Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bluehat 2014 Looking back and driving forward Chris Betz Senior Director Microsoft Security Response Center.

Published byBarrie Ronald Cole Modified over 9 years ago

Similar presentations

Presentation on theme: "Bluehat 2014 Looking back and driving forward Chris Betz Senior Director Microsoft Security Response Center."— Presentation transcript:

1 Bluehat 2014 Looking back and driving forward Chris Betz Senior Director Microsoft Security Response Center

2 Investigate Vulnerability Reports Address vulnerabilities before they affect users secure@Microsoft.com Lead Security & Privacy Response Company-wide response process Cross-community Engagement Partner with security industry and CERTs Create community with vulnerability finders Security Technology Capabilities that improve security, detections and response for our customers

3

4 A recap

5

6

7

8 A recap - Ransomware

9

10

11

12 Use-after-free UEFI and device security Post-exploitation & persistence Sandboxes Botnets Security technology and vulnerabilities

13 Threat Intelligence Privacy and Security Credential Theft Vulnerability-free exploitation Big data for security Defending the cloud The Defense Dialog

14 Beyond Protection

15 Defender must defend entire attack surface Attacker must find (or make) one gap Defenses, defense-in- depth, resilience, detections, and response all reduce attack surface or limit damage Attacker’s asymmetry

16 Attackers advantage is a simplification – perhaps an oversimplification Mostly true at the engagement level We are focusing at wrong level of conflict Think campaign not engagement Hanging together “We must, indeed, all hang together or, most assuredly, we shall all hang separately.” – Benjamin Franklin

17 A campaign isn’t a single target – attackers reuse resources and rely on secrecy An attacker’s success depends on their ability to keep defenders from detecting and defeating their campaign. Defenders take one gap in a defenders secrecy to detect, illuminate, and defeat an adversary. When defenders share and act on intelligence it can take only one slip in secrecy to defeat an attacker’s campaign. Defenders’ advantage http://sopadepato.com/wordpress/wp-content/uploads/2013/01/Chewbacca.jpg

18 An attacker’s campaign Campaign types Opportunistic Regional target set Specific target set Single target CapabilitiesInfrastructureOperationsOpportunity Cost per targetAmount of Reuse

19 Campaign types Opportunistic Regional target set Specific target set Single target CapabilitiesInfrastructureOperationsOpportunity Cost per target Traditional defense – affect on campaign * Defense affects all adversaries

20 Campaign types Opportunistic Regional target set Specific target set Single target CapabilitiesInfrastructureOperationsOpportunity Cost per target Acting on Threat Intel – campaign impact * Defense affects targeted adversary

21

22 If we needed a reminder – there’s no replacement for consistent secure development and operations Requirements Design Development Verification Response to vulnerabilities is critical Secure Development and Operations

23 Protect, Detect, Respond Threat intelligence Cooperative defense Automated machine speed sharing Privacy and credentials Services and defense networks High security enclaves Not just devices, software, or services Beyond Exploitation

24

Download ppt "Bluehat 2014 Looking back and driving forward Chris Betz Senior Director Microsoft Security Response Center."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.

1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.

SPEAKER BLITZ ERIC BROWN Senior Systems Engineer NICK JAVANOVIC DoD Regional Sales Manager.
IaaS PaaS SaaS This is, in fact, the only risk to which we can lose the entire company. Chief Risk Manager.

IaaS PaaS SaaS This is, in fact, the only risk to which we can lose the entire company. Chief Risk Manager.
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.

The Way to Protect The Smartest Way to Protect Websites and Web Apps from Attacks.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Microsoft Internet Safety Enforcement: A worldwide team of lawyers, investigators, technical analysts and other specialists whose mission it is to make.

Microsoft Internet Safety Enforcement: A worldwide team of lawyers, investigators, technical analysts and other specialists whose mission it is to make.
Www.safezonesystems.com SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.

SafeZone® patent pending 1 Detect. Inform. Prevent. NERC Physical Security Standards and Guidelines SafeZone® Detect. Inform. Prevent.
Information Security Issues at Casinos and eGaming

Information Security Issues at Casinos and eGaming
Architecting secure software systems

Architecting secure software systems
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior

Similar presentations

Ads by Google