SlideShare una empresa de Scribd logo

Product security by Blockchain, AI and Security Certs

Descargar como PPTX, PDF
LabSharegroup
LabSharegroup

Three themes You need to think about Product Security — and some tips for How to Do It I have been working with software security laboratories and IT security firms for years. I have talked with clients, read and watched dozens of articles/videos and talked with several experts about product security themes, future, technologies. The three themes are: Is the blockchain the new technology of trust? Blockchain has the potential to transform industries. However, some security experts raised questions: If blockchain is broadly used in technology solutions will security standards be adopted? How to protect the cryptographic keys that allow access to the blockchain applications? Although it is true that the potential is huge such as securing IoT nodes, edge devices with authentication, improved confidentiality and data integrity, disrupting current PKI systems, reducing DDoS attacks etc. AI (Machine Learning, Deep Learning, Reinforcement Learning algorithm) potential in Product Security Machine learning can help in creating products that analyse threats and respond to attacks and security incidents. There are several repositories on GitHub or open-source codes by IBM available for developers. Deep learning networks are rapidly growing due to cheap cloud GPU services and after Reinforcement learning algorithm’s last success nobody knows the upper limit. Product Security by International security standards and practices The present, future, and developmental orientations of independent third party certificates Industry. How can the international standards answer the rapid growth of new technologies and maintain secure applications in IoT, Blockchain or AI-driven industries? Are IT products reliable, secure and will they stay that way? I would like to explain Product Security in a simple way. My goal is the introduction of product security for Tech startups, fast-growing Tech firms. Furthermore, I would like to emphasize the benefits of product security certification.

