DeepSec 2019 Talk: Security Analytics and Zero Trust — How Do We Tackle That? — Holger Arends *

For many years we’ve all been in an arms race, fighting daily against new malware varieties and new attack techniques that malicious actors use to fool us and compromise our systems. Many of us rely on state of the art safeguards and have invested tremendous amounts in defending our systems and networks, yet even so, important data is still leaked or important systems are compromised.

Firewalls, IDS, IPS or SIEM systems are often unable to prevent or detect attacks. Questions are often raised: “why?” and “how?” is it possible these attacks stay undetected for long periods of time, considering the significant investments into cyber security. And so it seems obvious to say that with the introduction of IoT devices, unmanaged BYOD, combined with legacy systems and end to end encryption, the future will be a difficult place to stay safe and secure in.

In late 2017, we asked ourselves the following questions. Is it possible to defend our networks and systems by relying mainly on traffic-related analytics and related prevention? Are we able to achieve knowledge and certainty about endpoints and their associated technologies? Furthermore, does this allow us to distinguish attacks and/or malicious activities from benign activities, even on encrypted channels? We also explored if it was possible for a Telco / Enterprise to integrate such analytics, considering high traffic throughput, into traditional security defences. These…