Presentation Material

Abstract

“Today’s attacks succeed because the defense is reactive.”

As the defenses have caught up and closed open doors, we attackers have looked for new avenues and vectors. Looking back on the state of defenses from One-Way Web Hacking in 2001 to Stegosploit in 2016, a common pattern emerges. Defense boils down to reacting to new attacks and then playing catch-up.

It is time to transition defense from being reactive to proactive. This talk discusses seven axioms for implementing proactive defense strategy and measures for the future, concluding with a blueprint of the next evolution of pro-active defense architecture.

AI Generated Summary^{may contain errors}

Here is a summary of the conversation:

The speaker discussed the importance of systems engineering approaches to security, calling it “brilliant.” They emphasized the need for metrics and indicators to educate management and the board on the effectiveness of security measures. This includes translating reductions in fraud into dollar amounts saved and demonstrating response times.

When dealing with Small to Medium-sized Enterprises (SMEs), the speaker suggested that innovation and emerging businesses may not have the capability for homegrown security, but they can still implement vigilance through simple processes like log monitoring.

The conversation also touched on the concept of “Nakatomi space,” which refers to the ever-expanding attack surface. While it’s getting harder to traverse, the rapid changes in infrastructure and the addition of new platforms like mobile and IoT are making it difficult to gauge progress.

Finally, the speaker expressed support for red teaming as a creative practice tool, advocating for realistic testing and giving defenders a reality check to improve security measures.