| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
While the past isn't a direct indication of future performance, knowing the
past is essential to predicting the future. In security, this requires reviewing
large quantities of vulnerability, defect and exploit data to fully understand
how attackers are likely to approach their task. While there have been many annual reports on the vulnerabilities produced by
individual tools, this view can be myopic based on the focus of that particular
product: Network, Database, Operating System, Dynamic Application, Source code,
etc. It is impossible to get a full picture and how the different components
relate. This talk is a comprehensive look into a data set that spans all of these.
Instead of examining a single tool, this talk represents the aggregation of
data from 20 of the leading security tools on the market and a thorough review
of the data they generate. First, we examine the overlapping data generated
from the aforementioned tools. Next, we will compare and contrast it with the
output of multiple breach reports and databases, and extract trends that may be
important in helping us reduce the number of breaches in the future. The corpus
of this research is from over 30,000,000 vulnerabilities analyzed from the past
12 months, generated from across some of the largest corporations in the world. BIOS: Michael is responsible for building out Risk I/O's predictive analytics
functionality. He formerly worked in fraud detection in the finance industry,
and holds an MS in Operations Research from Georgia Tech. In his spare time he
tinkers on everything from bikes to speakers to cars, and works on his pet
project: outfitting food trucks with GPS. Ed is the CoFounder of Risk I/O a vulnerability intelligence Software as a
Service that centralizes, correlates and automates the entire stack of security
vulnerabilities and remediation workflow. Ed has over 20 years of experience in
information security and technology. He is a frequent speaker at information
security events across North America and Europe. Additionally, Ed is a
contributing author to the book Beautiful Security by O'Reilly and a blogger on
CSO Online.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast