There are times when one must look toward the best interests of the customers above any competitive strategies. Security is one of those themes that has the power to unite teams across company boundaries. As the EcoStrat team builds and strengthens relationships with researchers and partners, we are sometimes faced with unique challenges that we’ve never encountered before.
In the days of the big worms, we as a company and an industry had to rise to the occasion. Today our challenges have evolved, and are a great deal more complex. As we as a collective industry rise to the occasion once again, our awareness and response must evolve as well.
Enter the dawn of the Blended Threat. Mix one part third-party vulnerability with one part Microsoft vulnerability (and blend over ice) – it sounds like a drink vying to replace the Mojito.
It’s not like these types of threats didn’t exist before, but much like format string vulnerabilities that had been lurking in code for years, no one has been talking much about blended threats in a widespread way – until now. Sure, AV vendors used the term, but they were speaking of malware displaying multiple characteristics and using several techniques to achieve their goals. We’re talking about vulnerabilities that are comprised of two or more less severe vulnerabilities.
It started not with a bang, but with a whisper -- A couple of researchers each independently reported two low/moderate severity issues to two separate companies. On their own, they seemed to both companies to be relatively low-risk. But the researcher who reported the issue to us thought of combining the two vulnerabilities, to allow remote code execution.
In a historic collaboration, both companies came together against our common enemy: security threats. Microsoft Security Advisory 953818 was born of this blended threat, and the Ecosystem Strategy Team was there with a new initiative, announced today at Black Hat: Microsoft Vulnerability Research (MSVR).
Microsoft Vulnerability Research was created as part of the evolution of Microsoft Trustworthy Computing’s work in Security Response, SDL and Security Science. This program is one of the company’s many efforts to not only improve the security of Windows, but of the entire Windows ecosystem, responsibly researching vulnerabilities in third-party software most commonly used by Windows customers. While the source of the vulnerabilities will usually come from original research at Microsoft, the program will also handle third-party vulnerability coordination for blended threats reported to us by responsible researchers, as was the case with Microsoft Security Advisory 953818.
So what's really news here? If we've been practicing responsible disclosure for years, why are we making a big deal about it now? Well, think about when you've performed a penetration test on a company's application and you happen to find a vulnerability in the underlying commercial database. That's traditionally how we used to find third party vulnerabilities--through the course of our normal security work. Now, with MSVR, we're expanding our security research focus to specifically look for third party vulnerabilities.
The MSVR program will formalize the company’s responsible disclosure efforts of working directly with affected vendors, confidentially providing them specific vulnerability information and helping them to create updates.
So in the case of this recent blended threat, along with teams across Microsoft and externally, MSVR allowed us to coordinate with the finders, and across the companies to ensure the best possible outcome for our mutual customers. Technical contacts, PR contacts -- all were involved in this effort. It was new ground for all parties, as we had never attempted a joint response to a mutual security threat that was borne of smaller vulnerabilities from each of our products.
We are often asked what our team does. This is part of it. We are the ones who can fast-track security responses that affect not just our users, but users of other people's software to make a significant impact on the safety of the entire Windows ecosystem. We help make the impossible possible. We do it with a *lot* of help from our friends, and some from our rivals. One thing is certain: While this incident may have been the first, it will not go down in history as the last. Blended threats are the new black. And we will all collectively have to become the new Chuck Norris.
Like the countries of the world uniting against a hostile alien invasion, we of all people understand that we can't do it alone. We rely on the kindness of researchers, competitors, partners, and strangers to make it all come together to help us secure our ecosystem. We are irrevocably intertwined, and so the threats that face us all are blended by their very nature.
My name is Katie Moussouris, and if I am Leia, the security ecosystem is my Obi-Wan Kenobi.
Help us, Obi-Wan Kenobi, you're our only hope.
For my final thoughts on Black Hat and more, come join me at http://twitter.com/k8em0.
*Postings are provided "AS IS" with no warranties, and confers no rights.*
Hey all – Mike Reavey here. I’ve been with the Microsoft Security Response Center (MSRC) for over five years now, and working in security for over a decade. One of the reasons I’m truly passionate about this type of work is that it’s always changing, and very exciting.
However, in some ways the security ecosystem is a very predictable place.
For example, I can almost guarantee we’ll see a lot of charts at Black Hat with arrows going “up” showing that things are still rough in the security space. And in fact, if you read George’s thoughts in a ZDNet guest editorial you’ll see things are going “up” in a lot of areas.
