Rich Mogull (Securosis) and I have given a standing set of talks over the last 5-6 years at the RSA Security Conference that focus on innovation, disruption and ultimately making security practitioners more relevant in the face of all this churn.
We’ve always offered practical peeks of what’s coming and what folks can do to prepare.
This year, we (I should say mostly Rich) built a bunch of Ruby code that leveraged stuff running in Amazon Web Services (and using other Cloud services) to show how security folks with little “coding” capabilities could build and deploy this themselves.
Specifically, this talk was about SecDevOps — using principles that allow for automated and elastic cloud services to do interesting security things that can be leveraged in public and private clouds using Chef and other assorted mechanisms.
I also built a bunch of stuff using the RackSpace Private Cloud stack and Chef, but didn’t have the wherewithal or time to demonstrate it — and doing live demos over a tethered iPad connection to AWS meant that if it sucked, it was Rich’s fault.
You can find the presentation here (it clearly doesn’t include the live demos):
Dueling Banjos – Cloud vs. Enterprise Security: Using Automation and (Sec)DevOps NOW
The insufferable fatigue of imprecise language with respect to “stopping” DDoS attacks caused me to tweet something that my pal @CSOAndy suggested was just as pedantic and wrong as that against which I railed:
The long and short of Andy’s displeasure with my comment was:
to which I responded:
My point, ultimately, is that in the context of DDoS mitigation such as offload scrubbing services, unless one renders the attacker(s) from generating traffic, the attack is not “stopped.” If a scrubbing service redirects traffic and absorbs it, and the attacker continues to send packets, the “attack” continues because the attacker has not been stopped — he/she/they have been redirected.
Now, has the OUTCOME changed? Absolutely. Has the intended victim possibly been spared the resultant denial of service? Quite possibly. Could there even now possibly be extra “space in the pipe?” Uh huh.
Has the attack “stopped” or ceased? Nope. Not until the spice stops flowing.
Nuance? Pedantry? Sure.
Wrong? I don’t think so.
During the 2014 RSA Conference, I participated on a repeating panel with Bret Hartman, CTO of Cisco’s Security Business Unit and Martin Brown from BT. The first day was moderated by Jon Olstik while the second day, the three of us were left to, um, self-moderate.
It occurred to me that during our very lively (and packed) second day wherein the audience was extremely interactive, I should boost the challenge I made to the audience on day one by offering a little monetary encouragement in answering a question.
Since the panel was titled “Network Security Smackdown: Which Technologies Will Survive?,” I offered a $20 kicker to anyone who could come up with a legitimate counter example — give me one “network security” technology that has actually gone away in the last 20 years.
Despite Bret trying to pocket the money and many folks trying valiantly to answer, I still have my twenty bucks.
I’ll leave the conclusion as an exercise for the reader.