Winn Schwartau, Chief Visionary Officer, Winn Schwartau LLC
To defend networks, we should be able to measure their security performance. I’m going to show you the exact techniques to measure the security of portions of your internal networks, such as anti-virus, malware and anomalous event detection. Then we will apply the same techniques to compare the security of classes of protective security products even though vendors don’t supply such specifications.
It all begins with my first career, Rock’n’Roll and being an Analogue audio engineer. Then we travel to Warsaw and Perth to discover the roots of Analogue Network Security… then!
You will see how to measure security and compare the effectiveness of protective devices as a function of time. We will call BB any vendor’s Black Box that performs any abstract security service. The internal process mechanism is immaterial to system measurement; signature-based A/V, rule-based binary decision making, heuristics, deep learning or any possible hybrid.
It’s still a Black Box. With Time Based Security as the premise, we first show how to measure D(t), detection efficacy as a function of time. Then we will show how the injection of ‘hostile’ test code can create a time-based metric for product comparison. By varying the sensitivity of detection criteria, especially with ‘smart’ systems, we can see how which kinds of hostile code will trigger the BB’s detection mechanism. (This is a non-vendor presentation!) The time difference between those two numbers is your current, accurately measured Detection Time, or T(1) – T(0) = D(t) The second step in measuring security in the time domain is to continue to Reaction. The Detection Trigger stops the primary clock and begins the reaction measurement process, up to and including remediation, all in the time-domain.
R(t). The measurement of D(t) + R(t) gives us the maximum exposure to the system (process, etc.) equaling E(t), Exposure Time. How do your products and services really perform? Measuring security in the time domain for cyber is a critical tool for understanding and improving security postures. Attendees will receive the math, the tools, charts and schematics on how to measure their own security.
Winn has lived Security since 1983, and now says, “I think, maybe, I’m just starting to understand it.” His predictions about the internet & security have been scarily spot on. He coined the term “Electronic Pearl Harbor” while testifying before Congress in 1991 and showed the world how and why massive identify theft, cyber-espionage, nation-state hacking and cyber-terrorism would be an integral part of our future. He was named the “Civilian Architect of Information Warfare,” by Admiral Tyrrell of the British MoD.
His new book, “Analogue Network Security” is a mathematical, time-based and probabilistic approach to justifiable security. His goal is to provide a first set of tools and methods to “fix security and the internet”, including fake news, spam, phishing, DDoS and more. It will twist your mind.Distinguished Fellow: Ponemon Institute
Top-20 industry pioneers: SC Magazine
Top 25 Most Influential: Security Magazine
Top 5 Security Thinkers: SC Magazine
Power Thinker and one of the 50 most powerful people: Network World.
Top Rated (4.85) RSA Speaker
Author: Pearl Harbor Dot Com (Die Hard IV), 3 volumes of “Information Warfare,” “CyberShock”, “Internet and Computer Ethics for Kids”, “Time Based Security” (More on his web site.)
Founder: www.InfowarCon.Comv Executive Producer: “Hackers Are People Too”