CISO Series Newsletter
Posts
10-03-19 - New, Shiny, Fast, and Completely Insecure

10-03-19 - New, Shiny, Fast, and Completely Insecure

New, Shiny, Fast, and Completely Insecure

October 03, 2019

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Securing the New Internet

Defense in Depth: Security the New Internet

On this episode of Defense in Depth:

Co-host Allan Alford and our guest Davi Ottenhimer, who is working at Inrupt, Inc with Tim Berners-Lee on reinventing the web. All three of us discussed:

Much of the advice on how to secure the Internet focused on just improving known protocols such as SMTP, IPv6, and TCP/IP. Is that limited thinking or not?
Creating a new Internet has a lot of political and socioeconomic issues connected to it so you have to consider both relative (changing existing protocols) or absolute updates (reinventing and trashing existing protocols).
One suggestion was dynamic port assignments which was an interesting tip, but it runs into the issue that at some point someone needs to know where you're communicating.
Future of identity is that it's not controlled by one entity. But the solution is not blockchain. That's essentially a spreadsheet of information and banking on a spreadsheet or blockchain would not be wise.
Another suggestion would be to create a data-centric approach to the Internet, but this would put a massive load on the endpoints.
One core philosophy of securing the new Internet is creating a system where each individual can own their own data, put rights on it to others to use it, rather than being beholden to the rights others give us to manage our own data.
Our favorite suggestion was about looking to biomimicry and our millions of years of evolution to help us build an Internet that could learn to evolve on its own. The issue is that history has given us tectonic shifts that come all at once and don't necessarily evolve gradually. Could a security system be built to adapt in that manner?

Special thanks to this week's Defense in Depth podcast sponsor, Castle.

Castle is helping businesses keep customers’ online accounts safe from targeted account takeovers, automated credential stuffing, and risky user transactions. Castle’s user centric approach to account security allows organizations to fully automate threat response and account recovery in real-time with risk-based authentication, granular access policies and custom workflows. Learn more at www.castle.io

Brian Vecci, field CTO, Varonis on the simplicity of ransomware

You can still jump into our AMA

Yesterday, Mike, Allan, and I all participated in our first AMA ("Ask Me Anything") on r/cybersecurity subreddit. We got dozens of questions and provided I believe useful answers.We're still answering questions so jump into the conversation. And if you're a heavy Reddit user, join our subreddit at r/cisoseries.

Matt Southworth, CISO, Priceline on the reality that you never have enough security staff

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.