Arbor Networks: Security to the Core

Well, I’m in the Red Carpet Club at LAX, just landed from SYD, after a trip there from Gold Coast, Australia and the AusCERT 2008 conference. This was my first AusCERT meeting, and I was there as an invited speaker, and found that the conference organizers did a great job. I quite enjoyed the conference as the content was generally very good, and I recognized a lot more faces there than I’d expected.

A couple interesting takeaways I figured I’d share from a few of the talks.

Brian Snow’s (Former Technical Director for NSA’s Information Assurance Directorate) talk on Assurance was pretty good. There were some leaps to be made from an open market to where he figures things should be, but given that he was there with a “Security Evangelist” title, his guidance was pretty much spot on. He provided a quote from Robert Morris Sr. to support one of his arguments, I thought it quite clever: “Systems built without requirements can’t fail, they merely offer surprises. Usually Unpleasant. –Robert Morris”. He also shared the observation about the one-word synopsis for computers and security: computer::sharing && security::isolation, there’s indeed a bit of irony in this.

John Stewart (Cisco CSO) gave a Keynote as well. He talked about how Cisco (and the industry) doesn’t just use information systems, we rely on them. He commented that when asked internally about business continuity plans and what to do when the order processing system goes down, his response was “wait until it comes back up — we wouldn’t even know where to start with doing it manually”. How true this is in today’s networked environments. One keen observation he shared was that in the world of information security, “we have to be right every single time – our adversary only has to be right once!”

John also mentioned how two years back ZDnet Australia ran an article detailing how he said Cisco customers have a “network hygiene problem”. He obviously didn’t mean this in any derogatory manner, but it seemed to cause a bit of a fuss. Well, apparently, he’s done it again. Quoted by, you guessed it, ZDNet Australia as saying that AV “is completely wasted money”. Specifically:

If patching and antivirus is where I spend my money, and I’m still getting infected and I still have to clean up computers and I still need to reload them and still have to recover the user’s data and I still have to reinstall it, the entire cost equation of that is a waste. It’s completely wasted money,” Stewart told delegates.

I pretty much agree completely with Stewart’s position as he presented it, but the context presented in the article isn’t quite what I took away. His talk about entirely about layered security, trying to prevent threats rather than simply mitigate, educate users AND hold them accountable for their actions, and he really didn’t mince words when talking about the current reactive model most AV and security operations folks employ today.

Many other talks were good as well, including Bill Cheswick’s “Rethinking Passwords”. During one of the opening sessions the conference staff seemed to be responding to criticism from somewhere regarding all the “imported” speakers at the conference, and noted that there were lots of local folks presenting as well.  I’d support their position, there were indeed a number of quite clueful local folks that presented, and the only reason they’ve got the “imported” talent is that the conference attracts quality presenters from everywhere, something they should be proud of.  Besides that, IMO, there’s little difference between ’1s & 0s’ in Australia and ’1s & 0s’ elsewhere :-)

My time was a little short, but I think I managed to throw enough spaghetti at the wall that hopefully something stuck somewhere…  If you get a chance to attend an AusCERT conference, as a speaker or an attendee, I’d highly recommend it.

Ohh, BTW, Gold Coast and Surfer’s Paradise is nice as well – what little I saw of it :-)

This entry was posted on Thursday, May 22nd, 2008 at 3:18 pm and is filed under Arbor Networks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.