Tecnología
1 de 38
2 Product Security by Blockchain, by Tibor Zahorecz AI and Security Certification landing page for Startups (series B, C), SME and Technology Fast 500 send me feedback here
AGENDA PROBLEM BLOCKCHAIN, AI PRODUCT SECURITY SOLUTION BEHIND Are IT products reliable and secure? Blockchain, AI is the new Technology of Trust? Product Security by International security standards and practices Why International security certs are good for the world, markets and the vendors Behind this deck 3
4 Are (Information Technology) products reliable & secure?
Over 8600 Vulnerabilities found in pacemakers (Medical sector) media: https://thehackernews.com/2017/06/pacemaker-vulnerability.html In a recent study, researchers from security firm White Scope analysed seven pacemaker products from four different vendors and discovered that they use more than 300 third-party libraries, 174 of which are known to have over 8,600 vulnerabilities that hackers could exploit in pacemaker programmers. 5
Deep flaw in your car (Mobility sector) media: https://www.wired.com/story/car-hack-shut-down-safety-features/ Highlighting a little-noticed automotive hacking technique it presented at the DIVMA security conference in Bonn, Germany. Along with researchers at LinkLayer Labs and the Polytechnic University of Milan. Their work points to a fundamental security issue in the CAN protocol that car components use to communicate and send commands to one another within the car's network, one that would allow a hacker who accesses the car's internals to shut off key automated components, including safety mechanisms 6
Hacking industrial robots (Industry 4.0) Group of researchers from Polytechnic University of Milan and Trend Micro has discovered that some robots are directly connected to the Internet (for example, for receiving updates from the manufacturer or sending telemetry to company headquarters), or to an insufficiently isolated factory Wi-Fi network. This enables malefactors to discover robots with the help of a dedicated scanner. The robots are easy prey. With no encryption used when updating firmware, no digitally signed firmware at all, and default user names and passwords used, anyone who finds a robot’s IP address can modify its configuration files and change its operation logic. 7 media: https://www.kaspersky.com/blog/hacking-industrial-robots/17879/
Hacking IoT Devices: How to Create a Botnet of Refrigerators (IoT) source: https://www.thesslstore.com/blog/hacking-iot-devices-create-botnet-refrigerators/ DDoS attacks that use botnets made of IoT devices are not just possible—they’re happening. Mirai primarily targeted IoT devices. It did this by using devices it had already infected to scan the internet for IoT devices. Once it identified its targets, it used a table of over 60 common factory default usernames and passwords to hack into the devices. Deep dive into IoT Hacks 8
9 Blockchain, AI is the new Technology of Trust?
Blockchain is secure Blockchain has the potential to change the way we buy and sell, interact with government and verify the authenticity of everything See the interactive intro
What is Blockchain? Deep Dive Blockchain at Berkeley The Blockchain Fundamentals DeCal is a comprehensive survey of relevant topics in cryptocurrency and the wider blockchain space… See in the Lecture notes for more information 11
What is AI? Deep Dive Google deck about ML, AI, DL The system implemented today are a form of narrow AI - a system that can do just one defined things better than humans. See in the Lecture notes for more information 12
What is a Decentralized AI? Blockchains and deep learning Content: Why decentralized and AI are relevant to each other Overview of deep learning Problems with centralized machine learning What decentralization is and isn't Problems with the web today First generation peer-to-peer networks Applications of cryptography Decentralizing the web; storage, transport, & computation Smart contracts and automation Decentralized autonomous organizations See in the Lecture notes for more information 13
Decentralized Artificial Intelligence in Practice OpenMined OpenMined is a community focused on building open-source technology for the decentralized ownership of data and intelligence. The OpenMined ecosystem incorporates a number of technologies including federated machine learning, blockchain, multi-party computation, and homomorphic encryption. See in the Lecture notes for more information 14
AI and DL current topics for Product Security Hands-On Workshop: Creating Intelligent Physical Security Products Using AI and Deep Learning by NVIDIA: link Machine Learning in Cyber Security Domain: blog How machine learning can be used to write more secure computer programs (link) IoT Security Techniques Based on Machine Learning (study) MLconf 2017 Seattle presentations Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database (paper link) GitHub Repo (https://github.com/ANSSI-FR/ASCAD) ● Copyright (C) 2018, ANSSI and CEA 15
Blockchain Protocol Analysis and Security Engineering 2017 /Stanford/ deep dive How Formal Analysis and Verification Add Security to Blockchain Layers for security consideration: Key Management, Audit, Backup: ISO/IEC 27000 Program Code, Secure Hardware: ISO/IEC 15408 (Common Criteria) Privacy protection, Secure transaction: ISO/IEC 29128 The 2018 agenda link in the lecture note 16
How Formal Analysis and Verification Add Security to Blockchain- based Systems by Shin’ichiro Matsuo (MIT Media Lab) Pindar Wong (VeriFi Ltd.) source 17
Blockchain Protocol Analysis and Security Engineering 2018 /Stanford/ deep dive The conference materials are online Some topics Charles Guillemet; State-of-the-art Attacks on Secure Hardware Wallets Florian Tramèr et al.; Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts Michael Egorov; NuCypher KMS: Decentralized key management system Agenda, and materials 18
19 Product Security by International security standards & practices
Selected Security Certifications and Security Validations 20
Common Criteria is an International security scheme Common Criteria Certification provides independent, objective validation of the reliability, quality, and trustworthiness of IT products. XEROX ‘It is a standard that customers can rely on to help them make informed decisions about their IT purchases’ https://www.xerox.com/information- security/common-criteria/enus.html Dell EMC ‘Certification for Common Criteria for Information Technology Security Evaluation (Common Criteria) is part of our comprehensive Product Security Program that ensures delivery of secure products to enable information infrastructure security for organizations.’ https://australia.emc.com/products/se curity/external-security-validation.htm NATO ‘By establishing a common base, the results of an IT security evaluation are more meaningful to a wider audience.’ https://www.ia.nato.int/guidance-more 21
Some Certified IT Product categories (lists are in the lecture note) COMMUNICATIONS AND SURVEILLANCE: Secure Communications, Devices and Management, Tactical Radios, Tablets, Phones and Mobile etc. CRYPTOGRAPHY & CRYPTOGRAPHIC LIBRARIES NETWORK SECURITY: IT Management Systems for Infrastructure Network Automation, Configuration and Management Virtual Networking Server Mgmt Solutions VPN, Switches and Routers Network & Network Related Devices and Systems Data Compression and Network Security Solutions Server Automation & Management Secure Web Gateway STORAGE DATA MANAGEMENT: Encryption Management Strategy Data Compression and Network Security Solutions, Virtual Machine Storage etc. APPLICATION SOFTWARE: Assertively implement one-to-one platforms whereas cooperative schemas. CLOUD SERVICES SECURITY INFORMATION & EVENT MANAGEMENT (SIEM), LOG ANALYSIS SMART CARD & READER OPERATING SYSTEMS INTRUSION & VULNERABILITY PREVENTION 22
