the cloud y future of security technologies
play

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. - PowerPoint PPT Presentation

Jun 03, 2023 •155 likes •848 views

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

  1. The Cloud-y Future of Security Technologies Adam J. O’Donnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011

  2. The Cloud-y Future of Security Technologies Adam J. O’Donnell, Ph.D. Chief Architect, Cloud Technology Group Sourcefire, Inc. Monday, August 22, 2011

  3. About Immunet • Founded in mid-2008 to build next-gen AV • Funding through Altos Ventures, TechOperators in Nov 2009 • Acquired by SourceFire Dec 2010, announced Jan 2011 Monday, August 22, 2011

  4. About me • Founded in late-1978 to build next-gen of the family line • Funding through Guardent, consulting, and NSF GRFP @ Drexel University • Acquired by Cloudmark in 2005, started Immunet full-time when funded in 2009. Monday, August 22, 2011

  5. Monday, August 22, 2011

  6. Monday, August 22, 2011

  7. Virus vs. Anti-Virus, 1980s Style • Viruses: • Count: 10 2 • Mutation rate: What mutations? • Propagation: sneakernet Monday, August 22, 2011

  8. Virus vs. Anti-Virus, 1980s Style • Anti-Virus: • Low definition count, updated monthly • Mutation rate: What mutations? • Propagation: USPS Monday, August 22, 2011

  9. Virus vs. Anti-Virus, 1990s Style • Viruses: • Count: 10 3-4 • Mutation rate: Fairly low • Propagation: Sneakernet, BBS, Internet Monday, August 22, 2011

  10. Virus vs. Anti-Virus, 1990s Style • Anti-Virus: • Definitions updated daily to weekly • Mutation rate: Busines hours response teams • Propagation: Sneakernet, BBS, Internet Monday, August 22, 2011

  11. Virus vs. Anti-Virus, Today • Viruses: • 2000: 5*10 4 2003: 10 5 2008: 10 6 Today: 10 7 • Average in field lifetime: 2 to 3 days . Monday, August 22, 2011

  12. Virus vs. Anti-Virus, Today • Anti-Virus: • Definitions updated every 5 minutes • Mutation rate: Follow the sun response teams • Propagation: Internet-only Monday, August 22, 2011

  13. How do AV firms know what viruses exist? Monday, August 22, 2011

  14. Monday, August 22, 2011

  15. Sample Sharing Alliances • Informal groups of AV researchers at firms that agree to share, on a hourly or daily basis, drops of new malware • Based upon who you know and what samples you regularly have Monday, August 22, 2011

  16. Monday, August 22, 2011

  17. • 1980’s: Informal sample sharing alliances. Monday, August 22, 2011

  18. • 1980’s: Informal sample sharing alliances. • 1990’s: Informal sample sharing alliances. Monday, August 22, 2011

  19. • 1980’s: Informal sample sharing alliances. • 1990’s: Informal sample sharing alliances. • 2000’s: Informal sample sharing alliances. Monday, August 22, 2011

  20. • 1980’s: Informal sample sharing alliances. • 1990’s: Informal sample sharing alliances. • 2000’s: Informal sample sharing alliances. • 2010’s: Informal sample sharing alliances, some centrally collected logs from the big boys. Monday, August 22, 2011

  21. Virus Count Monday, August 22, 2011

  22. Virus Count 10000000 1000000 100000 10000 1000 100 1985 1992 1998 2005 2011 Monday, August 22, 2011

  23. Intel Virus Count 10000000 1000000 100000 10000 1000 100 1985 1992 1998 2005 2011 Monday, August 22, 2011

  24. End result? • Analyst teams are overwhelmed with stopping threats days after they disappeared from circulation. • Current, real world, in field efficacy of AV products is approximately 43% for new malware for generic detections Monday, August 22, 2011

  25. What can Cloud do for you? (If you are building a security technology) Monday, August 22, 2011

  26. ? Monday, August 22, 2011

  27. Source: Amazon’s Cloud Player FAQ Monday, August 22, 2011

  28. The Cloud is... • Services where data is held and computation is done server-side and presentation is done client-side • Business models built around pricing as a function of service usage Monday, August 22, 2011

  29. What does Cloud AV Look like? Monday, August 22, 2011

  30. Conventional v. Cloud Monday, August 22, 2011

  31. Conventional v. Cloud Monday, August 22, 2011

  32. Conventional v. Cloud Monday, August 22, 2011

  33. Conventional v. Cloud Monday, August 22, 2011

  34. • From a high level it is similar to what lives on the desktop • Accepts crypto hashes, fuzzy hashes, machine learning feature vectors and spits out “good/bad” Monday, August 22, 2011

