the cloud y future of security technologies
play

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. - PowerPoint PPT Presentation

Jun 03, 2023 •155 likes •848 views

The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011 The Cloud-y Future of Security Technologies Adam J. ODonnell, Ph.D. Chief Architect, Cloud

  1. The Cloud-y Future of Security Technologies Adam J. O’Donnell, Ph.D. Director, Cloud Engineering Immunet, Inc. Monday, August 22, 2011

  2. The Cloud-y Future of Security Technologies Adam J. O’Donnell, Ph.D. Chief Architect, Cloud Technology Group Sourcefire, Inc. Monday, August 22, 2011

  3. About Immunet • Founded in mid-2008 to build next-gen AV • Funding through Altos Ventures, TechOperators in Nov 2009 • Acquired by SourceFire Dec 2010, announced Jan 2011 Monday, August 22, 2011

  4. About me • Founded in late-1978 to build next-gen of the family line • Funding through Guardent, consulting, and NSF GRFP @ Drexel University • Acquired by Cloudmark in 2005, started Immunet full-time when funded in 2009. Monday, August 22, 2011

  5. Monday, August 22, 2011

  6. Monday, August 22, 2011

  7. Virus vs. Anti-Virus, 1980s Style • Viruses: • Count: 10 2 • Mutation rate: What mutations? • Propagation: sneakernet Monday, August 22, 2011

  8. Virus vs. Anti-Virus, 1980s Style • Anti-Virus: • Low definition count, updated monthly • Mutation rate: What mutations? • Propagation: USPS Monday, August 22, 2011

  9. Virus vs. Anti-Virus, 1990s Style • Viruses: • Count: 10 3-4 • Mutation rate: Fairly low • Propagation: Sneakernet, BBS, Internet Monday, August 22, 2011

  10. Virus vs. Anti-Virus, 1990s Style • Anti-Virus: • Definitions updated daily to weekly • Mutation rate: Busines hours response teams • Propagation: Sneakernet, BBS, Internet Monday, August 22, 2011

  11. Virus vs. Anti-Virus, Today • Viruses: • 2000: 5*10 4 2003: 10 5 2008: 10 6 Today: 10 7 • Average in field lifetime: 2 to 3 days . Monday, August 22, 2011

  12. Virus vs. Anti-Virus, Today • Anti-Virus: • Definitions updated every 5 minutes • Mutation rate: Follow the sun response teams • Propagation: Internet-only Monday, August 22, 2011

  13. How do AV firms know what viruses exist? Monday, August 22, 2011

  14. Monday, August 22, 2011

  15. Sample Sharing Alliances • Informal groups of AV researchers at firms that agree to share, on a hourly or daily basis, drops of new malware • Based upon who you know and what samples you regularly have Monday, August 22, 2011

  16. Monday, August 22, 2011

  17. • 1980’s: Informal sample sharing alliances. Monday, August 22, 2011

  18. • 1980’s: Informal sample sharing alliances. • 1990’s: Informal sample sharing alliances. Monday, August 22, 2011

  19. • 1980’s: Informal sample sharing alliances. • 1990’s: Informal sample sharing alliances. • 2000’s: Informal sample sharing alliances. Monday, August 22, 2011

  20. • 1980’s: Informal sample sharing alliances. • 1990’s: Informal sample sharing alliances. • 2000’s: Informal sample sharing alliances. • 2010’s: Informal sample sharing alliances, some centrally collected logs from the big boys. Monday, August 22, 2011

  21. Virus Count Monday, August 22, 2011

  22. Virus Count 10000000 1000000 100000 10000 1000 100 1985 1992 1998 2005 2011 Monday, August 22, 2011

  23. Intel Virus Count 10000000 1000000 100000 10000 1000 100 1985 1992 1998 2005 2011 Monday, August 22, 2011

  24. End result? • Analyst teams are overwhelmed with stopping threats days after they disappeared from circulation. • Current, real world, in field efficacy of AV products is approximately 43% for new malware for generic detections Monday, August 22, 2011

  25. What can Cloud do for you? (If you are building a security technology) Monday, August 22, 2011

  26. ? Monday, August 22, 2011

  27. Source: Amazon’s Cloud Player FAQ Monday, August 22, 2011

  28. The Cloud is... • Services where data is held and computation is done server-side and presentation is done client-side • Business models built around pricing as a function of service usage Monday, August 22, 2011

  29. What does Cloud AV Look like? Monday, August 22, 2011

  30. Conventional v. Cloud Monday, August 22, 2011

  31. Conventional v. Cloud Monday, August 22, 2011

  32. Conventional v. Cloud Monday, August 22, 2011

  33. Conventional v. Cloud Monday, August 22, 2011

  34. • From a high level it is similar to what lives on the desktop • Accepts crypto hashes, fuzzy hashes, machine learning feature vectors and spits out “good/bad” Monday, August 22, 2011

