Last week I was in Berlin attending the Cloud Security Alliance (CSA) Congress EMEA 2015, where I had the opportunity to meet some very interesting security specialists in visualization, cloud, telecom and networking sectors.
My full notes are a bit too long for the post but you are welcome to download the CSA Congress EMEA Notes in PDF format.
“If you put software on a donkey, you can hack the donkey
“Attesting to software security is the same as attesting that you won’t die in the next five years
“Secure by Design” — This statement is designed to silence people who want real answers. Vendors don’t want you to know that they have no bulletproof solution to the security problem.
DDoS attacks are on the rise and are now starting to be seen as a smokescreen for the “real” or “secondary” attack and ultimate exfiltration of data.
Can’t tell difference between APT (advanced persistent threat) i.e., Government or State vs an individual hacker — they all use the same tactics —
Time from Theft of data to Monetization is very short — days, rather than months
People matter during response to a threat. You can automate most of the things about security, but not during the response phase — you can’t outsource decision making, how to respond, or what you should do next. During security response there is a change in who is in charge — from technology to –> people.
Software Defined Perimeter and Single Packet Authorization – aims to be able to withstand at least 1 TB traffic and significantly blacken the server (server does not respond at all — zero scanning footprint)
IPfication of devices — “the most profound technologies are those that disappear” — zero-gateway architecture
It was a real treat rubbing shoulders with researchers in a place responsible for many breakthroughs over the years — Fraunhofer FOKUS
CSA Working Group and Research Workshops (at Fraunhofer FOKUS)