One other predictable activity is that following every 2nd Tuesday, after we’ve released our security updates, there’s a community of folks reverse engineering our updates and creating exploit code. Consequently, another very predictable activity is that customers always ask us which of the vulnerabilities we’ve fixed have had exploit code released each month. That’s a key factor in their risk assessment.
When we reviewed why they asked that question, one thing we realized is that not every vulnerability we release updates for has functional exploit code created. And that’s in the face of very competent people like those behind tools like Metasploit, Immunity CANVAS and Core’s IMPACT - who have systems and people geared up to produce exploit code every time we release updates.
When doing the math, roughly 30 percent of the vulnerabilities we fix each year have exploit code released. You can see more details on this analysis in the SIR (www.microsoft.com/sir). There’s a lot of reasons it’s not at 100 percent - some just aren’t interesting from an attacker’s or a pen tester’s perspective, and others only affect products that have low penetration, but some are more challenging to exploit given the way the vulnerability manifests itself. For example, a defense in depth approach may make a particular vulnerability especially hard to exploit consistently, maybe /GS causes the process to crash without any data aside from the /GS cookie being overwritten, or maybe it’s just an area of code where the system memory isn’t structured in a reliable way to gain execution.
This morning, we’ve announced an “Exploitability Index.” The Microsoft Exploitability Index is designed to provide additional information to help customers better prioritize the deployment of Microsoft security updates. This Index will provide customers with guidance on the likelihood of functional exploit being developed for vulnerabilities addressed by Microsoft security updates.
This index will attempt to predict if a vulnerability is likely to have functioning exploit code released, or have inconsistent exploit code released that wouldn’t work every time an attacker attempted to used it. We’ll even highlight vulnerabilities where we think it’s unlikely that functioning exploit code will ever be released.
The first question I get when I talk about this is, “How are you going to make this assessment? “
Well, first we’ll review our understanding of the vulnerability and what it would take to exploit it with folks like our Security Vulnerability Research & Defense (SVRD) team as part of our standard MSRC process. Second, we’re also incorporating the same methodologies we’ve seen used in the community for years – some of these we’ve even had presented at our own conference, BlueHat, by folks like Halvar Flake and Lurene Greenier. And third, since, as Steve says, “it takes a village” to raise a healthy security ecosystem, we’re asking members of the Microsoft Active Protections Program to also review the vulnerabilities to check our work before we release the index each month.
Bottom line… we are giving customers more information to help their risk assessment, and that, we think, is a good thing. And a very reasonable request, given the security ecosystem’s emerging shift towards more collaboration.
I’ll be talking more about this and other Black Hat happenings at my Twitter feed: www.twitter.com\mreavey
- Mike Reavey
Yut!!! Nothing like a motivating US Marine Corps yell to get your attention. Hey Steve Adegbite here, just wanted to drop some words and give you my perspective on some of the News we (Microsoft) announced this morning.
You may have seen already we launched a trusted information sharing program for security software providers. It’s a program we created in hopes of actually helping the defenders get a leg up on protecting consumers. The Microsoft Active Protections Program will allow vetted security software providers early access to the technical details on the vulnerabilities we are addressing with each monthly security update. Microsoft is doing this in hopes that we can give the defenders more time to produce timely signatures. Basically, in doing this, we’re betting that cutting out the time to reverse engineer our security updates will give valuable time back to the defenders to focus on protection enhancement and faster delivery.
Most of the security community knows me from my work with the military and government before coming to Microsoft (i.e. founder of the USMC Information Assurance Red Team). One thing I harped on was that I believe security has to take a community-based focus. One aspect of this community-based approach is the establishment of a "trusted information sharing" program. As a red teamer, my job was to find the vulnerable points and feed that information to the defenders via trusted information channels. This helped the defender shore up their defenses or at least let them know where weak spots existed.
Microsoft Active Protections Program is doing a similar thing, just in a "commercial" way, and without me looking for vulnerable spots in code/networks at 3:45am. It’s not enough to point the finger at one entity and say “Fix it.” Those of us who belong to the security ecosystem must own the problem, and share in the solution.
I believe in this so much that when the opportunity arose to run for the steering committee at FIRST, I couldn’t miss it. I am glad Microsoft saw the same value, as they have allowed me to do this as a two-year commitment. That shows tremendous dedication to the idea that security at large is an ecosystem problem. But more on that in another time on this blog.
