzen Vice President Consulting Services August 20, 2007 Defining a Voice Channel Strategy.

Tony Lorentzen Vice President Consulting Services August 20, 2007 Defining a Voice Channel Strategy.
Www.mobilevce.com © 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
6 March 2012Building Trust in Digital Life1. Amardeo Sarma Deputy General Manager, NEC Chairman, Trust in Digital Life Consortium 6 March.

6 March 2012Building Trust in Digital Life1. Amardeo Sarma Deputy General Manager, NEC Chairman, Trust in Digital Life Consortium 6 March.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.

Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.
Sara Rauchwerger APEC 2011 Co-Incubation Conference 6-8 September Xian, China.

Sara Rauchwerger APEC 2011 Co-Incubation Conference 6-8 September Xian, China.
An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds Dresden, 22/05/2014 Felipe de Sousa Silva Simmhan, Kumnhare,

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds Dresden, 22/05/2014 Felipe de Sousa Silva Simmhan, Kumnhare,
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 The Collapse of the Walled Garden Paul Gainham Director Service Provider.

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 The Collapse of the Walled Garden Paul Gainham Director Service Provider.
Security and Privacy Services Cloud computing point of view October 2012.

Security and Privacy Services Cloud computing point of view October 2012.

Similar presentations

Ads by Google