Dailydave mailing list archives
First RSAC 2015 Note
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 28 Apr 2015 11:10:58 -0400
So as much as I malign RSAC, I occasionally attend it! I find that the West Coast's corporate style is foreign to me, and learning about it is probably important. For example, it took me forever to realize that what was being sold on the Expo Floor at RSAC was not products and services, but companies! So let me brief those of you who didn't go, probably because you had technical work to do, on what happened this year. First of all, RSAC is "fashion forward" and you had to pretty much wear a suit to it this year. A very expensive suit jacket and jeans was also acceptable. But likewise, your small startup last year had to be mobile and "BYOD" and this year it was all old-school endpoint security, with a new frosting of "behavioral analysis". Literally every other booth had a very El Jefe Style process tree as their main demo. Wait until they see and copy El Jefe's other amazing features, like USB tracking. :) Being small was a liability this year, in the way it hasn't been in previous years. Having anything less than a triple-size booth made your company seem hopelessly tiny and underfunded. But I want to relate one of the technical talks I saw to demonstrate a strategic hilarity. The basis of the talk was simple and cool. The authors measured power draw on the AC line going into a desktop PC. Literally, they just used a trojaned baseplate and an O-scope. Then they ran that power data through some generic neural network/statistical classifiers. They were able to determine (after training), based on the power usage levels, which websites a user visited on the machine! Likewise, they could detect execution of programs such as malware. TIME TO BUILD A COMPANY AND PROFIT! You could feel their excitement over the commercial applications from the back row of the poorly filled RSAC auditorium. They answered every question with "Let's talk offline, since we're not allowed to pitch our new company in this session!" As an offensive technique, power analysis is quite useful (which is why NSA boxes filter their power supplies). As a defensive technique it is entirely useless. If all a malware writer has to do is add (sleep(rand()); into their code a couple places to defeat your detection, then you probably shouldn't build a whole company based on the hope that they won't someday do that. But our two intrepid speakers WILL build this company, and they will get funding to do so, so doubt. The strength of the West Coast system is basically the same as the talk. The company churn over there is hugely noisy. But they've built a process that survives on the gold rush of technical hopes - without having to know anything about technology to predict what will work they can just fund and try everything. From that Big Data the market becomes a statistical classifier. Any East Coaster visiting RSAC looks around and says "Wow, you guys have a TON of CRAP here." But a West Coaster will smile and say "Exactly." -dave
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- First RSAC 2015 Note Dave Aitel (Apr 28)
- Re: First RSAC 2015 Note Michal Zalewski (Apr 29)
- Re: First RSAC 2015 Note Darkpassenger (Apr 29)
- Re: First RSAC 2015 Note Michal Zalewski (Apr 29)