The point here is that everything can be addressed with the right collaborative effort. Microsoft gets that and is doing its part. The next upcoming year you’re going to see a lot of that action shining through in all arenas we engage on for security. Stay tuned and remember it takes a village to raise a child...but the digital village is where I live, and we are working together to raise a great and safe cyber ecosystem for consumers to enjoy.
For more of my insight live from Vegas check me out on twitter at www.twitter.com\SteveAdegbite
- Steve Adegbite
Tomorrow, Steve Adegbite, Katie Moussouris and I will give the first ever Microsoft Security Response Center (MSRC) talk at Black Hat, Las Vegas. Yes, Microsoft has presented at Black Hat before, and actually has a pretty long history of participating in this con, but this is the first time the MSRC itself has hosted a talk.
So what’s the big deal?
Well, as you may have heard, we’ve announced a couple new programs this week (See Microsoft’s Virtual Press Room) that mark a real shift in how we approach the issue of security. This talk will disclose all the juicy details of all three programs (yes, there’s a third program...Katie will tell you all about it!), include demos of the vulnerability information we will share as part of the Microsoft Active Protections Program Steve’s created, show you what our “Exploitability Index” looks like, and give you all the context you’ll need to understand the how’s, why’s, and where’s that led us up to this stage!
While saying we want to help “secure the planet” is a bit assuming, the reality is that we realize no one can address evolving security threats alone. One of the key themes of the talk, and indeed one of the key themes of our continued commitment to taking Trustworthy Computing to the Internet, is that through collaboration and shared intelligence, the security industry can better anticipate, respond and work together to address threats. This talk will illustrate how these innovative programs come together to help enhance security through collaboration and information sharing.
So if you’re here on the ground, come join us tomorrow at 3:15 in Roman Ballroom. And, of course, if you’re unable to catch us at the conference, the best bet is to follow us on Twitter:
http://twitter.com/mreavey
http://twitter.com/SteveAdegbite
http://twitter.com/k8em0
Update: Room #.
The air was thick with adrenaline and action as the teams battled each other for the top spot at Microsoft’s Defend the Flag (DTF) training at Black Hat USA. The heat of Vegas seems a fitting place for such contests, pitting attacker against victim, in a race among teams to prevail as the strongest, the fiercest, the most tenacious defenders of their systems. Unlike Capture The Flag (CTF), the scoring is done exclusively on defensive capabilities. Teams are simultaneously attacking other teams’ systems, while trying their best to keep their own up and running. Take no prisoners, capture no flags – it’s a binary battle to either win or lose, and it’s all about how you play the game.
Armed with a suite of defensive techniques taught by our delivery partners, iSEC Partners, and Immunity’s latest CANVAS exploit framework, the players have the basics for what can be deemed a security pick-up game of 21. The training is delivered over two days, with day one a hands-on tutorial lab focusing on attack techniques and learning how to use the exploit framework in the morning, taught by Dave Aitel and Bas Alberts of Immunity. The afternoon of day one was taught by Brad Hill and Andrew Becherer of iSEC Partners, applying host hardening, forensics, and incident response techniques. Day two is an all-up melee-style competition, where the class is divided into teams of three or four players each. Each team has both attackers and defenders, and roles are switched throughout the day to make sure everyone gets to experience firsthand the power of modern-day attack tools, and the thrill of successfully beating back an onslaught at the front lines.
Some may wonder why we are teaching students how to use an exploit framework as part of this course. If the point is on defense, why take up time with any offense? It is to provide the appropriate framework for students (mostly IT Professionals who are new to security) to internalize the threats they face each day. Rather than spread FUD, we show a real modern commercial-grade toolkit to demonstrate just how easy it is for attackers to take advantage of unhardened systems that haven’t been updated. It is the best way to drive the point home beyond a shadow of a doubt: patch or perish; harden or get hacked.
Besides, we are not teaching new exploit techniques, but rather showing what is already widespread and publicly available. From a lock picking debate in the 1800’s regarding revealing the tricks and tools of the trade:
“Rogues are very keen in their profession, and know already much more than we can teach them respecting their several kinds of roguery.”
Since we know that roguery abounds, and that attacks are becoming much more sophisticated and innovative, we must keep pace by understanding their trade. We must learn how to use their tools and tricks in order to educate the next generation of Windows defenders.
