How Defense-In-Depth Helps Protect You From Unexpected Vulnerabilities Like Heartbleed
- Thursday, May 22nd, 2014 at 1:00 PM EDT (17:00:00 UTC)
- Jake Williams, SANS & Adam Goodman, Principal Security Architect at Duo Security
You can now attend the webcast using your mobile device!
While the recent Heartbleed vulnerability in OpenSSL may have felt to many like a once-in-a-lifetime internet-scale calamity, it really was just the latest in a long string of failures in SSL/TLS infrastructure: in recent years, there has been a surprisingly long list of high-profile weaknesses discovered in protocols and implementations.
We should expect this. The problem is not that SSL/TLS and its various implementations are inherently bad: humans make mistakes and all software has bugs; any security protocol or system could easily fall victim to a similar fate (perhaps even more easily - SSL/TLS is, at least, widely used and widely studied).
Instead, these failures illustrate the value of a long-held security principle known as "Defense in Depth", which holds that we must build security at every layer of our systems, such that they can remain secure even if one layer breaks.
Join us for a webcast discussing some of the specific techniques that we - and other industry-leading cloud providers - use to lessen the impact of SSL/TLS failures, and some broader ways in which the principle of Defense in Depth can be applied across your organization.
Jake Williams is founder and principal consultant at Rendition Infosec and a certified SANS instructor and course author. He has more than a decade of experience in secure network design, penetration testing, incident response, forensics, and malware reverse engineering. Before founding Rendition Infosec, he worked with various government agencies in information security roles. Jake is a two-time victor at the annual DC3 Digital Forensics Challenge.
Adam Goodman is the Principal Security Architect at Duo Security, an Ann Arbor, Michigan-based startup focused on two-factor authentication and mobile security. He has spent over 8 years building - and breaking - secure systems, working on everything from low-level binary network protocols to web services and mobile apis. Prior to his work at Duo, he was a founding engineer at Zattoo, Europe's leading live-streaming Internet TV operator, where he led the development of secure P2P distribution and digital rights management protocols. Adam's security research has gained attention from news sources across the security community, including Threatpost, Dark Reading, The Register, and many others.