EFTA01735540

The Board Room guide to hacking EFTA01735540 "GETYOURFACTSFIRST, DISTORTTHEMASYOUPI: MARKTWAIN Lifehack Quotes .0 EFTA01735541 Are you compromised? Yes EFTA_R1_00019494 EFTA01735542 Why is everyone compromised? 1 Your network is a replicable monoculture 2. Compromising is a one-way street: You can't "un- compromise" something 3. The internet and your network are a graph of trust: compromising is viral and exponential 4. Your defense is reactive and slow, it must be proactive and fast EFTA_R1_001,19495 EFTA01735543 fam-res .... Ana - ; •• • •••.. ; - • • f•• - • • 'a a - • • -• . • 41110 111-•• 40. • eifffir • •••• " • • -Mr • • • .0, a. • . a -t • r .‘44 • a • a . 4. s . ea . - all •a a a a e _ .aa • • • I•• IF.. • ti a .1. f 4.- *a' . .... • a _en= r. • • a - aa. OK IN .41•• • • •••• • • • - • • . • ..t•• aft gp • 1. - • ' • • • •.• I • • • . • • fa. • ea • . alma • r • ap a a "re I iv • ,f • • • • „ •••• • • • a 4 * • • • • I # I sob - 4 S • 44 I THAT'S YOUR • I • • 4 • • • • . • • • a. a I • it • -• • • ego . I ok . • t t • MPET I • • - • • e w- • •t OP• • # • • • *4. 4 .• • -• • a .^ dr- • 4 • ••••'"I " • 1. • 4 • • • • • „ • •••- caw'. - • • • • p. L- sea 41 V mite"r" ' • ••-a e'L • a • • **- • 4 63•1* •• • 49. _lb a i ii. • ;. • aS eaSOO • • -. 0 ..... • • • ... ....---- - • EFTA R1 00019496 EFTA01735544 Monoculture • The attacker can download the same software you have and attack it until he finds a way in. • An attacker can replicate an almost-exact copy of your machine and go at it until he finds an "in" • Once the attacker is on a machine he can experiment and explore the trusted neighbors until he finds an "in" EFTA_R1_00019497 EFTA01735545 EFTA R1 00019498 EFTA01735546 "Un-compromise"-able • A maxim: there's always a deep enough level in a machine that is not defended/defendable • It used to be the kernel, now it's the bios, the firmware, the hardware, the secret co-processor, you name it • You can't "un-compromise" because it's impossible to know what's compromised EFTA_R1_00019499 EFTA01735547 EFTA R1 00019500 EFTA01735548 Graphs of trust • A lot of security today happens at the "perimeter", once you're in it's game over. This is called "lateral movement" • Implicit trust: we trust somebody else servers to download executables, we trust certificate authorities keys, we trust our partner servers • This means that your threat model is in large part outside of your control EFTA_R1_00019501 EFTA01735549 P:(201,114. :• io cr'IJC: •• • .1 •:• Q• ; • r •/ 1 , b ie l e - 0; • 00 . A I-1 • *- • -. *-- -1 • ,- J p• .41• .6 10 • 111•1, • C II vi k • • -Pil e, • •..(cas•- • • - • I '..I • • •.; S .- • -• • • '114 .0° • Le 11 /4• • e i gOi • A* . re ( ar/ t di ctith it ar t •• ••• :2. • ‘Vt ist o,c. r • • ! ••••'•-• • hit/ • ; . : r.•• •••• • -••••••,....) ;•7411:.••••.; • • . /,,,,.••tY „„ • • •„, . . .:•••.• • •1 • •r , , -. . ,.. ^ . ...A•T 1,ii. • i •••• -4. of"..:':•. • p • . . i I • , ••• r P • • •.- /1... ea. • i•1 '14 .1 fr.% I ' • .... • .•.•; • .. ' .• . ., • "roe," I I . ./• d. •II• 1 it • " i f I . Ph - I. ••:', •••• .'..‘ Via vie t •••: 7 , .iII/1"..A. I .. 1.... •• " • • . ' ' i si • r e••••• •%•-. • I i• .1 -1 f • • ' : •• PT •,•• i •• •.siC VS l i' Ct ..• 1 • *). ••• e ." I *Al " %. l• • i f A 1')/ . y • • • • •• : ] I. i l.te.•: . •5‘,..9 1. 1 1t i ( 1 . • •, • • ‘ agt•ai •::$•4 1 1)4 4 • /..•• . • ; 11; . 4 I.'s'''. I * . • .•• r • •. • . ..• • • • ,.-k e'r 1 • ile4; err.. • • • •Ir;•••;,.:' •re • • 4 en) •• ••• r i" ' • • • , •• •• • I ; ' • ••• .*I • . • ••. I • EFTA01735550 Reactive and slow • Most security tools today work by identifying an attack somewhere else and then try to protect everyone else • This is reactive in nature and ineffective: most attacks stay latent for a very long time • Even with almost-real time detection, the attacker needs to beat you at the race just once EFTA_R1_00019503 EFTA01735551 EFTA_R1_00019504 EFTA01735552 The recursive guide to compromise anything 1. Compromise a machine (exploit, social engineering, backdoor, physical access) 2. The maxim: there's always a deep enough level in a machine that is not defended/defendable. Go there and stay put 3. For every node in the graph that trusts your machine, go to 1 and be fast EFTA_R1_0019505 EFTA01735553 Digital immune system EFTA01735554 Digital immune system • We have the technology to build 80% of the digital immune system • We need network effects and board-level decisions to make the remaining 20% true • This will not solve computer security but it will leap it ahead by a lot EFTA_R1_00019507 EFTA01735555 ) EFTA R1 00019508 EFTA01735556 "Shape-shifting" software • No two copies of the same app, (kernel, firmware, etc etc) should behave the same way at the micro level • Code should adapt to its users/owners, detect and log anomalous behavior on a distributed ledger EFTA_R1_00019509 EFTA01735557 "Accountability breeds response- ability." -Stephen Covey QuoteAddicts EFTA01735558 Code Signing • Every piece of code that is executed on a machine should be signed by a trusted entity • We can't trust a single company/machine: create a distributed ledger of valid signatures for every piece of code EFTA_R1_00019511 EFTA01735559 I EFTA_R1_000,19512 EFTA01735560 Self-destructing machines • Every machine should have a "known-good" state to revert to • Every time a machine is thought to be compromised it should be destroyed immediately and reverted back to the "known-good" state EFTA_R1_001,19513 EFTA01735561 EFTA_R1_00019514 EFTA01735562 Adaptive network structure • The trusting neighbors of a machine must be able to shut down communication with the allegedly compromised machine • The trusting neighbors should be able to adapt their network topology to use a mirror copy of the compromised machine EFTA_R1_00019515 EFTA01735563 EFTA R1 00019516 EFTA01735564 The Al future • In the future a lot of offensive security will be Al/ML- driven • In the future security will be much faster and much more complicated • We can't have proper defense against that without these building blocks EFTA_R1_001,19517 EFTA01735565 O&A EFTA_R1_00019518 EFTA01735566