But here’s the real twist – DTF doesn’t allow updating! That’s right, we throw a monkey wrench into the works by taking away one of the most effective security measures available. We toss the students into shark-infested waters and expect them to swim to safety. How? By employing defense in depth measures. Why? Because this is too often the real world reality in deployed networks. Either IT Pros can’t apply updates right away due to testing requirements, or they can’t update at all due to the risk they deem to critical infrastructure. This is the real-world dilemma, and DTF provides the tools to help IT Pros manage it in a heart-thumping, fist-pounding, tooth-grinding race to the finish line.
As the points stacked up on Day two, the tension mounted to a palpable pulse. Team “Defenders” held an early lead throughout the morning, with Team “OneEqualsOne” taking second place over Team “DivideByZero”, until “DivideByZero”’s Windows Server 2003 was pwned so badly that it had to be rebuilt from scratch. The afternoon brought new challenges, as each player had to switch out of the roles they had grown comfortable with in the morning – attackers now had to defend, while former defenders took on the attack role within each team.
There was also a bonus round with a physical twist, where each team had to play out the scenario that an intruder had gotten physical access to their systems. Each team hardened their systems as best they could, and then physically left them in the hands of the other teams, while they in turn attacked their opponents’ systems. When each team returned to home base, they had to figure out what their opponents had done during the physical access (planted Trojans, disabled firewall rules, etc.) and recover control of their systems.
It was a dead heat, with each team within 25,000 points of each other, out of a possible 300,000. Team “OneEqualsOne” almost took the lead until the physical challenge left them without a firewall enabled for a few critical minutes.
The fine line between security and functionality was tested by all teams, until finally a winner prevailed with Team “Defenders”. Their prize? A sense of what to do when they are under attack (which they really are, every day), the knowledge of how to harden their systems in the first place, and copies of CANVAS for each team member to take back to their real networks to make sure they have taken the right steps toward defending their actual flags.
Making our stand against attackers is something we must do with the help of the very attack tools that we are up against as defenders. Whether it is CANVAS, Core IMPACT, or MetaSploit, the tricks of the trade are growing more sophisticated and easier to use each day. Defend The Flag is a program that can help educate the legions of Windows defenders, even in the face of tough choices when it comes to their ability to run the latest and greatest versions of all software. In the hands of a defender, these are part of a necessary suite of tools and techniques to help tip the balance to keeping systems and networks secure.
In a world where roguery abounds, we as defenders must be doubly prepared to meet the challenges as they arise.
- Katie Moussouris
For more on this and Black Hat, join the conversation at http://twitter.com/k8em0
Update Title: 10:13am
My name is Zot O'Connor and I am a computer genius. Really, the Seattle Post-Intelligencer says so . Okay, not directly, but I was one of the group of "computer geniuses" converging on our campus back in March because of this DNS issue. I am not a programmer, so what was I doing there? Fulfilling one of the roles of the EcoStrat team, being a trusted advisor and helping prove it "Takes an Internet Village."
Shortly after Dan Kaminsky discovered the design issue, he and Dave Midturi (the MSRC Security Program Manager working on the issue) realized that this was an industry issue and holding a summit at our campus right after CanSecWest would maximize the opportunity for getting the real geniuses in the room. They came to me and Katie Moussouris for help with organizing and making this process successful.
Our team swung into action, taking care of the hosting details (which we do for events like BlueHat), reviewing the list of invitees, and offering advice when asked. We knew this could be rough: we are talking about a coordinated release of open source, proprietary and embedded software, each with different distribution methods and issues. We are also talking about a diversity of personalities, philosophies and skills.
At the event itself I was impressed with how everyone checked their egos, emotions and issues at the door and focused on the grave problem at hand. A plan was formed, a schedule set and communication channels determined. Everyone left knowing what we had to do, except maybe Dan and me.
Personally, I set up channels to inform more partners as the update was rolled out. I've been spending a lot of time getting folks to understand the gravity of the situation and to pass the word to the rest of the communities. As the details and exploits have emerged, that task is easier, but laying the groundwork certainly sped up adoption rates.
This issue goes to the heart of community-based defense. No one DNS server provider can fix the problem. A combination of our experience in working across boundaries, the dedication of the convened group and the support of global security communities showed how we can collectively provide protection for the ecosystem.
