Dailydave mailing list archives
A summary of all the RSA Keynotes and the future we have to beat.
From: Dave Aitel <dave () immunityinc com>
Date: Wed, 16 Apr 2014 13:11:07 -0400
Links you should hit first: http://immunityproducts.blogspot.com/2014/04/revamping-el-jefe.html http://www.rsaconference.com/videos/122/stop-looking-for-the-silver-bullet-start-thinking One thing I noticed from watching all of the RSA keynotes is that they all said the exact same things, often in the same words. For example, in the HP keynote (above) you'll see the threads of "We're getting outmatched" with we need to move to "real-time + big data understanding". This is the exact same speech that Philippe Courtot gave, that Stephen Trilling gave, that Kevin Mandia gave, that the Cisco team gave. They were all the same. Which is interesting in and of itself. All the big companies are moving in the same direction, or at least want to. But here is where they will potentially fail, in my opinion. First of all, real time response is incredibly hard, since nobody is sure what response means beyond "kill that process". If you take a machine offline, you might interrupt a critical business function in a way that is not predictable. Likewise, the big data you rely on is going to be fed to you by your attackers once they penetrate a box. And deep down, without an offensive team, you don't know what you're really looking for in the first place. For example, attackers are quickly going to move to "C2C-less trojans" and "faster real time attack". There's a great talk at INFILTRATE this year on how trojans are going to use DRM techniques to frustrate automated analysis (INNUENDO is the only commercial penetration testing tool I know that does this at the moment, but soon it will be everywhere). Immunity's efforts in the automated malicious activity detection area can be seen in the El Jefe blog post above - El Jefe is free, but more importantly you can start to see the benefits of using process-chain analysis as we develop the product. The next release will tie in some statistical analysis to provide adaptive anomaly detection (malicious activity does not always mean malware - it can also mean someone just sitting at your desk typing weird commands!). The Cuckoo integration in the current release is pretty smooth as well, and we're hoping to have this available to the public sometime next week! Thanks, Dave Aitel Immunity, Inc.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- A summary of all the RSA Keynotes and the future we have to beat. Dave Aitel (Apr 16)
- Re: A summary of all the RSA Keynotes and the future we have to beat. Dominique Brezinski (Apr 18)