Infosec threat evolution

Paul Kehrer & lvh

Introduction

Who are we?

  • Principal Engineers
  • Infosec & crypto
  • paul.kehrer@rackspace.com
  • lvh@rackspace.com

Rackspace

Sorry, your browser does not support SVG.

What's going on?

Attacks are evolving

  • More attacks
  • More advanced
  • More visible

APT

Advanced Persistent Threat

  • Human-driven
  • Reactive and ongoing
  • Targeted

Why are attacks more prevalent?

More information

  • More services, lots of data
  • Huge success of cloud computing
  • PII, customer data, IP…

Attacks have evolved

  • State-level funding
  • Robust exploit market
  • Market specialization
  • Revenue > cost, low risk

The security poverty line

  • Most organizations can't afford security
  • Lack of specialized talent
  • Tons of vendors (RSA Conference?)
    • Examining options is a full-time job

Increasing cost of defense

  • Effective monitoring is 24x7x365
  • n analyst salaries, equipment, licenses

TL;DR

  • SME's don't have the resources
  • All companies have better things to do
  • Tools are less accessible

How are we helping?

Current open source

Rackspace created/sponsored:

  • PyCA (Python Cryptographic Authority)
  • pip TLS improvements
  • Python stdlib TLS improvements

Great, but not enough

Doesn't help if:

  • your box is rooted,
  • your auth scheme is full of holes,
  • your TLS configuration is broken,

 

RMSLogoWithTextmarkLight.png

Mission

Customer-facing security services

Current services

  • Managed security
  • Compliance assistance

Managed security

Security-as-a-service

Backed by 24 x 7 x 365 CSOC

CSOC

Customer Security Operations Center

3 x 8 security analysts, 24 x 7 x 365

Analytics platform

Benefit of hosting provider scale:

  • Correlate across customers
  • Lots of internal network data

Compliance assistance

PCI-DSS, HIPPA, …

Compliance

  • Compliance as a consequence of security
  • Not "teach the test" compliance
  • Largely possible because specs are saner

Thank you!

Questions?