I enjoyed Dan’s talk today here at Black Hat, worry about attacks that may come, and wish I could wave a magic wand and get everyone to update their systems. In the meantime, I will continue to work with the ecosystem: together we are monitoring for attacks, analyzing information, coordinating data feeds and sharing information that can help protect users.
Once we get a handle on that, I’ll try to figure out how to add "computer genius" to my official title...
- Zot O'Connor
Hey Andrew Cushman here…
It’s that time of year, August in Vegas, time for the big show, it’s Black Hat time… Along with the vivid memories of crowded briefing rooms, the critical mass of security talent, great side conversations, and the ever present "ching-ching" of slot machines - this year, it brings up thoughts of where Microsoft, the Microsoft Security Response Center (MSRC) and our commitment to Trustworthy Computing (TwC) have been and keen anticipation of where we’re going.
I read the headlines about online threats evolving and get a firsthand look at that evolution and the scope of what we’re facing. As attacks become more complex, stealthier, and increasingly targeted, the security industry is forced to adapt and to innovate in step. We can and will continue to develop new technologies, new best practices, and educational offerings (check out “Defend the Flag”). Even with these investments and changes, the reality is that security is not a problem that can be solved, and it’s a problem where the complexity often leads to more insecurity.
The industry is reaching a point where delivering an acceptable level of security today is beyond what one company can do alone. There’s real merit in the cliché “It takes a village….” It’s time that we approached this problem collectively—industry, partners, customers, and public organizations—acting together to improve the broader security ecosystem. Think of it as Community-Based Defense, where we commit our skills and strengths to defend beyond our boundaries to protect our common customers.
In that spirit, look for several announcements from Microsoft this week that reflect the growing importance industry collaboration and information sharing play as we shift to Community-Based Defense. It’s time for the industry to come together—researchers, vendors, and the like—to take security innovation and defense to the next level.
I’m excited to be in Vegas and be a part of the announcements this week. This is a fundamental shift for Microsoft and the ecosystem. This is one case where ‘what happens in Vegas’ doesn’t apply.
- Andrew Cushman
I affectionately call this time between summer conferences, the black and blue phase, where I wear security like a Hypercolor t-shirt, changing colors depending on where we are in our conference shipping and planning cycles. We just shipped a successful Black Hat and we are within T-minus 60 days until BlueHat v8.
Although the BlueHat v8 schedule has yet to be formally announced, there has been some early buzz around the speaker line up and I can assure you the two days of cutting-edge content will not disappoint. Please keep an eye out for speaker line-ups, abstracts, and bios, which will be posted on the BlueHat TechNet Security Briefing Page in the next couple of weeks. As always, keep up with the rolling thunder of the BlueHat Blog, which highlights internal and external BlueHat speakers from past, present, and (hint, hint) future.
But let’s back up for a second, what is BlueHat and what are the goals of this conference in the ever-evolving security industry?
First, we believe in educating our own because only when we truly comprehend our security reality, can we begin to defend ourselves and anticipate mitigations for the looming threats on the horizon. We educate our own by making BlueHat an invitation-only conference where our Microsoft developers, security engineers and product teams can receive security training credits for attending. Since security is not a spectator sport, we also encourage Microsoft employees to present alongside the external researchers recruited to present. We try and stay as transparent as possible with all our speakers, so none of the talks are under NDA.
Second, we use BlueHat as a vehicle for our partner and product teams to outreach to the security community. At every con out there, everyone knows that the “hallway track” is often the most fruitful and interesting. We seed our hallway track at BlueHat deliberately to maximize everyone’s experience. Countless introductions and targeted outreach occurs on the sidelines while the talks are going on. Researchers meet developers, speakers meet architects, CERTs meet security strategists—you name it, everyone’s engaging and the best part is it can take new relationships to a completely organic state far beyond our wildest expectations. Only at a venue like BlueHat could we pair two independent security researchers to do research on Silverlight in conjunction with the Silverlight & Adobe teams, and then have them present the results. Their presentation went so well that Manuel Caballero and Fukami won the “International Tag-Team Patches Award” at the BlueHat v7 Community Dinner, highlighting this alliance.
Third, BlueHat promotes Microsoft’s responsible disclosure policy, with the goal of coordinated release of an update and public disclosure of the vulnerability details. We also promote responsible disclosure with all of the conferences our team sponsors worldwide and ask conference organizers to promote vendor notification and the coordinated release of updates and vulnerability information.
