Honeypot Boo Boo: Better Breach Detection with Deception Inception

Recordings

https://www.youtube.com/watch?v=pvnYdZrlR5Y&list=PL8N5HiRDvZ-dVdLNXf6kC3WDi8AWBS27g&index=11

View Recording

Slides

/files/slides/001-10_YCGPDX - Justin Varner - Honeypot Boo Boo - Better Breach Detection With Deception Inception.pdf

View Slides

Abstract

Breaches continue happening at unprecedented levels with huge financial impact to the global economy year after year.

Our traditional approach to breach detection that is focused on triaging alerts generated by massive amounts of data from disparate sources is not working. Adversaries know this fact and regularly benefit from it.

The average breach goes unnoticed for 212 days. That’s an ample amount of time for anyone to surreptitiously run off with the crown jewels and inflict significant damage with ramifications that include consumer privacy violations, loss of trust, steep financial penalties, and irreversible reputational damage.

We need a new approach if we’re ever going to stop the madness. Hackers also deserve a better opponent.

This talk discusses a different way of thinking about breach detection that is intended to reduce the number of false positives, improve alert fidelity, reduce time-to-detection, and prevent the massive level of burnout affecting our industry.

We will cover the history of breach detection, the current state of affairs, the paradigm shift to new ways of thinking about the problem, and many practical examples of how to deploy effective breach detection technology.

Justin Varner

I’m a passionate and seasoned security professional with over 17 years of experience in the industry across a variety of security domains and disciplines.

My career started as a cryptographer at NASA working on the secure messaging system used by the International Space Station. During a focused and driven career, I’ve had the opportunity to work across a multitude of different industries and roles ranging from security architecture to offensive security to DevSecOps and everything in between.

My most recent endeavors have been focused on helping others improve their ability to rapidly detect breaches and generally bolster their overall security posture with simple and pragmatic means and methods.

I embrace any opportunity to teach fundamental security concepts to those who need help but have no idea where to look, and I pride myself on being able to break down and articulate complex topics in a fun, interesting, and engaging manner that appeals to people from all backgrounds.