Removing the Snake Oil From Your Security Program

Explore a comprehensive security conference talk that delves into removing ineffective elements from security programs. Learn why attacks continue to succeed, understand the lifecycle of attacks, and gain insights into network security and monitoring. Examine the limitations of firewalls, IPS failures, and the challenges of internal traffic visibility. Discover the importance of patch management, standardization, and the pitfalls of security information management (SIM) products. Investigate endpoint protection strategies, breach prevention, and the impact of tools like Cobalt Strike. Engage with discussions on replacing outdated solutions, balancing security measures, whitelisting, and implementing quarantine and isolation techniques. Acquire practical knowledge on leveraging existing abilities, identifying pain points, setting goals, and achieving high coverage in your security program.

Introduction
Anthony Blakemore
Agenda
Background
Why do attacks keep working
Life cycle of attacks
Network security and monitoring
Firewalls
Visibility
Why IPS fail
Internal traffic
LightCyber
Cold
Patch Management
Standardization
Standardize
Legacy Systems
Sim Products
Commitment to Sim
Sim Failures
Stealth Bits
Endpoint Protection
Breaches
Silence
Cobalt Strike
Wrapup
Questions
When are you going to replace these solutions
Is there a balance
Whitelisting
The Middle of the Road
Patching
Quarantine
Isolation
Solutions
Other Protections
Use Abilities
Find the Pain Point
Set Goals
High Coverage