  35. • Multi-tier data storage (cache, database, flat files) • Allows for analysis of events on a global scale, rather than system local Monday, August 22, 2011

  36. So why is this even possible? Monday, August 22, 2011

  37. Virus Count Local Application Count Monday, August 22, 2011

  38. Virus Count Local Application Count 10000000 1000000 100000 10000 1000 100 1985 1992 1998 2005 2011 Monday, August 22, 2011

  39. Virus Count Local Application Count • System cache may be blown out, but 10000000 globally there is a high level of cache locality 1000000 • Bandwidth of round-trip lookups is 100000 dramatically lower than that of shipping virus updates 10000 • Low-latency bandwidth is practically 1000 ubiquitous 100 1985 1992 1998 2005 2011 Monday, August 22, 2011

  40. What does this give you? • Intelligence • Accuracy • Data for and ability to apply novel techniques Monday, August 22, 2011

  41. Intelligence • Continuous collection of who saw what, when, and in what context • Can request additional data on any file that is suspicious or requires further analysis • Extracted from your community, not what is passed around by sample vendors Monday, August 22, 2011

  42. Accuracy • Closes the gap between when a signature is first published and when it is available to the client • Optimize around real metrics (not guesses) about in-field efficacy based upon lookups from end users • Crowdsourced whitelisting and blacklisting (more on that in a bit) Monday, August 22, 2011

  43. Novel Techniques • Global prevalence tracking • Real data for machine learning • Retrospective conviction • APT hunting Monday, August 22, 2011

  44. Monday, August 22, 2011

  45. Monday, August 22, 2011

  46. Monday, August 22, 2011

  47. Monday, August 22, 2011

  48. Monday, August 22, 2011

  49. Monday, August 22, 2011

  50. Algorithm Design or, just because it isn’t O(n x ), doesn’t mean it’s fast. Monday, August 22, 2011

  51. Bad Algorithms • O(x n ), where x, n are any of the following: • User count • Rule count • Anything that may grow as the system gets older Monday, August 22, 2011

  52. Monday, August 22, 2011

  53. Good Algorithms • Anything O(1) • Use hash tables extensively • If O(x n ) • x, n should be constants, such as the number of features examined in an executable • Or, do it offline / out of band Monday, August 22, 2011

  54. Everything is a queue And there are bad queues, and good queues Monday, August 22, 2011

  55. Monday, August 22, 2011

  56. Good Queues • Shoot for G/D/n, with service rates defined by aforementioned O(1) algorithms • Thank you, Harish Sethu @ Drexel University, for making me take Queueing Theory Monday, August 22, 2011

  57. Take only what you need You can’t store everything online Monday, August 22, 2011

  58. Current, stable, SoTA • Multithreaded server • Memcached layer • MySQL/MSSQL/Oracle below • Log files Monday, August 22, 2011

  59. Current, non-stable, SoTA • Asynchronous server • Memcached layer • NoSQL: Redis / MongoDB / Riak / Membase / Cassandra, pick your poison • Log files Monday, August 22, 2011

  60. Monday, August 22, 2011

  61. CPU Analogy • Be VERY choosy about what data sits in L1, L2, L3, and disk, otherwise see Chernobyl slide Monday, August 22, 2011

  62. In Conclusion... Monday, August 22, 2011

  63. Stop griping, start building. Monday, August 22, 2011

  64. Cloud AV isn’t just AV It’s a combination of... Monday, August 22, 2011

  65. • Traditional catch-and-block • Real-time analytics • Retrospective repair • Deep forensics Monday, August 22, 2011

  66. But why just reinvent one acronym? • HIDS/HIPS • DLP • 2FA (Duo Security) Monday, August 22, 2011

  67. Questions? Monday, August 22, 2011

  68. Contact Info Adam J. O’Donnell, Ph.D. Chief Architect, Cloud Technology Group Sourcefire, Inc. aodonnell@sourcefire.com Monday, August 22, 2011

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes Deployments Cequence Security: A Cloud Native Approach to Application Security Venture-backed start-up bringing much-needed innovation to

304 views • 17 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH FOC2015 Vienna / 17.06.2015 Challenges for Future ICT Systems Cloud computing will be at the heart of future ICT