  35. • Multi-tier data storage (cache, database, flat files) • Allows for analysis of events on a global scale, rather than system local Monday, August 22, 2011

  36. So why is this even possible? Monday, August 22, 2011

  37. Virus Count Local Application Count Monday, August 22, 2011

  38. Virus Count Local Application Count 10000000 1000000 100000 10000 1000 100 1985 1992 1998 2005 2011 Monday, August 22, 2011

  39. Virus Count Local Application Count • System cache may be blown out, but 10000000 globally there is a high level of cache locality 1000000 • Bandwidth of round-trip lookups is 100000 dramatically lower than that of shipping virus updates 10000 • Low-latency bandwidth is practically 1000 ubiquitous 100 1985 1992 1998 2005 2011 Monday, August 22, 2011

  40. What does this give you? • Intelligence • Accuracy • Data for and ability to apply novel techniques Monday, August 22, 2011

  41. Intelligence • Continuous collection of who saw what, when, and in what context • Can request additional data on any file that is suspicious or requires further analysis • Extracted from your community, not what is passed around by sample vendors Monday, August 22, 2011

  42. Accuracy • Closes the gap between when a signature is first published and when it is available to the client • Optimize around real metrics (not guesses) about in-field efficacy based upon lookups from end users • Crowdsourced whitelisting and blacklisting (more on that in a bit) Monday, August 22, 2011

  43. Novel Techniques • Global prevalence tracking • Real data for machine learning • Retrospective conviction • APT hunting Monday, August 22, 2011

  44. Monday, August 22, 2011

  45. Monday, August 22, 2011

  46. Monday, August 22, 2011

  47. Monday, August 22, 2011

  48. Monday, August 22, 2011

  49. Monday, August 22, 2011

  50. Algorithm Design or, just because it isn’t O(n x ), doesn’t mean it’s fast. Monday, August 22, 2011

  51. Bad Algorithms • O(x n ), where x, n are any of the following: • User count • Rule count • Anything that may grow as the system gets older Monday, August 22, 2011

  52. Monday, August 22, 2011

  53. Good Algorithms • Anything O(1) • Use hash tables extensively • If O(x n ) • x, n should be constants, such as the number of features examined in an executable • Or, do it offline / out of band Monday, August 22, 2011

  54. Everything is a queue And there are bad queues, and good queues Monday, August 22, 2011

  55. Monday, August 22, 2011

  56. Good Queues • Shoot for G/D/n, with service rates defined by aforementioned O(1) algorithms • Thank you, Harish Sethu @ Drexel University, for making me take Queueing Theory Monday, August 22, 2011

  57. Take only what you need You can’t store everything online Monday, August 22, 2011

  58. Current, stable, SoTA • Multithreaded server • Memcached layer • MySQL/MSSQL/Oracle below • Log files Monday, August 22, 2011

  59. Current, non-stable, SoTA • Asynchronous server • Memcached layer • NoSQL: Redis / MongoDB / Riak / Membase / Cassandra, pick your poison • Log files Monday, August 22, 2011

  60. Monday, August 22, 2011

  61. CPU Analogy • Be VERY choosy about what data sits in L1, L2, L3, and disk, otherwise see Chernobyl slide Monday, August 22, 2011

  62. In Conclusion... Monday, August 22, 2011

  63. Stop griping, start building. Monday, August 22, 2011

  64. Cloud AV isn’t just AV It’s a combination of... Monday, August 22, 2011

  65. • Traditional catch-and-block • Real-time analytics • Retrospective repair • Deep forensics Monday, August 22, 2011

  66. But why just reinvent one acronym? • HIDS/HIPS • DLP • 2FA (Duo Security) Monday, August 22, 2011

  67. Questions? Monday, August 22, 2011

  68. Contact Info Adam J. O’Donnell, Ph.D. Chief Architect, Cloud Technology Group Sourcefire, Inc. aodonnell@sourcefire.com Monday, August 22, 2011

Recommend

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes

Using Cloud Native Technologies to Solve Complex Application Security Challenges in Kubernetes Deployments Cequence Security: A Cloud Native Approach to Application Security Venture-backed start-up bringing much-needed innovation to

304 views • 17 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the

Cloud Security Today Presenter: Jason Sheffield Topics What are the issues today? What is the Cloud? How the Cloud is delivered: Iaas, PaaS and SaaS Cloud security challenges and risk Current Cloud security report Cloud security technology

302 views • 27 slides
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH FOC2015 Vienna / 17.06.2015 Challenges for Future ICT Systems Cloud computing will be at the heart of future ICT

426 views • 17 slides
Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined)

Outline Get Off of My Cloud 8271 discussion of cloud computing security (combined) Administrative discussions Stephen McCamant University of Minnesota Multi-Cloud Oblivious Storage Old and new topics in security Cloud threats, old and new

645 views • 8 slides
1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

1 1.2. Guidelines for Information Security of Cloud Computing Category Main contents of measure

Agenda Related Polices to Cloud Computing I. Guidelines for Information Security of Cloud II. Computing Cloud Security Certification Scheme in KOREA Cloud Security Certification Program in Korea III. April. 11, 2017 Jungduk (JD) KIM, Ph.