Database products - Product Security Practice - by MarkLogic Deep Dive Building Security Into MarkLogic Given the increase in data breaches, securing the perimeter is no longer enough. The database itself must be secure. That is why according to MarkLogic, an industry leader in next-gen database technology, Common Criteria Certification* and advanced security features like element level security and advanced encryption are critical elements a database must include in today’s constantly evolving threat environment. 23 * Building Security Into MarkLogic white paper, MarkLogic
Cybersecurity - Product Security Practice - by McAfee Deep Dive McAfee Product Security Practices McAfee’s takes product security very seriously. Our practices include designing for both security and privacy, in software and applications. We have rigorous product security policies and processes designed to proactively find and remove software security defects, e.g. security vulnerabilities. We understand that our products must not only fulfill the stated function to help protect our customers, the McAfee software itself must also aim to protect itself from vulnerabilities and attackers. McAfee strives to build software that demonstrates resilience against attacks. (url) Core Software Security book by Dr. James Ransome ( Senior Director of Product Security McAfee): link Advice for software companies in lecture notes 24
Experiences from the certification of an open source product - PrimeKey Key messages: Benefits of Common Criteria ● Improved software quality ● Improved security documentation ● Independent security audit ● Secure development processes ● Increased market potential Applicability of Certification Although it does provide security benefits as described, the cost and work involved is usually too high for any organization to perform a certification unless there are clear business requirements or advantages. There are huge differences depending on the product type and area. Lecture notes contains more information 25 * Tomas Gustavsson, M.Sc has been researching and implementing PKI systems since 1994. CTO at PrimeKey, founder of open source PKI project EJBCA and committed follower of open standards.
BSIMM - Bringing science to software security Deep Dive About the BSIMM BSIMM, pronounced “bee simm” is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variations that make each unique. Why Join? https://www.bsimm.com/about/membership.htm l 26
Why International security certs are good for the people, vendors and the world?
Customers and Market benefits from product security certification BY GENE KEELING, DIRECTOR, GLOBAL CERTIFICATION TEAM, CISCO (read more) Improved availability of assessed, security-enhanced IT products Improved citizen confidence in products Consumers are able to compare their needs beside the Common Criteria’s consistent standards to decide on the level of security required. Allowing vendors to focus resources on standard requirements for the improvement of security in products Buyers can be more definitive when determining if particular products meet their specific requirements 28
Vendors benefits from product security certification Regulated Industries market access (unlocking): > $500 Billion FED Total Addressable Market access: $90 Billion Governments market access (globally) Transnational Organization market access: NATO, EU, Banking etc. Gain competitive edge in the marketplace Elevate company’s brand as products are independently evaluated against transparent and auditable standards for security. Build secure products with less vulnerabilities (branding) 29
Vendors benefits from product security certification - New Markets 30
Worldwide Recognition Twenty-seven countries, including the United States and Canada, have signed the Common Criteria Recognition Arrangement (CCRA), making it an unparalleled measure of security for the international commerce of IT products. Why Pursue Common Criteria Validation? Access previously untapped markets, such as the Intelligence Community, Financial Services, Healthcare, Critical Infrastructure, and US and Foreign governments Demonstrate corporate commitment to product security Elevate company’s brand to potential customers that products have been independently evaluated against transparent and auditable standards for security 31
Minimize the uncertainty with Readiness Assessment Avoid speculation over wide ranging estimates, conflicting timelines, and confusing requirements with an internal audit of your company’s certification readiness Problem: These certifications are fraught with uncertainties and challenges which if not properly understood and addressed can lead to missteps, perils, and significant opportunity costs for most companies. Questions always on client side: How much does this cost? How long will this take? How much impact will this have on our engineering staff? Solution: The Readiness Assessment is a highly engaged and interactive session which goes beyond assessing a product’s security gaps to addressing a company’s overall preparedness when embarking on a certification effort. Examines the critical success factors in every certification effort as well as uncovers potential failure points in the process for your specific projects. Finally, the teams work together to produce a roadmap that best fits your organization and certification goals. It will encompass all aspects of the certification effort; including costs, potential human capital considerations, product readiness, and timing. Inputs and Discussion Topics: • Libraries & Cryptographic Health Analysis • User I&A/AAA Analysis • Vulnerability Assessment & Patch/Update Strategy • Product Architecture & Security Review • Intellectual Property Protection • Documentation, Testing, & Program Requirements 32
Behind this deck
Security validation & certification benefits SECURE PRODUCTS 75% TRUST 90% BRAND AWARENESS 45% GLOBAL ACCEPTANCE 75% 34
WHY CORSEC DISCOVER REQUIRED PRODUCT CHANGES EARLY IN THE PROCESS 75% FIXED PRICE & FIXED TIMELINES 90% PRODUCT SECURITY EXPERIENCE > 325 UNIQUE PRODUCTS 95% > 1 million HOURS SECURITY VALIDATION 99% For two decades Corsec has partnered with companies around the world to accelerate go-to-market readiness, improve brand reputation, and significantly increase financial returns for our clients. Our turnkey approach gets companies through FIPS 140-2, Common Criteria, and listing on the DoD APL while reducing the internal engineering burden associated with product security compliance and security hardening while mitigating the risks associated with security certifications. References DONE ONCE, DONE RIGHT 35
WHY CCLab RESPONSIVENESS 90% AGILE - SPEED - TIME TO MARKET 95% AFFORDABLE 99% CCLab is an accredited Common Criteria evaluation laboratory based in Budapest operating under the Italian governmental security scheme (OCSI). It has experience in the evaluation of crypto libraries, SmartCards, digital signature applications, digital wallets, PKI and Blockchain-based applications. References We help to make products secure and internationally accepted. 36
LabShare Find and obtain software security, secure software development and niche engineering services from audited Labs and firms. Improve your product security level 37
CONTACT US email: tibor.zahorecz@dosell.io , send feedbacks here, landing page

