Mirror Chess - Why Mature, Predictable Security Is a Disaster

Explore the dangers of predictable security measures in this 40-minute RSA Conference talk. Discover how adversaries can exploit patterns in "next-gen" machine learning techniques and mature organizations' security playbooks. Learn about the "Mirror Chess Problem" and its three variations, including ransomware for misdirection. Examine the traditional investment pyramid and leaky abstractions in security. Understand how attackers manipulate defenders' time and resources, and exploit asymmetries in innovation rates. Delve into weaknesses inherent to machine learning, including complications with traditional countermeasures and policy-driven systems. Investigate the future of security, focusing on incident response challenges and strategies for risk reduction. Gain insights on applying established risk doctrines to create more unpredictable and effective security measures for mature organizations.

Intro
The Mirror Chess Problem
The Three Mirror Chess Problems
Ransomware for Misdirection (and Profit)
Traditional Investment Pyramid
Leaky Abstraction
Adversaries can determine how security teams spend their time
Adversaries get defenders to do their dirty work for them
Migrations
Asymmetry in Rate of Innovation
Weaknesses Inherent to Machine Learning
The Basic Complications
Traditional countermeasures can be ignored
Noise to signal ratio
Behavior Changes, Invalidating Patterns
Policy-driven systems become counterproductive with scale
Machine Learning as Building Block for Next Gen Sec
The Next Generation
What good looks like - E.g. the incident Response Challenge
Strategies for Risk Reduction
How to apply
Established Doctrine of Risks