Webinar Video: Protecting Against Heartbleed with Defense in Depth
Last week, our Principal Security Architect, Adam Goodman lead an informative webinar on protecting against the recent OpenSSL Heartbleed vulnerability along with CSRgroup’s Chief Scientist, Jake Williams.
Hosted by the SANS Institute, the webinar covered some of the more specific technical techniques that Duo Security and other cloud providers use to lessen the risk of the SSL/TLS vulnerabilities.
And in just in case you missed it, we have the webinar on-demand, meaning available to watch for free! Sign up now to see How Defense In Depth Helps Protect You From Unexpected Vulnerabilities Like Heartbleed.
In this webinar, you'll get:
- An overview of the scope and impact of Heartbleed
- Specific techniques to lessen the impact of SSL/TLS failures
- How defense in depth can be applied in your organization
- Tips from industry-leading cloud providers
Webinar Description:
While the recent Heartbleed vulnerability in OpenSSL may have felt to many like a once-in-a-lifetime Internet-scale calamity, it really was just the latest in a long string of failures in SSL/TLS infrastructure - in recent years, there has been a surprisingly long list of high-profile weaknesses discovered in protocols and implementations.
We should expect this. The problem is not that SSL/TLS and its various implementations are inherently bad: humans make mistakes and all software has bugs; any security protocol or system could easily fall victim to a similar fate (perhaps even more easily - SSL/TLS is, at least, widely used and widely studied).
Instead, these failures illustrate the value of a long-held security principle known as "Defense in Depth," which holds that we must build security at every layer of our systems, such that they can remain secure even if one layer breaks.
Join us for a webcast discussing some of the specific techniques that we - and other industry-leading cloud providers - use to lessen the impact of SSL/TLS failures, and some broader ways in which the principle of Defense in Depth can be applied across your organization.
A few other articles you might be interested include:
- Duo Security's Response to OpenSSL Heartbleed
- Heartbleed Defense-in-Depth Part #1: Preventing Admin Session Hijacking
- Heartbleed Defense-in-Depth Part #2: Don't Trust SSL
Speaker bios:
Adam Goodman, Principal Security Architect, Duo Security
Adam Goodman is the Principal Security Architect at Duo Security, an Ann Arbor, Michigan-based startup focused on two-factor authentication and mobile security. He has spent over 8 years building - and breaking - secure systems, working on everything from low-level binary network protocols to web services and mobile APIs. Prior to his work at Duo, he was a founding engineer at Zattoo, Europe's leading live-streaming Internet TV operator, where he led the development of secure P2P distribution and digital rights management protocols. Adam's security research has gained attention from news sources across the security community, including Threatpost, Dark Reading, The Register, and many others.
Jake Williams, Chief Scientist, CSRgroup Computer Security Consultants
Jake Williams is the chief scientist at CSRgroup computer security consultants and has more than a decade of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Before joining CSRgroup, he worked with various government agencies in information security roles. Jake is a two-time victor at the annual DC3 Digital Forensics Challenge and a SANS course author and certified instructor.