DeepSec 2018 Talk: Left of Boom – Brian Contos
By Brian Contos, CISO of Verodin:
“The idea for my presentation “Left of Boom” was based on conversations I was having with some of my co-workers at Verodin. Many people on our team are former military and some served in Iraq and Afghanistan where they engaged in anti-IED (Improvised Explosive Device) missions. During these conversations I first heard the term, Left of Boom, and the more we discussed it, the more I found similarities with cybersecurity.
Left of Boom was made popular in 2007 in reference to the U.S. military combating improvised IED used by insurgents in Afghanistan and Iraq. The U.S. military spent billions of dollars developing technology and tactics to prevent and detect IEDs before detonation, with a goal of disrupting the bomb chain. This is an analog to cybersecurity as we strive to increase the incident prevention capabilities of our security tools and where we can’t prevent attacks, augment prevention with incident detection and response tools.
There is an urgent need for evidence in cybersecurity regarding the effectiveness of specific systems as well as the overall security systems of systems. Are my security tools preventing, detecting, logging, correlating, and alerting? Does the new configuration, patch, rule, or signature result in what was intended? Are systems that were working before still working or have they drifted from a known good state? Without evidence about our security effectiveness, how can we ever empirically answer these questions and get our organizations to the Left of Boom?
Studies across endpoint, network, email, and cloud security tools have established that, on average, we’re only getting about 15-25% effectiveness out of our incident prevention security tools. When it comes to incident detection, it’s as low as 25-35% effectiveness. And for SIEMs, their ability to effectively correlate and alert ranges between 0-45%. We haven’t put a big enough dent in our risk profile and we’re wasting time, money, and resources by not getting value from these security tools. In most cases, the problem isn’t that we have bad technology or ineffective security teams. Instead, it’s an inability to effectively measure, manage, improve, and communicate the security effectiveness of our security tools in a scalable manner that results in actionable evidence.
From a leadership perspective, we’re not able to communicate our security effectiveness to executives based on evidence because we don’t have the evidence. This is devastating, as cybersecurity isn’t about cyber risk – it’s about the financial and operational risk from cyber. Without evidence, executive decision makers can’t do their jobs effectively when it comes to protecting shareholder value, revenue, and reputation.
This presentation will demonstrate automated methods to mitigate these problems. It will identify approaches that you can apply to improve the effectiveness of your security tools, security teams, and processes. Following this presentation, you’ll be able to develop your own strategy to get Left of Boom. If you feel that you don’t have the cybersecurity evidence to know, empirically, what’s working, what’s not, how to fix it, how to verify the fix worked, and how to make sure it stays working across your security tools, your people, and the processes they follow, this presentation is for you.”
Brian Contos is the CISO & VP Technology Innovation at Verodin. He is a seasoned executive with over two decades of experience in the security industry, board advisor, entrepreneur and author. After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, he began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks.
Brian has worked in over 50 countries across six continents. He has authored several security books, his latest with the former Deputy Director of the NSA, spoken at leading security events globally, and frequently appears in the news. He was recently featured in a cyberwar documentary alongside General Michael Hayden (former Director NSA and CIA).