Why it’s all snake oil – and that may be ok

Presented at BSidesSF 2016, Feb. 28, 2016, 5 p.m. (25 minutes).

Every few years, security vendors entice us with "next generation" security products with 0day detection and we must decide if this product will be our salvation or if it's more snake oil full of empty promises. Basic theorems of computer science mathematically guarantee that many of the claims made by sales are false without certain allowances, but that doesn't mean that the products are useless. Understand how to ask the right questions to determine if a security vendors assumptions are valid for your organization. Take a walk through the history of exploitation and computer science theorems to learn how to have an honest conversation about security products and their capabilities.

Presenters:

• Pablo Breuer - Director - Center for Information Warfare and Innovation   as Pablo "@Ngree_H0bit" Breuer
  Pablo is a computer scientist and INFOSEC professional with over twenty years experience in the public and private sector. He is currently the director of the Center for Information Warfare and Innovation, a military associate professor at the Naval Postgraduate School in Monterey, CA and lecturer at California State University Monterey Bay. He collects malware, 'sploits and memes.

Links:

• https://bsidessf2016.sched.com/event/661D/why-its-all-snake-oil-and-that-may-be-ok

Similar Presentations:

• 33C3 (2016) / In Search of Evidence-Based IT-Security: IT security is largely a science-free field. This needs to change.
• BSidesLV 2016 / Why it's all snake oil - and that may be ok
• DEF CON 12 (2004) / Snake Oil Anonymity