Session Title:

“Moving Beyond Reactive Defenses: Exploring Proactive Cybersecurity Solutions"

 

Session Detail:

1) Proactive vs. Reactive Cybersecurity

   a) Majority of existing cybersecurity solutions are reactive

      i) Software-only solutions

      ii) Temporary protections

      iii) Create an endless cycle of attack-followed-by-defense

      iv) As an alternative, resilience has been introduced as a solution for the new era of cybersecurity

   b) Persistent proactive solutions are needed for preventing damages from cyber attacks

      i) Proactive approach theoretically replaces the existing reactive approaches

      ii) Discussion on why proactive protections are not widely available or introduced to the cybersecurity community

      iii) Review of existing proactive approaches, including hybrid-approach—CoreGuard, hardware-based protection

      iv) Introducing a million-machine language hopping at random time periods for immunizing all types of computing systems

 

2) Introduction and discussion on

   a) How to detect unauthorized programs at different levels of the cybersecurity stack?

   b) Viable research and development ideas and activities for the future of cybersecurity.

 

The core issues of cybersecurity have been evolving over the last three decades, and accordingly, key solutions have been continuously introduced. However, the recent cyber defense matrix identifies that only two out of five operational functions, respond and recover, have a limited number of solutions introduced across all asset classes, including devices, apps, networks, data, and users. Security experts generally agree that we are now facing a new era of "resiliency" in cybersecurity, with different types of cyber-attacks affecting integrity, confidentiality, and availability of systems after the attacks. Some experts argue that "protection" only minimizes the occurrences but does not support resiliency. Existing software- and hardware-based solutions inherently have limited coverage of protection, and therefore, resiliency becomes the ultimate function to overcome. Can we offer better protection than what is currently available? The hybrid approach, which protects CPUs including different types of processors, enables them to identify, detect, and respond to threats, and protect information and systems instantaneously. In this talk, we will introduce and discuss ongoing research and development activities involving US government agencies, academia, and industry, along with preliminary evidence from the hybrid (CPU-based) approach. We will delve into the feasibility of protection that eliminates the roots of threats immediately, which could potentially make resiliency no longer needed. This talk urges the cybersecurity community to reconsider the direction of the next paradigm shift and explore potential reforms and future R&D directions for the security industry.

 

Abstract:

​The session will focus on the comparison between proactive and reactive cybersecurity protections. While reactive protections have been the foundation of existing cybersecurity solutions, proactive protections have not yet been introduced widely in the cybersecurity community. The session will also discuss the detection of unauthorized programs at various levels of the cybersecurity stack, and viable research and development ideas and activities for future cybersecurity solutions. The talk will explore the feasibility of true proactive protection that eliminates the roots of threats, and will reconsider the potential paradigm shift that may bring reforms to the security industry and influence future R&D directions.

 

Quick Abstract:

 In this session, we will explore three types of cybersecurity approaches - software-based, hardware-based, and hybrid - to understand their resilience and implications for the emerging security paradigm shift. Through a comprehensive analysis of these approaches, we will rethink the current cybersecurity landscape and identify potential shifts in the industry's security strategies.

​

Submitter's Comments:

In this session, we will introduce and discuss an emerging "proactive protection" technology as a hybrid approach that aims to eliminate the reliance on security software. We will present a few examples of this approach and discuss the achievable level of protection compared to other software- and hardware-based approaches. Specific examples will be shared to illustrate the potential of this innovative approach in the field of cybersecurity.

​

Session Classification:

General Interest - This classification is used for compelling strategic sessions and introductions to new technology.

​

Prerequisite Knowledge:

General or intermediate knowledge of Cybersecurity, Computer Architecture, OS, Compiler, Apps, Communication

 

Why Is Your Presentation Vital To RSA Conference Attendees?:

This talk will explore the feasibility of "PROACTIVE PROTECTION" in cybersecurity, which aims to eliminate the roots of threats. By discussing the potential paradigm shift that this approach may initiate, attendees will have the opportunity to rethink the direction of the security industry, drive reforms, and shape future research and development directions. This presentation is essential for RSA Conference attendees who are interested in staying at the forefront of cybersecurity advancements and exploring innovative approaches to enhance threat mitigation and resiliency.

 

Security Tags:

This presentation will focus on key cybersecurity applications, including cloud security, data security, Internet of Things (IoT), autonomous cars/robots, zero-day vulnerability, and zero trust. These critical areas pose unique security challenges and require innovative approaches to protect against evolving threats. The session will discuss current trends, best practices, and potential solutions to address these security concerns and ensure the resilience and security of these emerging technologies. Attendees will gain valuable insights and practical knowledge to enhance their cybersecurity strategies in these specific application domains.