403 views • 5 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today

Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today

Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today Today 1. Review/Summary of security technologies Crypto and certificates 2. Combination of techniques in SSL The basis for secure HTTP, ssh

564 views • 40 slides
Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing

Security and Privacy for Cloud Computing Refik Molva Cloud Computing Outsourcing Storage Computation High availability No maintenance Decreased Costs Elasticity & Flexibility Security and Privacy for Cloud

529 views • 36 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Technology in Action Butler Technologies and its move to the cloud John Carney, Chief Financial

Technology in Action Butler Technologies and its move to the cloud John Carney, Chief Financial

Technology in Action Butler Technologies and its move to the cloud John Carney, Chief Financial Officer Content Butler Technologies and its journey to the cloud About Butler Technologies Our technology challenges Why cloud and

530 views • 9 slides
Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by

Cloud Native Visibility and Security Chris Kranz Sysdig Secure DevOps for Cloud Native Open by design Ecosystem integration Strong momentum Founded by Wireshark Cloud-native security Customer expansion mirrors co-creator and

247 views • 22 slides
Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security

Migration To Cloud Why Cloud Advantages of Cloud Managed Rapid Rapid Increased Security Cap-ex Free Resilience Infrastructure Elasticity Infrastructure Flexibility Sevices 5% of organizations have migrated at least 30% 41% 52%

540 views • 11 slides
CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is

1 CS5412: THE CLOUD VALUE PROPOSITION Lecture XXII Ken Birman Cloud Hype 2 The cloud is cheaper The cloud business model is growing at an unparalleled pace without any limit in sight In the future everything will be on the cloud

945 views • 65 slides
Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste

Towards Supercloud Computing: User-Centric Security Management for Clouds of Clouds Marc Lacoste Orange Labs SEC2 ComPAS15 Workshop on Cloud Security Lille, June 30, 2015 Cloud Security Today Security = key concern in cloud adoption for the

2.73k views • 33 slides
CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns

CS573 Data privacy and security in the cloud in the cloud Slide credits: Ragib Hasan, Johns Hopkins University What is Cloud Computing ? Lets hear from the experts 2 What is Cloud Computing ? The infinite wisdom of the crowds (via

709 views • 38 slides
Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of

Agenda Singapore Standard for Multi-Tiered Cloud Security - SS 584:2013 1. To provide an overview of Multi-Tier Cloud Security (MTCS SS584:2013) standard 2. To detail the deployment considerations and related initiatives Wong Onn Chee, Cloud

352 views • 6 slides
Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief

Securing the Cloud Identity Management and Network Security in the Cloud Mark Ryland Chief Solutions Architect AWS Public Sector team Khawaja Shams Cloud Architect Jet Propulsion Labs / NASA QCon New York 2012 Agenda Identity &

594 views • 21 slides
Voc confiaria a sua vida nuvem ? Tcnicas para a computao terceirizada com privacidade

Voc confiaria a sua vida nuvem ? Tcnicas para a computao terceirizada com privacidade

Voc confiaria a sua vida nuvem ? Tcnicas para a computao terceirizada com privacidade e segurana Hamish Hunt Flavio Bergamaschi Emerging Technologies, IBM Emerging Technologies,IBM Cloud Computing and Security Security

374 views • 18 slides
Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue Mentor: Dr. Ta Nguyen Binh Duong

Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue Mentor: Dr. Ta Nguyen Binh Duong

A Method for Evaluating Placement Security of New IaaS Cloud Providers SCSE01 Pan Yue Mentor: Dr. Ta Nguyen Binh Duong Overview Introduction to Problem Background research Experimental methodology Results and analysis Future development

838 views • 29 slides
Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

psrikanth@bitglass.com Booth #450 Surviving the Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth #450 Time Travel to 2004 Virtual Private Server Dedicated Server Shared Hosting Cloud Booth

498 views • 14 slides
1 Figure 7.3 Figure 7.3 Messages with both Authenticity and Secrecy Messages with both

1 Figure 7.3 Figure 7.3 Messages with both Authenticity and Secrecy Messages with both

Today Today 1. Review/Summary of security technologies Crypto and certificates 2. Combination of techniques in SSL Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust The basis for secure HTTP, ssh

269 views • 7 slides
Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz

Defining the Cloud Battlefield Supporting Security Assessments by Cloud Customers Sren Bleikertz 1 Toni Masteli 2 Sebastian Pape 3 Wolter Pieters 4 Trajce Dimkov 5 1 IBM Research - Zurich 2 Vienna University of Technology 3 TU Dortmund 4 TU

683 views • 46 slides

More recommend