Real Time Vulnerability Alerting by Using Principles from the United States Tsunami Warning Center

Explore real-time vulnerability alerting techniques inspired by the United States Tsunami Warning Center in this 47-minute conference talk from BSidesSF 2020. Learn how to leverage public data and apply data analytics principles to combat vulnerability fatigue and focus on highly critical security issues. Discover the parallels between tsunami warning systems and cyber attack prevention as Amol Sarwate guides you through data collection, classification, and prioritization methods. Gain insights into effective vulnerability management strategies, including comparisons between CVSS scores and custom alert systems over various time periods. Examine practical examples and case studies that demonstrate the effectiveness of this approach in cutting through the noise of constant security alerts. Conclude with a look at future developments in this field and how to implement these techniques in your own security practices.

Intro
Outline
Tsunami Facts
Deep Ocean Assessment and Reporting
Data Analytics
Can principles from Tsunami warning system applied for cyber attacks?
Data Collection
Technology
First Month Report
Vulnerability Details
5 days later
Need for easy classification
First month classification
First month prioritization: CVSS vs Alerts
Six month prioritization: CVSS vs Alerts
One year data
One year prioritization: CVSS vs Alerts
All data
Future work