You've no doubt heard the phrase, the best defense is a good offense, but when it comes to security, the best defense is a practical defense. Adversaries are constantly coming up with new ways to attack, but at the first ever Cisco Talos Threat Research Summit, security defenders are learning the latest skills needed to stay one step ahead of an ever-changing digital landscape.
Security is more important than ever and people in the security industry jumped at the chance to attend this one-day conference, which sold out in a matter of weeks. "I really had no expectations," said Timothy Porter, a network security engineer from Florida. "I just saw that it was Talos putting it on and I said, ‘I'm there!'" The summit, created by defenders for defenders, gives security researchers not only great insight, but also important new tools to keep companies and networks safe from bad actors.
Lurene Grenier, a self-labelled Black-Hat and researcher at Immunity, Inc. kicked off the Summit with her keynote titled, "You are not taking this seriously." Grenier outlined some of the biggest threats facing companies and maybe more importantly, how to safeguard from bad actors. "Nothing will help you as much as segmentation," Grenier said. "Real, proper, data segmentation." That means just what it sounds like. Some data needs to stay separate from other data sets. Grenier's keynote struck a chord with Porter. "You have to scare people into taking action," said Porter. "Sometimes you have to say, you're vulnerable, do something now or it's going to be catastrophic." Porter plans to bring back lessons he learned from the Cisco Talos Threat Research Summit and pitch his team on some new monitoring ideas.
Cisco Talos also threw back the curtain and explained how Cisco defends itself. Mike Scheck, the Director of Cisco CSIRT – the organization's own security response team - said there are no failsafe ways for 100 percent protection. "Realistically the only way to mitigate all risk is to smash the computers and fire all your employees," Scheck said. That being said, he did say having an effective incident response team in place, with rules you can actually enforce, is key.
Scheck revealed that for Cisco CSIRT, their secret sauce is having a playbook that asks four questions: What are we trying to protect? What are the threats? How do we detect them? How do we respond? One of the challenges for a playbook is the unknowns.
But at the heart of any organization is the people, and that holds true for Cisco CSIRT. "People are the most important factor in building an incident response plan," Scheck said.
Talos Threat Researcher, Nick Biasini, believes security is something every employee needs to make a priority, not just the ones working in security. "Internal security education is broken. We need to start offering both a carrot and a stick. Reward your employees for great practices, and penalize for bad," Biasini said.
It's insights like these, plus the overall interest in the Cisco Talos organization itself that had those in attendance sit up and take notice. "I often hear about Talos running one of the largest threat detection networks in the world. I want to know what they do behind the scenes and have a really good grasp on that," said Sentinel Technologies' Odell Waters.
While this was the first Cisco Threat Research Summit, the organizers don't think it's the last and are already thinking about making it even bigger next year.