Recomendados

AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
 
OA_Cyber security course with AI
OA_Cyber security course with AIOA_Cyber security course with AI
OA_Cyber security course with AIObject Automation
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityMohammad Khreesha
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityInfosec
 

Recomendados

AI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikAI for security or security for AI - Sergey Gordeychik
AI for security or security for AI - Sergey GordeychikSergey Gordeychik
 
OA_Cyber security course with AI
OA_Cyber security course with AIOA_Cyber security course with AI
OA_Cyber security course with AIObject Automation
 
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?AI and Machine Learning In Cybersecurity | A Saviour or Enemy?
AI and Machine Learning In Cybersecurity | A Saviour or Enemy?SahilRao25
 
AI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtAI and Cybersecurity - Food for Thought
AI and Cybersecurity - Food for ThoughtNUS-ISS
 
The good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityThe good, the bad, and the ugly on integration ai with cybersecurity
The good, the bad, and the ugly on integration ai with cybersecurityMohammad Khreesha
 
AI and the Impact on Cybersecurity
AI and the Impact on CybersecurityAI and the Impact on Cybersecurity
AI and the Impact on CybersecurityGraham Mann
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in CybersecurityForcepoint LLC
 
From machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityFrom machine learning to deepfakes - how AI is revolutionizing cybersecurity
From machine learning to deepfakes - how AI is revolutionizing cybersecurityInfosec
 
How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityTahseen Shabab
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?DLabs
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurSri Ambati
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Blackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityBlackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityShauryaGupta38
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITYARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITYvenkatvajradhar1
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityAvantika University
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIForcepoint LLC
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Aladdin Dandis
 
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyayCareer guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyaySabyasachi Mukhopadhyay
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 

Más contenido relacionado

La actualidad más candente

How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityDevOps.com
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Harsh Bhanushali
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityTahseen Shabab
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?DLabs
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurSri Ambati
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityDr. Umesh Rao.Hodeghatta
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain BGA Cyber Security
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Cybereason
 
Blackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityBlackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityShauryaGupta38
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITYARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITYvenkatvajradhar1
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityAvantika University
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIForcepoint LLC
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Aladdin Dandis
 
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyayCareer guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyaySabyasachi Mukhopadhyay
 

La actualidad más candente (20)

How Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber SecurityHow Machine Learning & AI Will Improve Cyber Security
How Machine Learning & AI Will Improve Cyber Security
 
Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)Cyber Security in AI (Artificial Intelligence)
Cyber Security in AI (Artificial Intelligence)
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
 
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise CybersecurityChallenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise Cybersecurity
 
Is AI going to provide safety for us?
Is AI going to provide safety for us?Is AI going to provide safety for us?
Is AI going to provide safety for us?
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
 
Application of Machine Learning in Cyber Security
Application of Machine Learning in Cyber SecurityApplication of Machine Learning in Cyber Security
Application of Machine Learning in Cyber Security
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain Machine Learning in Cyber Security Domain
Machine Learning in Cyber Security Domain
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
Security Analytics: The Promise of Artificial Intelligence, Machine Learning,...
 
Blackbox Testing in AI Cybersecurity
Blackbox Testing in AI CybersecurityBlackbox Testing in AI Cybersecurity
Blackbox Testing in AI Cybersecurity
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITYARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
ARTIFICIAL INTELLIGENCE IN CYBER-SECURITY
 
Use of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika UniversityUse of Artificial Intelligence in Cyber Security - Avantika University
Use of Artificial Intelligence in Cyber Security - Avantika University
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
 
Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace Guardians of the future what should we do to secure future cyberspace
Guardians of the future what should we do to secure future cyberspace
 
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyayCareer guidance talk it makaut_ppt_sabyasachi mukhopadhyay
Career guidance talk it makaut_ppt_sabyasachi mukhopadhyay
 

Similar a Product security by Blockchain, AI and Security Certs

Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSource Code Control Limited
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443WoMaster
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35Felipe Prado
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfSavinder Puri
 
Top 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfTop 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfSonaliG6
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Black Duck by Synopsys
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranKoenig Solutions Ltd.
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
CompTIA CySA+ Domain 2 Software and Systems Security.pptx
CompTIA CySA+ Domain 2 Software and Systems Security.pptxCompTIA CySA+ Domain 2 Software and Systems Security.pptx
CompTIA CySA+ Domain 2 Software and Systems Security.pptxInfosectrain3
 
Industrial Control Systems Go Mobile in the Cloud
Industrial Control Systems Go Mobile in the CloudIndustrial Control Systems Go Mobile in the Cloud
Industrial Control Systems Go Mobile in the CloudLockheed Martin
 
Top Cybersecurity vendors.pptx
Top Cybersecurity vendors.pptxTop Cybersecurity vendors.pptx
Top Cybersecurity vendors.pptxSonaliG6
 
Software Piracy Protection
Software Piracy ProtectionSoftware Piracy Protection
Software Piracy Protectionijtsrd
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 

