May 17, 2016
Interesting few days to share and discuss national healthcare (NH) and aviation (A) security topics and challenges at the happiest place on earth here at Walt Disney World. Attendance continues to grow for many good reasons, here are some highlights:
Password Logins: The keynote from Alex Stamos, CSO Facebook, noted they should be dead, authentication should be based on risk profiles using multi-factor methods. Facebook tracks more than 80 attributes for logins knowing re-cycled mobile devices and outdated operating systems create a very high risk or even compromised endpoint. This idea was further supported by Aetna presenting their use of risk-based scoring with multi-factor authentication methods based on user behavior analytics.
Big Data and Machine Learning: Likely to be the most overused marketing terms of 2016, the underlying points of human efforts trying to keep pace with growing security data, hybrid environments of on-premises and cloud, and security concerns reaching beyond employees to business partners and customers are real. Per the keynote address, having a big data lake and leveraging machine learning models is part of the answer.
Real-time Inline Security: While in use with known scale limitations, the keynote address about Security@Scale had a participant stand up to show the 6 and 1/2 feet light travels on 100Gbps traffic between packets, equating to 6.5 nanoseconds to analyze content. Point being increasing network speeds are limiting inline security analysis as it moves to big data lakes and machine learning models.
Identity Access Risks: Education about identity as a threat plane continues to build with excess access risks, access outliers and shared privilege accounts being recognized. Given account compromise and misuse are at the core of modern threats, having a poorly managed identity access plane exposes excess attack surface area for phishing and social threats. IAM is cool (really!?) by leveraging machine learning defined intelligent roles, risk-based access and dynamic access provisioning to radically reduce the access surface area.
Insider Threats: This topic drives at the limitations of security rules, patterns and signatures to detect unknown unknowns like insider threats. Attendees had strong interest in predictive security analytics, how risk scores are determined, the basics of behavior machine learning models and use cases beyond detecting just insiders. These conversations quickly lead into data sources, data quality and cleanliness and critical success factors.
In summary, compared to the fall 2015 event, interest has increased several factors around big data lakes, machine learning models, identity access risks and user behavior analytics for hybrid environments of on-premises and cloud apps. From the happiest place on earth, the fun is just about to begin!
(Image: Tom Clare, VP Gurucul, presents on Identity as a Threat Plane at NH/A-ISAC)