426 views • 17 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today

Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today

Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today Today 1. Review/Summary of security technologies Crypto and certificates 2. Combination of techniques in SSL The basis for secure HTTP, ssh

564 views • 40 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Technology in Action Butler Technologies and its move to the cloud John Carney, Chief Financial

Technology in Action Butler Technologies and its move to the cloud John Carney, Chief Financial

Technology in Action Butler Technologies and its move to the cloud John Carney, Chief Financial Officer Content Butler Technologies and its journey to the cloud About Butler Technologies Our technology challenges Why cloud and

530 views • 9 slides
Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by design Ecosystem integration Strong momentum Founded by Wireshark Cloud-native security Customer expansion mirrors co-creator and

247 views • 22 slides
Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security Cap-ex Free Resilience Infrastructure Elasticity Infrastructure Flexibility Sevices 5% of organizations have migrated at least 30% 41% 52%

540 views • 11 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
Thrombophilia and VTE: Do We Know What To Do? Robert J. Sommer, MD Columbia University Medical

Thrombophilia and VTE: Do We Know What To Do? Robert J. Sommer, MD Columbia University Medical

Cryptogenic Stroke/PFO with Thrombophilia and VTE: Do We Know What To Do? Robert J. Sommer, MD Columbia University Medical Center New York, NY Disclosure Statement of Financial Interest Within the past 12 months, I, Robert Sommer, have had a

972 views • 22 slides
New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head

New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head

New drugs bypassing the anti-EGFR blockade Vanesa Gregorc Thoracic Oncology, Melanoma and Head and Neck Area Coordinator Department of Oncology, Division of Experimental Medicine, San Raffaele Scientific Institute Heterogeneous acquired

288 views • 26 slides
Existential Types for Imperative Languages Dan Grossman Cornell University Eleventh European

Existential Types for Imperative Languages Dan Grossman Cornell University Eleventh European

Existential Types for Imperative Languages Dan Grossman Cornell University Eleventh European Symposium on Programming April 2002 Designing safe languages To design a strong-typed language: 1. Draw on acquired knowledge of well- behaved

410 views • 29 slides
Utility of electronic health records in improving diagnosis Bianca Duah 1 Kerri Sheahan 1 and

Utility of electronic health records in improving diagnosis Bianca Duah 1 Kerri Sheahan 1 and

Co-Authors Utility of electronic health records in improving diagnosis Bianca Duah 1 Kerri Sheahan 1 and treatment of opioid use Shafaq Tarar 1 Blanche Langenbach 1 Emily Forcht 1 Wyley Gates 1 disorders in HIV clinic settings David Perlman 1

176 views • 6 slides
RARE MISSPELLINGS OF THE GENOME, DOPAMINE MISHANDLING, AND ADHD RANDY D. BLAKELY, PH.D. FLORIDA

RARE MISSPELLINGS OF THE GENOME, DOPAMINE MISHANDLING, AND ADHD RANDY D. BLAKELY, PH.D. FLORIDA

RARE MISSPELLINGS OF THE GENOME, DOPAMINE MISHANDLING, AND ADHD RANDY D. BLAKELY, PH.D. FLORIDA ATLANTIC UNIVERSITY BRAIN INSTITUTE 1 Dr. Blakely declares no conflicts of interest derived from financial support of the research to be discussed

1.05k views • 45 slides
Random genetic drift Genetic drift and mutation balance Population size is an important number

Random genetic drift Genetic drift and mutation balance Population size is an important number

Random genetic drift Genetic drift and mutation balance Population size is an important number With mutations a random mating population of diploids can acquire 2N new alleles every generation. A random-mating population of diploid

251 views • 5 slides
Property analysis of symmetric travelling salesman problem instances acquired through evolution

Property analysis of symmetric travelling salesman problem instances acquired through evolution

I V N E U R S E I H T Y T O H F G R E U D I B N Property analysis of symmetric travelling salesman problem instances acquired through evolution Jano van Hemert < jvanheme@inf.ed.ac.uk > Current host: School of

481 views • 44 slides
Introduction to Evolution (Biological!) and Evolvability General Principles of Evolution Adaptive

Introduction to Evolution (Biological!) and Evolvability General Principles of Evolution Adaptive

Introduction to Evolution (Biological!) and Evolvability General Principles of Evolution Adaptive vs Non-adaptive selection Conservation, Constraints and Convergence Examples Mutation/Selection/Evolution in Bacterial Systems Mutation/Repair

649 views • 34 slides

More recommend