Similar a Product security by Blockchain, AI and Security Certs (20)

Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443The new era of Cyber Security IEC62443
The new era of Cyber Security IEC62443
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
 
Top 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdfTop 15 AI-enabled cybersecurity companies in 2022.pdf
Top 15 AI-enabled cybersecurity companies in 2022.pdf
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
 
Insecure mag-19
Insecure mag-19Insecure mag-19
Insecure mag-19
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.PrabhakaranIoT Security, Threats and Challenges By V.P.Prabhakaran
IoT Security, Threats and Challenges By V.P.Prabhakaran
 
Trends in IoT 2017
Trends in IoT 2017Trends in IoT 2017
Trends in IoT 2017
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
CompTIA CySA+ Domain 2 Software and Systems Security.pptx
CompTIA CySA+ Domain 2 Software and Systems Security.pptxCompTIA CySA+ Domain 2 Software and Systems Security.pptx
CompTIA CySA+ Domain 2 Software and Systems Security.pptx
 
Industrial Control Systems Go Mobile in the Cloud
Industrial Control Systems Go Mobile in the CloudIndustrial Control Systems Go Mobile in the Cloud
Industrial Control Systems Go Mobile in the Cloud
 
Industrial Control System Applications go Mobile in the Cloud 20150825 v1
Industrial Control System Applications go Mobile in the Cloud 20150825 v1Industrial Control System Applications go Mobile in the Cloud 20150825 v1
Industrial Control System Applications go Mobile in the Cloud 20150825 v1
 
Top Cybersecurity vendors.pptx
Top Cybersecurity vendors.pptxTop Cybersecurity vendors.pptx
Top Cybersecurity vendors.pptx
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Software Piracy Protection
Software Piracy ProtectionSoftware Piracy Protection
Software Piracy Protection
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 

Más de LabSharegroup

Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017LabSharegroup
 
Accelerate your company
Accelerate your companyAccelerate your company
Accelerate your companyLabSharegroup
 
Build venture - engineering services
Build venture - engineering servicesBuild venture - engineering services
Build venture - engineering servicesLabSharegroup
 
Production ergonomics
Production ergonomicsProduction ergonomics
Production ergonomicsLabSharegroup
 
DAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformDAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformLabSharegroup
 
Machinery design & engineering
Machinery design & engineeringMachinery design & engineering
Machinery design & engineeringLabSharegroup
 
B2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthB2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthLabSharegroup
 
B2B venture reference guide - part II.
B2B venture reference guide - part II.B2B venture reference guide - part II.
B2B venture reference guide - part II.LabSharegroup
 
B2B reference guide for company makers
B2B reference guide for company makersB2B reference guide for company makers
B2B reference guide for company makersLabSharegroup
 
DoSell vision, services overview
DoSell vision, services overviewDoSell vision, services overview
DoSell vision, services overviewLabSharegroup
 
How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.LabSharegroup
 
The true story of building up our venture
The true story of building up our ventureThe true story of building up our venture
The true story of building up our ventureLabSharegroup
 
Industrial Design www.dosell.io
Industrial Design www.dosell.ioIndustrial Design www.dosell.io
Industrial Design www.dosell.ioLabSharegroup
 
Common Criteria Lab Hungary
Common Criteria Lab HungaryCommon Criteria Lab Hungary
Common Criteria Lab HungaryLabSharegroup
 
The best way to design secure software products
The best way to design secure software productsThe best way to design secure software products
The best way to design secure software productsLabSharegroup
 
Bring your Ideas to Life
Bring your Ideas to LifeBring your Ideas to Life
Bring your Ideas to LifeLabSharegroup
 
DoSell Virtual Verification
DoSell Virtual VerificationDoSell Virtual Verification
DoSell Virtual VerificationLabSharegroup
 
Cathay general intro
Cathay general introCathay general intro
Cathay general introLabSharegroup
 

Más de LabSharegroup (20)

Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017Pitch Deck - LabShare 2017
Pitch Deck - LabShare 2017
 
Accelerate your company
Accelerate your companyAccelerate your company
Accelerate your company
 
Build venture - engineering services
Build venture - engineering servicesBuild venture - engineering services
Build venture - engineering services
 
Production ergonomics
Production ergonomicsProduction ergonomics
Production ergonomics
 
DAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell PlatformDAG Ideas full-stack webservices joined to DoSell Platform
DAG Ideas full-stack webservices joined to DoSell Platform
 
Machinery design & engineering
Machinery design & engineeringMachinery design & engineering
Machinery design & engineering
 
B2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and GrowthB2B reference guide for company makers part III. - Soft launch and Growth
B2B reference guide for company makers part III. - Soft launch and Growth
 
B2B venture reference guide - part II.
B2B venture reference guide - part II.B2B venture reference guide - part II.
B2B venture reference guide - part II.
 
