The “enumeration of badness” approach to security has failed for two major reasons. First, the amount of “badness” is practically infinite. Second, it’s unrealistic to detect all future “badness” based on the past. Yet, the majority of products are still based on this method. Spectre and Meltdown vulnerabilities are just one example of the unpredictability of future “badness”. However, “goodness” is actually finite. So, is it possible to create a map of all legitimate OS behavior? The answer is yes. I have designed a new language called Behavior Pattern Mapping (BPM) that accomplishes this. BPM can be implemented as deterministic finite automata. See BPM’s threat-agnostic defense in action. Maybe security is easy after all?
Nir Gaist, Founder and CTO at Nyotron
Nir Gaist, Founder and CTO of Nyotron, is a recognized information security expert and ethical hacker. He started programming at age 6 and began his studies at the Israeli Technion University at age 10. Nir holds significant cyber security experience, including serving as a security consultant to some of the largest Israeli organizations, such as the Israeli Police, the Israeli parliament, and Microsoft’s Israeli branch. Mr. Gaist also wrote cybersecurity curriculum for the Israel Ministry of Education and for the Israel Council of Higher Education. He has vast experience in network penetration testing as well as deep knowledge in security breaches and 0-day threats. He holds patents for the creation of programming language used to map operating system behavior for the purposes of threat-agnostic protection.
CISO Roundtable discussion with Roger Hale, Vice President and Chief Informaiton Security Officer at Informatica.
Roger Hale, Vice President and Chief Information Security Officer at Informatica
Roger Hale, In this role, Roger and his team are responsible for Informatica’s global information security, risk and compliance.Roger has more than 25 years of experience working in the high-tech field and brings specialization in merging information security, customer advocacy, and service delivery with the agility of cloud services. He has a proven track record of delivering effective strategies that align information lifecycle management with business objectives, information assurance, and risk management.