Why it's all snake oil - and that may be ok

Presented at BSidesLV 2016, Aug. 2, 2016, 5 p.m. (55 minutes)

Every few years, security vendors entice us with "next generation" security products with 0day detection and we must decide if this product will be our salvation or it's more snake oil full of empty promises. Basic theorems of computer science mathematically guarantee that many of the claims made by vendors are false without certain allowances, but that doesn't mean that the products are useless. Take a walk through the history of exploitation and computer science to learn how to ask the questions that will allow you to see if the vendor's claims can be achieved in your organization or whether you're being sold a bill of goods.

Presenters:

• Pablo Breuer - Director - Center for Information Warfare and Innovation   as Pablo "@Ngree_H0bit" Breuer
  Pablo is a computer scientist and INFOSEC professional with over twenty years experience in the public and private sector. He is currently the director of the Center for Information Warfare and Innovation, a military associate professor at the Naval Postgraduate School in Monterey, CA and lecturer at California State University Monterey Bay. He collects malware, 'sploits and memes.

Links:

• https://bsideslv2016.sched.com/event/7Vhe/why-its-all-snake-oil-and-that-may-be-ok

Similar Presentations:

• 33C3 (2016) / In Search of Evidence-Based IT-Security: IT security is largely a science-free field. This needs to change.
• BSidesSF 2016 / Why it’s all snake oil – and that may be ok
• DEF CON 12 (2004) / Snake Oil Anonymity