B2B reference guide for company makers
B2B reference guide for company makersB2B reference guide for company makers
B2B reference guide for company makers
 
DoSell pitch deck
DoSell pitch deckDoSell pitch deck
DoSell pitch deck
 
DoSell vision, services overview
DoSell vision, services overviewDoSell vision, services overview
DoSell vision, services overview
 
How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.How we build a start-up from zero with the help of online content.
How we build a start-up from zero with the help of online content.
 
The true story of building up our venture
The true story of building up our ventureThe true story of building up our venture
The true story of building up our venture
 
Industrial Design www.dosell.io
Industrial Design www.dosell.ioIndustrial Design www.dosell.io
Industrial Design www.dosell.io
 
Common Criteria Lab Hungary
Common Criteria Lab HungaryCommon Criteria Lab Hungary
Common Criteria Lab Hungary
 
The best way to design secure software products
The best way to design secure software productsThe best way to design secure software products
The best way to design secure software products
 
Bring your Ideas to Life
Bring your Ideas to LifeBring your Ideas to Life
Bring your Ideas to Life
 
DoSell Virtual Verification
DoSell Virtual VerificationDoSell Virtual Verification
DoSell Virtual Verification
 
Cathay general intro
Cathay general introCathay general intro
Cathay general intro
 
ViveLab
ViveLabViveLab
ViveLab
 

Último

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Product security by Blockchain, AI and Security Certs