The BlueHat Planning Team strategically invites security product vendors, security researchers, security officers, members of security response teams and past BlueHat speakers to engage while propelling MSRC values in real-time with a human face.
An almost overwhelming pupu platter of submissions sits before us; limitless in possibilities and all the better to educate our developers and execs with. Along with the great privilege of reviewing these submissions with the fellow members of the BlueHat Planning Team, comes the bittersweet burden of nailing down the final talks to exceed our audience’s expectations. The cool part is we get to immediately start working on the next BlueHat as it’s the best way to stay current on the latest trends around security and privacy.
- Celene Temkin, BlueHat Project Manager
What can I say? Once again, Black Hat did not disappoint. And that’s not just post-party speak. The conversations were good, the input was invaluable, and the support for the new programs we launched—well, it’s been overwhelming. The vibe in the MSRC “Helping Secure the Planet” presentation was great, the audience was engaged and had plenty of questions and Mike, Katie and Steve demonstrated the depth of talent and commitment in the MSRC. We’re excited to take that momentum and move it forward.
Our hats are off to the awesome Black hat team for putting on another great conference. I only wish I could have made it into more sessions. Among briefings with media on our news, reconnecting with old friends and making new ones, and fielding a steady flow of invite requests for the party, the time just flew by. But hey, I did manage to introduce Rod Beckstrom for his keynote and got a tweet in on that.
And how about Twitter? I didn’t imagine I would enjoy it so much and who'd have thought it would drive so much conversation at the show? We had fun participating and watching the discussions unfold. It’s been a great channel to share news and carry on further about some of the presentations and event happenings. I especially enjoyed Ryan Naraine’s play-by-play at the Pwnie Awards.
And about the Pwnie Awards, I want to echo my thanks for the “Most Epic Fail” Honorable Mention. Rest assured we’ll be back next year with the same commitment to security engineering!
I’m also really excited about our new EcoStrat blog (http://blogs.technet.com/ecostrat/). The team has written some great posts. The blog provides an opportunity for the EcoStrat team to “show our work” and provide a good look behind the scenes on what we’re doing and how we’re working with the broader security community. We will continue to take advantage of opportunities so as to continue a dialogue.
This week really has solidified a fundamental shift for Microsoft and it’s been refreshing to see that shift in perception and reception towards us at the conference—from what used to be a focus on free drinks and invites to a genuine interest in what we’re offering and how we’re engaged in the security community.
I’m sure good times were had by all here at the show, and our hope, and commitment, is that what happened in Vegas, particularly what we announced in Vegas, does not stay in Vegas.
One researcher, one community, one hacker at a time we are building a community-based defense to help secure our customers, our partners and the Internet.
The Microsoft EcoStrat (Ecosystem Strategy) team, part of Microsoft's Security Response Center (MSRC), operates at the intersection of technology and people. We strive to understand how vulnerabilities affect the Internet as a whole. This blog is our opportunity to talk about our work within some of these ecosystems, from the front lines.
As a member of the team, the thing I love most about this job is solving complex security issues with the people we get to engage with all across the world as part of the "security ecosystem," that is, the interconnected pool of security researchers, guidance providers, and some who would consider themselves hackers. Many of whom run the world's largest security software protection companies networks and infrastructures, and conduct research for fun and profit. These people find and report vulnerabilities, exploit vulnerabilities, fix vulnerabilities, protect customers and keep us on our toes.
A lot of what drives us is our aspirations, our hopes, if you will. Our hope that by bringing together people and policy within different organizations, we can increase trust, better defend our ecosystems and ultimately help secure our planet from malicious software threats.
Our hope is that, by being more transparent about our work in various security ecosystems and regions around the world, a message will be heard: Nobody can” secure the planet” on their own. No one product, no one company.
Knowing that, we work with a variety of communities around the world. Being a hub for many communities has its ups and downs - but the people and technology at these intersections are always interesting, Opportunities for collaboration abound – with fire drills that can polarize our internal and external security communities. Also these broad interactions expose us to all types of information and trends – improving our ability to be a harbinger of future threats, and to mitigate them by creating new intersections of technology and people.
The EcoStrat team’s next chance to interact with our security ecosystem is next week at Black Hat USA, we look forward to bringing commentaries and announcements from the Black Hat briefings.
- Sarah Blankinship