OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
2 likes9,818 views
The document discusses the need for security experts to embrace data-driven approaches and visualization techniques to better defend against cyber threats. It outlines how security professionals evolved from curious explorers analyzing early malware samples to relying more on automation over time. Meanwhile, other industries successfully leveraged big data and visualization to solve major problems. The author argues security must return to its roots of curiosity-driven exploration through interactive 3D visualization of diverse security data sources to gain new insights and scale defenses against increasingly sophisticated attacks. Embracing these approaches could also help with security education and awareness efforts.
OpenDNS CTO Dan Hubbard VizSec 2014 Keynote Slides
- 1. VizSec 2014 Paris, France, November 2014 Dan Hubbard, CTO OpenDNS 1 CONFIDENTIAL
- 2. Security people have a legacy of being curious. 2 CONFIDENTIAL
- 3. 3 CONFIDENTIAL We pull things apart.
- 4. 4 CONFIDENTIAL we break them
- 5. 5 CONFIDENTIAL we explore
- 6. 6 CONFIDENTIAL we discover
- 7. 7 CONFIDENTIAL we defend.
- 8. 8 CONFIDENTIAL We are curious explorers.
- 9. Turns out curious explorers makes for good defenders. 9 CONFIDENTIAL
- 10. 10 CONFIDENTIAL Since the mid 80’s
- 11. 11 CONFIDENTIAL Yes, 30 years now
- 12. We have been defending through gaining knowledge (samples), exploring them (RCE), and creating vaccines (updates) . 12 CONFIDENTIAL
- 13. As the problem scaled we scaled with more curious explorers. 13 CONFIDENTIAL
- 14. 14 CONFIDENTIAL And more…
- 15. 15 CONFIDENTIAL And more…
- 16. 16 CONFIDENTIAL And more…
- 17. We got to a point where we could not hire enough defenders. 17 CONFIDENTIAL
- 18. 18 CONFIDENTIAL So, we automated.
- 19. Hashes, fingerprints, behavior analysis, sandboxing 19 CONFIDENTIAL
- 20. 20 CONFIDENTIAL Then signatures, heuristics, and anomalies.
- 21. 21 CONFIDENTIAL But we still could not scale!
- 22. And along the way we lost our curiosity and we stopped being explorers. 22 CONFIDENTIAL
- 23. Meanwhile other industries starting understanding the value of data. 23 CONFIDENTIAL
- 24. 24 CONFIDENTIAL And the value of large scale compute.
- 25. 25 CONFIDENTIAL The information age started
- 26. And we created a culture with an unlimited thirst for data. 26 CONFIDENTIAL
- 27. 27 CONFIDENTIAL Our appetite for data skyrocketed.
- 28. 28 CONFIDENTIAL And the “Big Data” movement started.
- 29. Big Data gave us the ability to absorb a massive amount of data and query it with meaningful results. 29 CONFIDENTIAL
- 30. 30 CONFIDENTIAL Data helped us solve BIG PROBLEMS.
- 31. 31 CONFIDENTIAL Creating cures for disease.
- 32. 32 CONFIDENTIAL Mapping critical genomes.
- 33. 33 CONFIDENTIAL Predicting natural disasters.
- 34. 34 CONFIDENTIAL The world became a lot different.
- 35. 35 CONFIDENTIAL Google, Facebook, Amazon, Twitter
- 37. Security made incremental attempts at better mousetraps. 37 CONFIDENTIAL
- 38. 38 CONFIDENTIAL Whitelisting, HIPS, Containerization.
- 39. 39 CONFIDENTIAL “Next Generation” this.
- 40. 40 CONFIDENTIAL “Cyber Defender” that.
- 41. 41 CONFIDENTIAL Bottom line…
- 42. 42 CONFIDENTIAL We lost pace with technology.
- 43. Which in turn, left us a long way behind in defending. 43 CONFIDENTIAL
- 44. And we suffer massive decreases in our efficacy. 44 CONFIDENTIAL
- 45. 45 CONFIDENTIAL So, lets get back to our roots.
- 46. 46 CONFIDENTIAL Embrace the Big Data movement.
- 47. 47 CONFIDENTIAL Innovate in Security Visualization.
- 48. And get back to being the curious explorers were are. 48 CONFIDENTIAL
- 49. 49 CONFIDENTIAL How ?
- 50. 50 CONFIDENTIAL To start you need some data to explore.
- 51. 51 CONFIDENTIAL More = better
- 52. 52 CONFIDENTIAL Diversity in data is important.
- 53. Don’t underestimate the ability to query that data! 53 CONFIDENTIAL
- 54. 54 CONFIDENTIAL Remove all data silos.
- 55. 55 CONFIDENTIAL API’s are critical.
