RSAC 2015 Keynotes: InfoSec Big Data, Cloud Transparency & Control
Last week, I attended keynotes and sessions at the RSA conference hosted at the Moscone Center in San Francisco, taking notes as furiously as possible and sprinting back and forth between rooms - leaving little energy and time left to live-blog coherently after. As a result, I’ll be blogging about some of the more interesting talks this week as a retrospective.
True, many of the keynotes are available as videos online, but here’s my summary and top takeaways from some of the speeches from the Microsoft and Intel leaders:
Enhancing Cloud Trust
Scott Charney, Corporate VP of Microsoft’s Trustworthy Computing, gave a keynote on Tuesday, April 21 following RSA President Amit Yoran’s speech on security’s age of enlightenment.
His talk centered on the need for transparency and control as we move into the cloud. Despite improving security innovations, threat models have gotten worse. In order to build a more preventative infrastructure, we need to deal with the identity problem. Credentials are often harvested by attackers in order to look like a legitimate user, logging into our cloud infrastructure.
The threat model is changing - attacks have become more destructive. Charney questions how we can protect the fabric of VMs (virtual machines) from attackers, since it’s not only users that are signing up for cloud subscriptions - attackers are also signing up and leveraging the same technology to launch malicious attacks.
Charney also mentioned that in a “post-Snowden world, we’re concerned about each other.” This was not the first and only mention of the insider threat, which seemed to be a new theme this year at the RSAC conference among speakers. Threats are changing and taking on new threat actors, including not just external actors, but also potentially your own employees.
He made a good point that customers are happier when they feel like they’re in control - while its not necessarily safer to drive than fly, people still feel like they have more control when they’re behind the wheel.
Cloud providers need to think differently when it comes to control and transparency. Not everything is in the cloud - some things are still on-premises. And we’re still dealing with identity management problems.
There are two major areas cloud providers and organizations that use cloud services should focus on:
- How you authenticate to your device
- Personal computing - when a machine recognizes you based on your behavior, devices and location
For more control, cloud services should also allow people to manage their encryption better, by giving them the functionality to deny cloud providers access to their environment and cloud if needed, for any reason.
When you’re on-premises, you get to decide which logs and what to deploy, but when you move technology to the cloud, you lose some of that control.
Charney made the point that “sophisticated” attackers harvest credentials and move laterally across networks - making domain authentication a major problem. He suggests updating regularly and better management of domain list authentication. People also need to know what’s happening to their data on the network, and they need to see a list of who has access to their data.
With the recent high-profile destructive attacks in the media, the world has finally woken up. That means the markets have woken up - and when the markets create demand, people that build technology must rise up and meet the demand.
Security on Offense
Christopher Young, Senior VP and GM of Intel Security Group, gave a keynote with a sports metaphor twist. While in pro sports, defense is said to win championships, without offense it’s hard to score the points needed to triumph. Young claims the same holds true for information security.
He made the point that we need to use big data to inform and prioritize our actions, based on analyzed insights, as well as to map threats and alerts into a threat campaign. Ok, I admit I wrote “something something moneyball sportsball metaphor” in my notes, but he did use the great example of Moneyball - a baseball movie that featured the use of big data to monitor an athlete and team’s actual performance.
He even brought Oakland Athletic’s general manager, Billy Beane, who was played by Brad Pitt in Moneyball, onstage to share a few words, which appeared to be a crowd-pleaser. Beane was a major proponent and leader of the use of big data in changing the game of baseball.
Frustrated by his inability to outbid other teams for good players, Beane turned for help to Paul DePodesta, a former economics major at Harvard who was skillful at analytics and familiar with baseball statistics.
By mining years of data on hundreds of individual players, the two discovered statistics that were highly predictive of how many runs a player would score but weren’t numbers traditionally valued by baseball scouts. Beane realized that this meant that players who scored high on these statistics were likely to be undervalued by the market. He began looking for player bargains—players whose stats suggested they would score runs but who were under the radar of other teams. As Beane began to acquire such players, the A’s started to win, often beating teams with much bigger salary budgets.
Likewise, the information security industry needs to start focusing on the quality of attack information vs. the quantitative value, and assign probabilities based on attack profiles. Similar to the way Beane used big data to calculate the probability of getting runs and winning the game.
We need to change how we look at alert data - instead of chasing every alert we get, we should calculate probabilities in order to find ways to win against attackers.
Check out RSAC 2015: Jane Lynch, Computer Overlords & Smarter Authentication for more on our RSAC coverage.