Session Title:

“Moving Beyond Reactive Defenses: Exploring Proactive Cybersecurity Solutions"

Session Detail:

1) Proactive vs. Reactive Cybersecurity

   a) Majority of existing cybersecurity solutions are reactive

      i) Software-only solutions

      ii) Temporary protections

      iii) Create an endless cycle of attack-followed-by-defense

      iv) As an alternative, resilience has been introduced as a solution for the new era of cybersecurity

   b) Persistent proactive solutions are needed for preventing damages from cyber attacks

      i) Proactive approach theoretically replaces the existing reactive approaches

      ii) Discussion on why proactive protections are not widely available or introduced to the cybersecurity community

      iii) Review of existing proactive approaches, including hybrid-approach—CoreGuard, hardware-based protection

      iv) Introducing a million-machine language hopping at random time periods for immunizing all types of computing systems

 

2) Introduction and discussion on

Abstract:

​The session will focus on the comparison between proactive and reactive cybersecurity protections. While reactive protections have been the foundation of existing cybersecurity solutions, proactive protections have not yet been introduced widely in the cybersecurity community. The session will also discuss the detection of unauthorized programs at various levels of the cybersecurity stack, and viable research and development ideas and activities for future cybersecurity solutions. The talk will explore the feasibility of true proactive protection that eliminates the roots of threats, and will reconsider the potential paradigm shift that may bring reforms to the security industry and influence future R&D directions.

 

Quick Abstract:

 In this session, we will explore three types of cybersecurity approaches - software-based, hardware-based, and hybrid - to understand their resilience and implications for the emerging security paradigm shift. Through a comprehensive analysis of these approaches, we will rethink the current cybersecurity landscape and identify potential shifts in the industry's security strategies.

​

Submitter's Comments:

In this session, we will introduce and discuss an emerging "proactive protection" technology as a hybrid approach that aims to eliminate the reliance on security software. We will present a few examples of this approach and discuss the achievable level of protection compared to other software- and hardware-based approaches. Specific examples will be shared to illustrate the potential of this innovative approach in the field of cybersecurity.

​

Session Classification:

General Interest - This classification is used for compelling strategic sessions and introductions to new technology.

​

Prerequisite Knowledge:

General or intermediate knowledge of Cybersecurity, Computer Architecture, OS, Compiler, Apps, Communication

 

Why Is Your Presentation Vital To RSA Conference Attendees?:

This talk will explore the feasibility of "PROACTIVE PROTECTION" in cybersecurity, which aims to eliminate the roots of threats. By discussing the potential paradigm shift that this approach may initiate, attendees will have the opportunity to rethink the direction of the security industry, drive reforms, and shape future research and development directions. This presentation is essential for RSA Conference attendees who are interested in staying at the forefront of cybersecurity advancements and exploring innovative approaches to enhance threat mitigation and resiliency.

 

Security Tags:

This presentation will focus on key cybersecurity applications, including cloud security, data security, Internet of Things (IoT), autonomous cars/robots, zero-day vulnerability, and zero trust. These critical areas pose unique security challenges and require innovative approaches to protect against evolving threats. The session will discuss current trends, best practices, and potential solutions to address these security concerns and ensure the resilience and security of these emerging technologies. Attendees will gain valuable insights and practical knowledge to enhance their cybersecurity strategies in these specific application domains.