BSides SF Security Mendoza Line

Hitting Above The Security Mendoza LineEd Bellis, CEO Risk I/O

Nice To Meet YouCoFounder Risk I/O

About Me

About Risk I/O

Former CISO Orbitz

Contributing Author Beautiful Security

CSO Magazine/Online Writer

Data-Driven Vulnerability Intelligence Platform

DataWeek 2012 Top Security Innovator

3 Startups to Watch - Information Week

InfoSec Island Blogger

16 Hot Startups - eWeek

About Mario

Played for Pirates, Rangers & Mariners

Played MLB for 9 Seasons

Lifetime Batting Avg: .214, 4HR, 101 RBI

Failed to bat .200 5 times

The Security Mendoza Line

Alex Hutton came up with original concept of the Security Mendoza Line

http://riskmanagementinsight.com/riskanalysis/?p=294

Wouldn’t it be nice if we had something that helped us divide who we considered “Amateur” and who we considered “Professional”?

Enter The Security Mendoza Line



Josh Corman expands

HD Moore’s Law

the Security Mendoza Line

“Compute power grows at the rate of doubling about every 2 years”

“Casual attacker power grows at the rate of Metasploit”

http://blog.cognitivedissidents.com/2011/11/01/intro-to-hdmoores-law/





A Difficult Task

ExploitDB > 18K Exploits

0

500

1000

1500

2000

2010 2012

Exploit Development

MSF Modules

Nearly 2K MSF Exploitsin first 9 months!

17.8% Known Exploits

Release Early Release Often

Point Click Pwn

A Data Driven Approach

Out Scripting the Kiddies

Fighting Automation with Automation

Netflix/SimianArmy

Context Matters

Attack Path data analysis

Context Matters

Wait just a minute...

http://vorobeychik.com/2012/ssgames.pdf

Computing Optimal Security Strategies for Interdependent Assets

Game Theory: Smart Data>Big Datahttp://blog.risk.io/2013/02/playing-around-with-game-theory/



http://blog.risk.io/2013/02/playing-around-with-game-theory/

http://blog.risk.io/2013/02/playing-around-with-game-theory/

Context Matters

Mitigating Controls

Firewalls / ACLs

IPS

WAF

MFA

Other

Context Matters

Honeypot, WAF & IDS datalogs! logs! logs!

Measuring Likelihood

My(vuln posture X other threat activity) / (other

vuln posture X other threat activity)

Broader Context

Targets of Opportunity?

Beyond Info SharingModel Sharing

CVE Trending Analysis

A Quick Side Note

Gunnar’s Debt Clock

Q & A

follow us

http://blog.risk.io/

http://www.honeyapps.com/signuphttp://www.honeyapps.com/signup

@riskio

@ebellis

the blog

twitter

And one more thing....

We’re Hiring! https://www.risk.io/jobs

http://www.honeyapps.com/signup







https://www.risk.io/jobs

https://www.risk.io/jobs

Date post:	02-Jul-2015
Category:	Technology
Upload:	ed-bellis
View:	2,215 times
Download:	0 times

BSides SF Security Mendoza Line

Technology