Do you recall the good ole days when you would often issue the command ‘more /etc/services’ to correlate an application to a port number? Next thing you know everyone spends a fortune on firewalls and it now seems that the majority of applications now run over just a few ports. Funny thing is now we are told we all need to buy next generation firewalls because you now need visibility into the applications that your standard firewall can’t see. Is this a solution to a problem that the firewall created in the first place? Are firewalls really providing security, or is it simply network segmentation for a network that isn’t that difficult to get onto in the first place?
The story for other traditional security technologies such as A/V and IDS/IPS can be just as perturbing. For years signatures have been lambasted as not being able to keep up with the maturing and quickly advancing threat landscape. If this is the case then why are these solutions allowed to mature into old grey veterans pushed upon us by compliance requirements and experts espousing ‘defense in depth’?
This talk will not only poke fun at these crippled and elderly network membranes but will highlight real world examples used by attackers to bypass them. The point of the talk will be to provoke thinking about a false sense of security that can come from legacy technologies or ideals, and whether these can actually be a burden rather than a solution.
Dan Holden is the Director of ASERT, Arbor’s Security Engineering and Response Team, where he leads one of the most well respected security research organizations in the industry. His teams oversee the ATLAS global security intelligence database, and are responsible for threat landscape monitoring and Internet security research including the reverse engineering of malicious code. Dan also oversees the development and delivery of security content and countermeasures for Arbor’s industry leading DDoS technologies via the ATLAS Threat Feed (ATF) and the ATLAS Intelligence Feed (AIF) threat detection services. Prior to Arbor, Dan was director of HP TippingPoint’s DVLabs and a founding member of IBM/ISS X-Force. While at HP TippingPoint, Dan grew the DVLab’s organization into a mature security research and development team delivering security content, intelligence portals, and reputation technology as well as overseeing both the Zero Day Initiative (ZDI) program and Pwn2Own vulnerability contest. Dan also helped build and define X-Force over the course of 12 years in various capacities ranging from development to product management. Dan has been in the security industry spanning two decades specializing in vulnerability analysis, security research, and technology incubation. Dan is a frequent speaker at major industry conferences and has been quoted and featured in many top publications, radio and television. @desmondholden & @elizmmartin / www.arbornetworks.com/asert/ Arbor Networks
Elizabeth Martin is the Director of Security Services with RedLegg and is responsible for the development and delivery of the Risk Management practice. Elizabeth’s tenure includes Arthur Andersen, IBM Internet Security Systems, and Trustwave. She has 15 years’ experience in the Information Security, Compliance, and Risk Management industry and her expertise lies with assessing organizations and assisting with the development of a strategic approach to Information Security. Ms. Martin has extensive experience delivering Compliance Gap Assessments and Audits, Risk Assessments, Vulnerability Assessments, Policy Framework Development, and Solution Design and Deployments in the automotive, retail, financial, healthcare, government, and managed security services verticals. Elizabeth is active in the industry and serves as Board Member for the Cloud Security Alliance, Chicago Chapter; Coordinator for BSidesChicago; and is a founder of SecureChicago, Inc., an Illinois not for profit organization dedicated to promoting education and professional development in the security industry. @elizmmartin / www.arbornetworks.com/asert/ RedLegg