Download
amber n.
Skip this Video
Loading SlideShow in 5 Seconds..
Amber PowerPoint Presentation

Amber

177 Vues Download Presentation
Télécharger la présentation

Amber

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Amber - A technical implementation of a hybrid security model -

  2. “Someone can’t make it?! Of course I’m ready!

  3. Amber - A technical implementation of a hybrid security model -

  4. Disclaimer I like my job and it is also the only one that I have, so I would like to to keep it. With that in mind, the views and claims (no matter how plausible) are my own and do not reflect the view or opinions of my employer. Even though the presentation is rate A or Awesome (and All ages) I will probably swear because that is how I talk. If that bothers you then I am sorry, and please feel free to leave the room now. Give hugs not drugs, and eat your veggies

  5. About Me (the past) Ex Musician Re-rolled Bcom Econometrics (at here!) Investment Banker (…and you think we have an immoral industry) 2008 Fin Crash! Took an arrow to the knee Re-rolled sysadmin, and slipped into Infosec

  6. About Me (the present) Husband ISO for FNB Wealth / RMB Private Clients (Blue Team Bias) Working towards Msc in infosec… … and hopefully PhD after that (for the lulz) … and because research is the most fun you can have by yourself

  7. About Me (contacts) Email: adam@closehelm.com Website: www.usintrust.com Twitter: @usintrust Channel: Archaeon in #zacon

  8. Our Path The Tool Box Dissembled History Applying new things AMBER! 0day (get excited) Bonus finding

  9. Antivirus If I know who you are, then we already have problems

  10. IPS Don’t you worry. I’ve seen it all

  11. Decision through Detection (DtD) Decisions are driven by detecting known malicious ‘things’

  12. Honeypots Unused space has never been this useful

  13. Decision through Presence (DtP) Decisions are driven by the presence of ‘things’

  14. DtD and DtP

  15. Open relay Honeypots

  16. Your doing it wrong

  17. DtD and DtP

  18. DtDCost Analysis; Discovery Phase Cost of Detection = (TCoR/n) + (DC * n)

  19. DtDCost Analysis; Action Phase Cost of Action = n * FPRate

  20. DtDmakes this possible: $2 Billion in revenue 7,000 Employees

  21. DtD’s Action phase is cheap and extremely effective. It is the Tony Montana of security models – it leans entirely on the Discovery phase, and executes the outcomes

  22. DtP Cost Analysis; Discovery Phase Cost of Presence = if i

  23. DtP Cost Analysis; Action Phase Cost of Action = ((i * threshold) * RCperi) * n

  24. DtP’s Discovery phase is basically free, instantly classifying information as non-productive. It is The Mentalist of the security model world

  25. Amber

  26. Amber Distributed Nodes

  27. ZA-amber Node

  28. US-amber Node

  29. DE-amber Node

  30. Here comes the 0day!

  31. Summary There is no Magic Quadrant or compliance tick box for this sort of security control. There is no stick that made us implement it. There is only the carrot of improved security Chase the Carrot