- 56. 56 CONFIDENTIAL Science and Art come together.
- 57. 57 CONFIDENTIAL Security Visualization Today
- 58. We have made some progress in 2D Security Viz. 58 CONFIDENTIAL
- 60. Red October Infrastructure 60 CONFIDENTIAL
- 61. SEA: Twitter, Huffington Post, NY Times Hijack 61 CONFIDENTIAL
- 62. Moneypak 1 62 CONFIDENTIAL
- 63. Moneypak 2 63 CONFIDENTIAL
- 65. Customer Botnet Connections 65 CONFIDENTIAL
- 66. Clusters of Algorithmic Scores 66 CONFIDENTIAL
- 67. 67 CONFIDENTIAL Image are great because they tell a story.
- 68. 68 CONFIDENTIAL But its at best a short story.
- 69. 69 CONFIDENTIAL Its actually more like a magazine than a book
- 70. 70 CONFIDENTIAL Image sequences.
- 71. 71 CONFIDENTIAL
- 72. This is OK, but it limits our exploration capabilities. 72 CONFIDENTIAL
- 73. So we can add context to the visuals. 73 CONFIDENTIAL
- 74. 74 CONFIDENTIAL
- 75. 75 CONFIDENTIAL This is a LOT better than “flat” images.
- 76. 76 CONFIDENTIAL Helps tell a more complete story.
- 77. 77 CONFIDENTIAL But does not open up enough exploration.
- 78. And two dimensions limits the representation and exploration of the data. 78 CONFIDENTIAL
- 79. So, how can we REALLY explore the data in a meaningful way? 79 CONFIDENTIAL
- 80. We need to be able to interact and explore the data. 80 CONFIDENTIAL
- 81. 3D models and Interactive visualization allows us to do this. 81 CONFIDENTIAL
- 83. 83 CONFIDENTIAL These are best viewed in the keynote recording here: http://labs.opendns.com/2014/12/01/vizsec2014
- 84. Kelhios BotNet 84 CONFIDENTIAL
- 85. Kelhios BotNet Over Time 85 CONFIDENTIAL
- 86. Red October APT Infrastructure 86 CONFIDENTIAL
- 87. Customer BotNet Connection / Relationships 87 CONFIDENTIAL
- 88. Ukraine Networks 88 CONFIDENTIAL
- 89. Cryptolocker Co-occurrences 89 CONFIDENTIAL
- 90. 90 CONFIDENTIAL Lets Explore!
- 91. 91 CONFIDENTIAL Future Present.
- 92. 92 CONFIDENTIAL What if the interface was the visualization?
- 93. 93 CONFIDENTIAL What if the interface was the visualization?
- 94. Through the visualization you could manipulate the data. 94 CONFIDENTIAL
- 95. Assign Malware 95 CONFIDENTIAL
- 96. 96 CONFIDENTIAL Assign Malware
- 98. Viz. is also very good at two key areas in security. 98 CONFIDENTIAL
- 101. 101 CONFIDENTIAL People like art.
- 102. 102 CONFIDENTIAL All people are curious!
- 103. 103 CONFIDENTIAL OpenGraphiti Art
- 104. 104 CONFIDENTIAL
- 105. 105 CONFIDENTIAL
- 106. 106 CONFIDENTIAL
- 107. 107 CONFIDENTIAL OpenGraphiti Art Experiment
- 108. 108 CONFIDENTIAL
- 109. 109 CONFIDENTIAL
- 110. 110 CONFIDENTIAL
- 111. 111 CONFIDENTIAL
- 112. 112 CONFIDENTIAL
- 113. 113 CONFIDENTIAL
- 114. 114 CONFIDENTIAL
- 115. 115 CONFIDENTIAL
- 116. 116 CONFIDENTIAL
- 117. The art project was so popular we use it in marketing material. 117 CONFIDENTIAL
- 118. 118 CONFIDENTIAL And the images are talking points of interest.
- 119. 119 CONFIDENTIAL What’s next?
- 120. 120 CONFIDENTIAL People like new interfaces.
- 121. 121 CONFIDENTIAL Leap Motion
- 122. 122 CONFIDENTIAL Oculus Rift
- 123. 123 CONFIDENTIAL Predictive modeling with Viz.
- 124. 124 CONFIDENTIAL Pour conclure…
- 125. Security needs to get back into the forefront of innovation. 125 CONFIDENTIAL
- 126. 126 CONFIDENTIAL Embrace the Big Data movement.
- 127. And not just become leaders in Security Visualization 127 CONFIDENTIAL
- 128. But innovators in the entire visualization movement. 128 CONFIDENTIAL
- 129. 129 CONFIDENTIAL Merci Beaucoup Dan Hubbard dan @ opendns.com Opengraphiti.com Opendns.com