Artwork

İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !

Gerhard Eschelbeck: The Laws of Vulnerabilities (English)

1:22:25
 
Paylaş
 

Manage episode 155121161 series 1146743
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, answers to these questions are often hard to find and risk rating is even more difficult. As part of ongoing research, Gerhard Eschelbeck of Qualys, Inc. has been gathering statistical vulnerability information for more than two years. Those vulnerabilities have been identified in the real world across hundreds of thousands of systems and networks. This data is not identifiable to individual users or systems. However, it provides significant statistical data for research and analysis, which enabled Gerhard to define the Laws of Vulnerabilities. The Laws of Vulnerabilities is derived from vulnerability data gathered during the past 30 months from over five million scans of individual systems from global organizations. During this timeframe a collective amount of more than three million vulnerabilities - reflecting multiple levels of severity and prevalence - has been identified. Furthermore, the responses to external events (i.e. availability of an exploit or worm taking advantage of a vulnerability) have been studied providing valuable lessons for attendees on how to protect networks and systems from evolving threats. Gerhard Eschelbeck is a respected CTO, researcher and author in the network security field. He published the now well-known ""Laws of Vulnerabilities,"" the industry's first research derived from a statistical analysis of millions of critical vulnerabilities collected across thousands of networks over a multi-year period. Eschelbeck presented his findings before Congress at the hearing on ""Worm and Virus Defense: How Can We Protect Our Nation's Computers from These Serious Threats?"" His research has been featured at major security conferences including Black Hat, CSI, and RSA and in numerous media outlets, including The Wall Street Journal, The Economist and others. Gerhard was named one of Infoworld's 25 Most Influential CTO's in 2003 and 2004 and is a significant contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Prior to joining Qualys, Eschelbeck was Senior VP of Engineering for security products at Network Associates, VP of Engineering of anti-virus products at McAfee Associates, and Founder of IDS GmbH, a secure remote control company acquired by McAfee. Earlier, he was a research scientist at the University of Linz, Austria, where he earned Masters and Ph.D. degrees in computer science and where he still teaches regularly in the field of network security. Eschelbeck has authored several papers on active security, automating security management, and multi-tier IDS. He is an inventor of numerous patents in the field of managed network security."
  continue reading

22 bölüm

Artwork
iconPaylaş
 
Manage episode 155121161 series 1146743
İçerik Black Hat and Jeff Moss tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan Black Hat and Jeff Moss veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, answers to these questions are often hard to find and risk rating is even more difficult. As part of ongoing research, Gerhard Eschelbeck of Qualys, Inc. has been gathering statistical vulnerability information for more than two years. Those vulnerabilities have been identified in the real world across hundreds of thousands of systems and networks. This data is not identifiable to individual users or systems. However, it provides significant statistical data for research and analysis, which enabled Gerhard to define the Laws of Vulnerabilities. The Laws of Vulnerabilities is derived from vulnerability data gathered during the past 30 months from over five million scans of individual systems from global organizations. During this timeframe a collective amount of more than three million vulnerabilities - reflecting multiple levels of severity and prevalence - has been identified. Furthermore, the responses to external events (i.e. availability of an exploit or worm taking advantage of a vulnerability) have been studied providing valuable lessons for attendees on how to protect networks and systems from evolving threats. Gerhard Eschelbeck is a respected CTO, researcher and author in the network security field. He published the now well-known ""Laws of Vulnerabilities,"" the industry's first research derived from a statistical analysis of millions of critical vulnerabilities collected across thousands of networks over a multi-year period. Eschelbeck presented his findings before Congress at the hearing on ""Worm and Virus Defense: How Can We Protect Our Nation's Computers from These Serious Threats?"" His research has been featured at major security conferences including Black Hat, CSI, and RSA and in numerous media outlets, including The Wall Street Journal, The Economist and others. Gerhard was named one of Infoworld's 25 Most Influential CTO's in 2003 and 2004 and is a significant contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Prior to joining Qualys, Eschelbeck was Senior VP of Engineering for security products at Network Associates, VP of Engineering of anti-virus products at McAfee Associates, and Founder of IDS GmbH, a secure remote control company acquired by McAfee. Earlier, he was a research scientist at the University of Linz, Austria, where he earned Masters and Ph.D. degrees in computer science and where he still teaches regularly in the field of network security. Eschelbeck has authored several papers on active security, automating security management, and multi-tier IDS. He is an inventor of numerous patents in the field of managed network security."
  continue reading

22 bölüm

Tüm bölümler

×
 
Loading …

Player FM'e Hoş Geldiniz!

Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.

 

Hızlı referans rehberi