  • 1.
  • 2. 2 Product Security by Blockchain, by Tibor Zahorecz AI and Security Certification landing page for Startups (series B, C), SME and Technology Fast 500 send me feedback here
  • 3. AGENDA PROBLEM BLOCKCHAIN, AI PRODUCT SECURITY SOLUTION BEHIND Are IT products reliable and secure? Blockchain, AI is the new Technology of Trust? Product Security by International security standards and practices Why International security certs are good for the world, markets and the vendors Behind this deck 3
  • 5. Over 8600 Vulnerabilities found in pacemakers (Medical sector) media: https://thehackernews.com/2017/06/pacemaker-vulnerability.html In a recent study, researchers from security firm White Scope analysed seven pacemaker products from four different vendors and discovered that they use more than 300 third-party libraries, 174 of which are known to have over 8,600 vulnerabilities that hackers could exploit in pacemaker programmers. 5
  • 6. Deep flaw in your car (Mobility sector) media: https://www.wired.com/story/car-hack-shut-down-safety-features/ Highlighting a little-noticed automotive hacking technique it presented at the DIVMA security conference in Bonn, Germany. Along with researchers at LinkLayer Labs and the Polytechnic University of Milan. Their work points to a fundamental security issue in the CAN protocol that car components use to communicate and send commands to one another within the car's network, one that would allow a hacker who accesses the car's internals to shut off key automated components, including safety mechanisms 6
  • 7. Hacking industrial robots (Industry 4.0) Group of researchers from Polytechnic University of Milan and Trend Micro has discovered that some robots are directly connected to the Internet (for example, for receiving updates from the manufacturer or sending telemetry to company headquarters), or to an insufficiently isolated factory Wi-Fi network. This enables malefactors to discover robots with the help of a dedicated scanner. The robots are easy prey. With no encryption used when updating firmware, no digitally signed firmware at all, and default user names and passwords used, anyone who finds a robot’s IP address can modify its configuration files and change its operation logic. 7 media: https://www.kaspersky.com/blog/hacking-industrial-robots/17879/
  • 8. Hacking IoT Devices: How to Create a Botnet of Refrigerators (IoT) source: https://www.thesslstore.com/blog/hacking-iot-devices-create-botnet-refrigerators/ DDoS attacks that use botnets made of IoT devices are not just possible—they’re happening. Mirai primarily targeted IoT devices. It did this by using devices it had already infected to scan the internet for IoT devices. Once it identified its targets, it used a table of over 60 common factory default usernames and passwords to hack into the devices. Deep dive into IoT Hacks 8
  • 9. 9 Blockchain, AI is the new Technology of Trust?
  • 10. Blockchain is secure Blockchain has the potential to change the way we buy and sell, interact with government and verify the authenticity of everything See the interactive intro
  • 11. What is Blockchain? Deep Dive Blockchain at Berkeley The Blockchain Fundamentals DeCal is a comprehensive survey of relevant topics in cryptocurrency and the wider blockchain space… See in the Lecture notes for more information 11
  • 12. What is AI? Deep Dive Google deck about ML, AI, DL The system implemented today are a form of narrow AI - a system that can do just one defined things better than humans. See in the Lecture notes for more information 12
  • 13. What is a Decentralized AI? Blockchains and deep learning Content: Why decentralized and AI are relevant to each other Overview of deep learning Problems with centralized machine learning What decentralization is and isn't Problems with the web today First generation peer-to-peer networks Applications of cryptography Decentralizing the web; storage, transport, & computation Smart contracts and automation Decentralized autonomous organizations See in the Lecture notes for more information 13
  • 14. Decentralized Artificial Intelligence in Practice OpenMined OpenMined is a community focused on building open-source technology for the decentralized ownership of data and intelligence. The OpenMined ecosystem incorporates a number of technologies including federated machine learning, blockchain, multi-party computation, and homomorphic encryption. See in the Lecture notes for more information 14
  • 15. AI and DL current topics for Product Security Hands-On Workshop: Creating Intelligent Physical Security Products Using AI and Deep Learning by NVIDIA: link Machine Learning in Cyber Security Domain: blog How machine learning can be used to write more secure computer programs (link) IoT Security Techniques Based on Machine Learning (study) MLconf 2017 Seattle presentations Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ASCAD Database (paper link) GitHub Repo (https://github.com/ANSSI-FR/ASCAD) ● Copyright (C) 2018, ANSSI and CEA 15
  • 16. Blockchain Protocol Analysis and Security Engineering 2017 /Stanford/ deep dive How Formal Analysis and Verification Add Security to Blockchain Layers for security consideration: Key Management, Audit, Backup: ISO/IEC 27000 Program Code, Secure Hardware: ISO/IEC 15408 (Common Criteria) Privacy protection, Secure transaction: ISO/IEC 29128 The 2018 agenda link in the lecture note 16
  • 17. How Formal Analysis and Verification Add Security to Blockchain- based Systems by Shin’ichiro Matsuo (MIT Media Lab) Pindar Wong (VeriFi Ltd.) source 17
  • 18. Blockchain Protocol Analysis and Security Engineering 2018 /Stanford/ deep dive The conference materials are online Some topics Charles Guillemet; State-of-the-art Attacks on Secure Hardware Wallets Florian Tramèr et al.; Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts Michael Egorov; NuCypher KMS: Decentralized key management system Agenda, and materials 18
  • 19. 19 Product Security by International security standards & practices
  • 20. Selected Security Certifications and Security Validations 20
  • 21. Common Criteria is an International security scheme Common Criteria Certification provides independent, objective validation of the reliability, quality, and trustworthiness of IT products. XEROX ‘It is a standard that customers can rely on to help them make informed decisions about their IT purchases’ https://www.xerox.com/information- security/common-criteria/enus.html Dell EMC ‘Certification for Common Criteria for Information Technology Security Evaluation (Common Criteria) is part of our comprehensive Product Security Program that ensures delivery of secure products to enable information infrastructure security for organizations.’ https://australia.emc.com/products/se curity/external-security-validation.htm NATO ‘By establishing a common base, the results of an IT security evaluation are more meaningful to a wider audience.’ https://www.ia.nato.int/guidance-more 21
  • 22. Some Certified IT Product categories (lists are in the lecture note) COMMUNICATIONS AND SURVEILLANCE: Secure Communications, Devices and Management, Tactical Radios, Tablets, Phones and Mobile etc. CRYPTOGRAPHY & CRYPTOGRAPHIC LIBRARIES NETWORK SECURITY: IT Management Systems for Infrastructure Network Automation, Configuration and Management Virtual Networking Server Mgmt Solutions VPN, Switches and Routers Network & Network Related Devices and Systems Data Compression and Network Security Solutions Server Automation & Management Secure Web Gateway STORAGE DATA MANAGEMENT: Encryption Management Strategy Data Compression and Network Security Solutions, Virtual Machine Storage etc. APPLICATION SOFTWARE: Assertively implement one-to-one platforms whereas cooperative schemas. CLOUD SERVICES SECURITY INFORMATION & EVENT MANAGEMENT (SIEM), LOG ANALYSIS SMART CARD & READER OPERATING SYSTEMS INTRUSION & VULNERABILITY PREVENTION 22
