HOME

ABOUT STC

CONFERENCE ORGANIZATION

PRESENTER INFORMATION

KEYNOTES

TUTORIALS

EXHIBITORS AND SUPPORTERS

SCHEDULE

REGISTRATION

TRAVEL & LODGING

CONTACT US

PROCEEDINGS

IEEE STC Facebook Page IEEE STC Facebook Page


Abstract Details

<< Back to Schedule

10/14/2015  |   10:45 AM - 11:30 AM   |  Pacific I

Taking Apart Industry Jargon and Getting to the Root of Cybersecurity

Information security continues to be a huge topic of discussion both within the technology industry and among the greater public. This is primarily due to many recent high-profile attacks that have succeeded in compromising well-funded enterprises and government organizations around the world. Unfortunately, according to most reports, the increasing awareness has not led to a proportional increase in protection for corporations that need it now more than ever. With so many vendors offering sophisticated solutions, cyber security should be better than ever. In this talk, we'll reflect on over two decades of real world experience and expose the biggest reasons why true security is not as easy to achieve as it would seem. The major points we'll cover are: 1. Industry jargon is overwhelming and confusing a. Every year there are changes to both sides of the security landscape. This can be because hackers gain new techniques or tools to exploit vulnerabilities. It can also be because security companies are coming up with creative new ways of detecting and stopping threats. b. Packet Filter Firewalls, Stateful Firewalls, Next Generation Firewalls, Unified Threat Management, Unified Security Management, Signature-based Gateway Antivirus, Analytics-based Malware Scanning, Behavioral Sandboxing, Proxies, Application Gateways, Intrusion Prevention Systems, Content Filtering, and Application Control. These are just a few of the terms that can describe an in-line network device that is capable of performing various levels of security functions. Vendors often have their own proprietary twist on these technologies with a different name to demonstrate a competitive advantage. c. We have to do a better job describing what these technologies do, what feature or product they replace or improve upon, and why they are better than the old product. If the functionality is worth the money, there is no need to obfuscate the truth. 2. The excellent security solution that just doesn't fit the environment a. Many products are developed and tested in a relatively rigid way when compared to the limitless variations of the real world. Fortunately the development networks and QA labs will be built to simulate the most popular real-world environments – such as Microsoft operating systems or Cisco networking equipment. They likely also are tested against the second or third more common types of environments, but you will have to hunt a bit harder to find the same features for your Apple servers, Linux laptops, or ZyXEL routers. 3. Neglect of planning, deployment, and maintenance a. This all brings us back to the key differentiator in today’s marketplace. It does no good to research and pay for the top-of-the-line product with all the bells and whistles if you don’t implement and maintain it correctly. We will provide examples of customers who have done just this only to be disappointed with the product and face a long uphill battle to get the functionality they are paying for. The talk will conclude with tips on how to move forward and avoid these issues.

Presentation:
This presentation has not yet been uploaded.

Handouts:
No handouts have been uploaded.

John Kurdziel (Primary Presenter,Author,Co-Author), Silo Security, jkurdziel@silosecurity.com;
After attending UC San Diego, John caught the IT bug in 2000 and worked for several San Diego based software and technology companies including Cricket Communications and DR Systems. In 2008, he joined Websense where he was the lead technical trainer for their worldwide support organization. With Websense, John was instrumental in bringing up new offices in India and moving the company's headquarters to Austin, TX. In 2015, he helped found consulting firm Silo Security. Silo specializes in adding lasting value through a knowledge-based systematic approach to information security.

Ben Collar (Co-Author), Silo Security, bcollar@silosecurity.com;
After studying at Eastern Michigan, Ben began his IT Security career in 2007 working with Barracuda Networks in Ann Arbor Michigan. He then gained broader experience working as a consultant in lower Manhattan in New York City with a focus on the Financial Industry. In 2011 he joined Websense where he led a team of IT Security Support Specialist with a focus on Email Security. In 2015, he helped found consulting firm Silo Security. Silo specializes in adding lasting value through a knowledge-based systematic approach to information security.

2013 Sponsors: IEEE and IEEE Computer Society

This site and all contents (unless otherwise noted) are Copyright ©2013 IEEE. All rights reserved.