Artwork

Contenu fourni par Black Hat and Jeff Moss. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Black Hat and Jeff Moss ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Player FM - Application Podcast
Mettez-vous hors ligne avec l'application Player FM !

Gerhard Eschelbeck: The Laws of Vulnerabilities (English)

1:22:25
 
Partager
 

Manage episode 155121161 series 1146743
Contenu fourni par Black Hat and Jeff Moss. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Black Hat and Jeff Moss ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, answers to these questions are often hard to find and risk rating is even more difficult. As part of ongoing research, Gerhard Eschelbeck of Qualys, Inc. has been gathering statistical vulnerability information for more than two years. Those vulnerabilities have been identified in the real world across hundreds of thousands of systems and networks. This data is not identifiable to individual users or systems. However, it provides significant statistical data for research and analysis, which enabled Gerhard to define the Laws of Vulnerabilities. The Laws of Vulnerabilities is derived from vulnerability data gathered during the past 30 months from over five million scans of individual systems from global organizations. During this timeframe a collective amount of more than three million vulnerabilities - reflecting multiple levels of severity and prevalence - has been identified. Furthermore, the responses to external events (i.e. availability of an exploit or worm taking advantage of a vulnerability) have been studied providing valuable lessons for attendees on how to protect networks and systems from evolving threats. Gerhard Eschelbeck is a respected CTO, researcher and author in the network security field. He published the now well-known ""Laws of Vulnerabilities,"" the industry's first research derived from a statistical analysis of millions of critical vulnerabilities collected across thousands of networks over a multi-year period. Eschelbeck presented his findings before Congress at the hearing on ""Worm and Virus Defense: How Can We Protect Our Nation's Computers from These Serious Threats?"" His research has been featured at major security conferences including Black Hat, CSI, and RSA and in numerous media outlets, including The Wall Street Journal, The Economist and others. Gerhard was named one of Infoworld's 25 Most Influential CTO's in 2003 and 2004 and is a significant contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Prior to joining Qualys, Eschelbeck was Senior VP of Engineering for security products at Network Associates, VP of Engineering of anti-virus products at McAfee Associates, and Founder of IDS GmbH, a secure remote control company acquired by McAfee. Earlier, he was a research scientist at the University of Linz, Austria, where he earned Masters and Ph.D. degrees in computer science and where he still teaches regularly in the field of network security. Eschelbeck has authored several papers on active security, automating security management, and multi-tier IDS. He is an inventor of numerous patents in the field of managed network security."
  continue reading

22 episodes

Artwork
iconPartager
 
Manage episode 155121161 series 1146743
Contenu fourni par Black Hat and Jeff Moss. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Black Hat and Jeff Moss ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
"New vulnerabilities to networks are discovered and published on a daily base. With each such announcement, the same questions arise. How significant is this vulnerability? How prevalent is this vulnerability? How easy is this vulnerability to exploit? Are any of my systems affected by this vulnerability? Due to lack of global vulnerability data, answers to these questions are often hard to find and risk rating is even more difficult. As part of ongoing research, Gerhard Eschelbeck of Qualys, Inc. has been gathering statistical vulnerability information for more than two years. Those vulnerabilities have been identified in the real world across hundreds of thousands of systems and networks. This data is not identifiable to individual users or systems. However, it provides significant statistical data for research and analysis, which enabled Gerhard to define the Laws of Vulnerabilities. The Laws of Vulnerabilities is derived from vulnerability data gathered during the past 30 months from over five million scans of individual systems from global organizations. During this timeframe a collective amount of more than three million vulnerabilities - reflecting multiple levels of severity and prevalence - has been identified. Furthermore, the responses to external events (i.e. availability of an exploit or worm taking advantage of a vulnerability) have been studied providing valuable lessons for attendees on how to protect networks and systems from evolving threats. Gerhard Eschelbeck is a respected CTO, researcher and author in the network security field. He published the now well-known ""Laws of Vulnerabilities,"" the industry's first research derived from a statistical analysis of millions of critical vulnerabilities collected across thousands of networks over a multi-year period. Eschelbeck presented his findings before Congress at the hearing on ""Worm and Virus Defense: How Can We Protect Our Nation's Computers from These Serious Threats?"" His research has been featured at major security conferences including Black Hat, CSI, and RSA and in numerous media outlets, including The Wall Street Journal, The Economist and others. Gerhard was named one of Infoworld's 25 Most Influential CTO's in 2003 and 2004 and is a significant contributor to the SANS Top 20 expert consensus identifying the most critical security vulnerabilities. Prior to joining Qualys, Eschelbeck was Senior VP of Engineering for security products at Network Associates, VP of Engineering of anti-virus products at McAfee Associates, and Founder of IDS GmbH, a secure remote control company acquired by McAfee. Earlier, he was a research scientist at the University of Linz, Austria, where he earned Masters and Ph.D. degrees in computer science and where he still teaches regularly in the field of network security. Eschelbeck has authored several papers on active security, automating security management, and multi-tier IDS. He is an inventor of numerous patents in the field of managed network security."
  continue reading

22 episodes

所有剧集

×
 
Loading …

Bienvenue sur Lecteur FM!

Lecteur FM recherche sur Internet des podcasts de haute qualité que vous pourrez apprécier dès maintenant. C'est la meilleure application de podcast et fonctionne sur Android, iPhone et le Web. Inscrivez-vous pour synchroniser les abonnements sur tous les appareils.

 

Guide de référence rapide