Artwork

A tartalmat a Black Hat and Jeff Moss biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Black Hat and Jeff Moss vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
Player FM - Podcast alkalmazás
Lépjen offline állapotba az Player FM alkalmazással!

Gerhard Eschelbeck: The Laws of Vulnerabilities (English)

1:22:25
 
Megosztás
 

Manage episode 155121161 series 1146743
A tartalmat a Black Hat and Jeff Moss biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Black Hat and Jeff Moss vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, answers to these questions are often hard to find and risk rating is even more difficult. As part of ongoing research, Gerhard Eschelbeck of Qualys, Inc. has been gathering statistical vulnerability information for more than two years. Those vulnerabilities have been identified in the real world across hundreds of thousands of systems and networks. This data is not identifiable to individual users or systems. However, it provides significant statistical data for research and analysis, which enabled Gerhard to define the Laws of Vulnerabilities. The Laws of Vulnerabilities is derived from vulnerability data gathered during the past 30 months from over five million scans of individual systems from global organizations. During this timeframe a collective amount of more than three million vulnerabilities - reflecting multiple levels of severity and prevalence - has been identified. Furthermore, the responses to external events (i.e. availability of an exploit or worm taking advantage of a vulnerability) have been studied providing valuable lessons for attendees on how to protect networks and systems from evolving threats. Gerhard Eschelbeck is a respected CTO, researcher and author in the network security field. He published the now well-known ""Laws of Vulnerabilities,"" the industry's first research derived from a statistical analysis of millions of critical vulnerabilities collected across thousands of networks over a multi-year period. Eschelbeck presented his findings before Congress at the hearing on ""Worm and Virus Defense: How Can We Protect Our Nation's Computers from These Serious Threats?"" His research has been featured at major security conferences including Black Hat, CSI, and RSA and in numerous media outlets, including The Wall Street Journal, The Economist and others. Gerhard was named one of Infoworld's 25 Most Influential CTO's in 2003 and 2004 and is a significant contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Prior to joining Qualys, Eschelbeck was Senior VP of Engineering for security products at Network Associates, VP of Engineering of anti-virus products at McAfee Associates, and Founder of IDS GmbH, a secure remote control company acquired by McAfee. Earlier, he was a research scientist at the University of Linz, Austria, where he earned Masters and Ph.D. degrees in computer science and where he still teaches regularly in the field of network security. Eschelbeck has authored several papers on active security, automating security management, and multi-tier IDS. He is an inventor of numerous patents in the field of managed network security."
  continue reading

22 epizódok

Artwork
iconMegosztás
 
Manage episode 155121161 series 1146743
A tartalmat a Black Hat and Jeff Moss biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Black Hat and Jeff Moss vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.
"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, answers to these questions are often hard to find and risk rating is even more difficult. As part of ongoing research, Gerhard Eschelbeck of Qualys, Inc. has been gathering statistical vulnerability information for more than two years. Those vulnerabilities have been identified in the real world across hundreds of thousands of systems and networks. This data is not identifiable to individual users or systems. However, it provides significant statistical data for research and analysis, which enabled Gerhard to define the Laws of Vulnerabilities. The Laws of Vulnerabilities is derived from vulnerability data gathered during the past 30 months from over five million scans of individual systems from global organizations. During this timeframe a collective amount of more than three million vulnerabilities - reflecting multiple levels of severity and prevalence - has been identified. Furthermore, the responses to external events (i.e. availability of an exploit or worm taking advantage of a vulnerability) have been studied providing valuable lessons for attendees on how to protect networks and systems from evolving threats. Gerhard Eschelbeck is a respected CTO, researcher and author in the network security field. He published the now well-known ""Laws of Vulnerabilities,"" the industry's first research derived from a statistical analysis of millions of critical vulnerabilities collected across thousands of networks over a multi-year period. Eschelbeck presented his findings before Congress at the hearing on ""Worm and Virus Defense: How Can We Protect Our Nation's Computers from These Serious Threats?"" His research has been featured at major security conferences including Black Hat, CSI, and RSA and in numerous media outlets, including The Wall Street Journal, The Economist and others. Gerhard was named one of Infoworld's 25 Most Influential CTO's in 2003 and 2004 and is a significant contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Prior to joining Qualys, Eschelbeck was Senior VP of Engineering for security products at Network Associates, VP of Engineering of anti-virus products at McAfee Associates, and Founder of IDS GmbH, a secure remote control company acquired by McAfee. Earlier, he was a research scientist at the University of Linz, Austria, where he earned Masters and Ph.D. degrees in computer science and where he still teaches regularly in the field of network security. Eschelbeck has authored several papers on active security, automating security management, and multi-tier IDS. He is an inventor of numerous patents in the field of managed network security."
  continue reading

22 epizódok

Все серии

×
 
Loading …

Üdvözlünk a Player FM-nél!

A Player FM lejátszó az internetet böngészi a kiváló minőségű podcastok után, hogy ön élvezhesse azokat. Ez a legjobb podcast-alkalmazás, Androidon, iPhone-on és a weben is működik. Jelentkezzen be az feliratkozások szinkronizálásához az eszközök között.

 

Gyors referencia kézikönyv