While the past isn't a direct indication of future performance, knowing the past is essential to predicting the future. In security, this requires reviewing large quantities of vulnerability, defect and exploit data to fully understand how attackers are likely to approach their task.

While there have been many annual reports on the vulnerabilities produced by individual tools, this view can be myopic based on the focus of that particular product: Network, Database, Operating System, Dynamic Application, Source code, etc.  It is impossible to get a full picture and how the different components relate.

This talk is a comprehensive look into a data set that spans all of these.  Instead of examining a single tool, this talk represents the aggregation of data from 20 of the leading security tools on the market and a thorough review of the data they generate.  First, we examine the overlapping data generated from the aforementioned tools. Next, we will compare and contrast it with the output of multiple breach reports and databases, and extract trends that may be important in helping us reduce the number of breaches in the future. The corpus of this research is from over 30,000,000 vulnerabilities analyzed from the past 12 months, generated from across some of  the largest corporations in the world.

BIOS:

Michael is responsible for building out Risk I/O's predictive analytics functionality. He formerly worked in fraud detection in the finance industry, and holds an MS in Operations Research from Georgia Tech. In his spare time he tinkers on everything from bikes to speakers to cars, and works on his pet project: outfitting food trucks with GPS.

Ed is the CoFounder of Risk I/O a vulnerability intelligence Software as a Service that centralizes, correlates and automates the entire stack of security vulnerabilities and remediation workflow. Ed has over 20 years of experience in information security and technology. He is a frequent speaker at information security events across North America and Europe. Additionally, Ed is a contributing author to the book Beautiful Security by O'Reilly and a blogger on CSO Online.

Back to BSides Las Vegas 2013 video list