Published on March 5, 2013
Hitting Above The Security Mendoza Line Ed Bellis, CEO Risk I/O
Nice To Meet YouAbout Me CoFounder Risk I/O Former CISO Orbitz Contributing Author Beautiful Security CSO Magazine/Online Writer InfoSec Island BloggerAbout Risk I/O Data-Driven Vulnerability Intelligence Platform DataWeek 2012 Top Security Innovator 3 Startups to Watch - Information Week 16 Hot Startups - eWeek
About MarioPlayed for Pirates,Rangers & MarinersPlayed MLB for 9 SeasonsLifetime Batting Avg: .214,4HR, 101 RBIFailed to bat .200 5 times
The Security Mendoza LineWouldn’t it be nice if we had something thathelped us divide who we considered“Amateur” and who we considered“Professional”? Enter The Security Mendoza Line Alex Hutton came up with original concept of the Security Mendoza Line http://riskmanagementinsight.com/riskanalysis/?p=294
HD Moore’s Law Josh Corman expands the Security Mendoza Line “Compute power grows at the rate of doubling about every 2 years” “Casual attacker power grows at the rate of Metasploit” http://blog.cognitivedissidents.com/ 2011/11/01/intro-to-hdmoores-law/
A Difﬁcult TaskNearly 2K MSF Exploits 2000 Exploit Developmentin ﬁrst 9 months! 1500ExploitDB > 18K Exploits 1000 50017.8% Known Exploits 0 2010 MSF Modules 2012
Release Early Release Often
Point Click Pwn
A Data DrivenApproach
Out Scripting the KiddiesFighting Automationwith AutomationNetﬂix/SimianArmy
Context MattersAttackPath dataanalysis
Context MattersWait just a minute...Computing Optimal SecurityStrategies for Interdependent Assetshttp://vorobeychik.com/2012/ssgames.pdfGame Theory: Smart Data>Big Datahttp://blog.risk.io/2013/02/playing-around-with-game-theory/
Context MattersMitigating Controls Firewalls / ACLs IPS WAF MFA Other
Context MattersHoneypot, WAF & IDS data logs! logs! logs! Measuring Likelihood
Broader Context Targets of Opportunity?My(vuln posture X other threat activity) / (other vuln posture X other threat activity)
Beyond Info Sharing Model Sharing
A Quick Side NoteCVE Trending Analysis Gunnar’s Debt Clock
Q&Afollow us the blog http://blog.risk.io/ twitter @ebellis And one more thing.... @riskio We’re Hiring! https://www.risk.io/jobs
... Valerie starts her recollection of the events by say the BSides SF ... BSides San Francisco is ... Hitting above the Security Mendoza Line.
... and has set a new benchmark for other Security BSides ... the Business » Security BSidesSF Goes Above and ... the Security Mendoza line; ...
Presentations from the BSides Events and ... Technical Product Manager at Tenable Network Security. ... Hitting above the Security Mendoza Line Ed Bellis ...
BSidesSanFrancisco01 Event details . ... to and from Moscone Center, Security BSides SF, and your ... #47 will take you there as will the MUNI "M" line ...
BSides Las Vegas – August 2nd and ... Security BSides Las Vegas . ... Our 2016 Sponsor Kit is now on-line. The Proving Ground Call for Mentors is FULL!
... Oregon area Security Conference. ... The convention center is right on a MAX line and ... BSides PDX is a gathering of the most interesting infosec ...
BSidesSF: Mike Dahn Discusses Everything Security BSides Michael ... Mike Dahn Discusses Everything Security BSides. ... and corporate service lines.