  • 23. Database products - Product Security Practice - by MarkLogic Deep Dive Building Security Into MarkLogic Given the increase in data breaches, securing the perimeter is no longer enough. The database itself must be secure. That is why according to MarkLogic, an industry leader in next-gen database technology, Common Criteria Certification* and advanced security features like element level security and advanced encryption are critical elements a database must include in today’s constantly evolving threat environment. 23 * Building Security Into MarkLogic white paper, MarkLogic
  • 24. Cybersecurity - Product Security Practice - by McAfee Deep Dive McAfee Product Security Practices McAfee’s takes product security very seriously. Our practices include designing for both security and privacy, in software and applications. We have rigorous product security policies and processes designed to proactively find and remove software security defects, e.g. security vulnerabilities. We understand that our products must not only fulfill the stated function to help protect our customers, the McAfee software itself must also aim to protect itself from vulnerabilities and attackers. McAfee strives to build software that demonstrates resilience against attacks. (url) Core Software Security book by Dr. James Ransome ( Senior Director of Product Security McAfee): link Advice for software companies in lecture notes 24
  • 25. Experiences from the certification of an open source product - PrimeKey Key messages: Benefits of Common Criteria ● Improved software quality ● Improved security documentation ● Independent security audit ● Secure development processes ● Increased market potential Applicability of Certification Although it does provide security benefits as described, the cost and work involved is usually too high for any organization to perform a certification unless there are clear business requirements or advantages. There are huge differences depending on the product type and area. Lecture notes contains more information 25 * Tomas Gustavsson, M.Sc has been researching and implementing PKI systems since 1994. CTO at PrimeKey, founder of open source PKI project EJBCA and committed follower of open standards.
  • 26. BSIMM - Bringing science to software security Deep Dive About the BSIMM BSIMM, pronounced “bee simm” is a study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variations that make each unique. Why Join? https://www.bsimm.com/about/membership.htm l 26
  • 27. Why International security certs are good for the people, vendors and the world?
  • 28. Customers and Market benefits from product security certification BY GENE KEELING, DIRECTOR, GLOBAL CERTIFICATION TEAM, CISCO (read more) Improved availability of assessed, security-enhanced IT products Improved citizen confidence in products Consumers are able to compare their needs beside the Common Criteria’s consistent standards to decide on the level of security required. Allowing vendors to focus resources on standard requirements for the improvement of security in products Buyers can be more definitive when determining if particular products meet their specific requirements 28
  • 29. Vendors benefits from product security certification Regulated Industries market access (unlocking): > $500 Billion FED Total Addressable Market access: $90 Billion Governments market access (globally) Transnational Organization market access: NATO, EU, Banking etc. Gain competitive edge in the marketplace Elevate company’s brand as products are independently evaluated against transparent and auditable standards for security. Build secure products with less vulnerabilities (branding) 29
  • 30. Vendors benefits from product security certification - New Markets 30
  • 31. Worldwide Recognition Twenty-seven countries, including the United States and Canada, have signed the Common Criteria Recognition Arrangement (CCRA), making it an unparalleled measure of security for the international commerce of IT products. Why Pursue Common Criteria Validation? Access previously untapped markets, such as the Intelligence Community, Financial Services, Healthcare, Critical Infrastructure, and US and Foreign governments Demonstrate corporate commitment to product security Elevate company’s brand to potential customers that products have been independently evaluated against transparent and auditable standards for security 31
  • 32. Minimize the uncertainty with Readiness Assessment Avoid speculation over wide ranging estimates, conflicting timelines, and confusing requirements with an internal audit of your company’s certification readiness Problem: These certifications are fraught with uncertainties and challenges which if not properly understood and addressed can lead to missteps, perils, and significant opportunity costs for most companies. Questions always on client side: How much does this cost? How long will this take? How much impact will this have on our engineering staff? Solution: The Readiness Assessment is a highly engaged and interactive session which goes beyond assessing a product’s security gaps to addressing a company’s overall preparedness when embarking on a certification effort. Examines the critical success factors in every certification effort as well as uncovers potential failure points in the process for your specific projects. Finally, the teams work together to produce a roadmap that best fits your organization and certification goals. It will encompass all aspects of the certification effort; including costs, potential human capital considerations, product readiness, and timing. Inputs and Discussion Topics: • Libraries & Cryptographic Health Analysis • User I&A/AAA Analysis • Vulnerability Assessment & Patch/Update Strategy • Product Architecture & Security Review • Intellectual Property Protection • Documentation, Testing, & Program Requirements 32
  • 34. Security validation & certification benefits SECURE PRODUCTS 75% TRUST 90% BRAND AWARENESS 45% GLOBAL ACCEPTANCE 75% 34
  • 35. WHY CORSEC DISCOVER REQUIRED PRODUCT CHANGES EARLY IN THE PROCESS 75% FIXED PRICE & FIXED TIMELINES 90% PRODUCT SECURITY EXPERIENCE > 325 UNIQUE PRODUCTS 95% > 1 million HOURS SECURITY VALIDATION 99% For two decades Corsec has partnered with companies around the world to accelerate go-to-market readiness, improve brand reputation, and significantly increase financial returns for our clients. Our turnkey approach gets companies through FIPS 140-2, Common Criteria, and listing on the DoD APL while reducing the internal engineering burden associated with product security compliance and security hardening while mitigating the risks associated with security certifications. References DONE ONCE, DONE RIGHT 35
  • 36. WHY CCLab RESPONSIVENESS 90% AGILE - SPEED - TIME TO MARKET 95% AFFORDABLE 99% CCLab is an accredited Common Criteria evaluation laboratory based in Budapest operating under the Italian governmental security scheme (OCSI). It has experience in the evaluation of crypto libraries, SmartCards, digital signature applications, digital wallets, PKI and Blockchain-based applications. References We help to make products secure and internationally accepted. 36
  • 37. LabShare Find and obtain software security, secure software development and niche engineering services from audited Labs and firms. Improve your product security level 37
  • 38. CONTACT US email: tibor.zahorecz@dosell.io , send feedbacks here, landing page