Back To Schedule
Friday, May 17 • 11:40am - 12:30pm
Left of Boom

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The term “Left of Boom” was made popular in 2007 in reference to the U.S. military combating improvised explosive devices (IEDs) used by insurgents in Afghanistan and Iraq. The U.S. military spent billions of dollars developing technology and tactics to prevent and detect IEDs before detonation, with a goal of disrupting the bomb chain. This is an analog to cybersecurity as we strive to increase the incident prevention capabilities of our security tools and where we can’t prevent attacks, augment prevention with incident detection and response tools.

If you feel that you don’t have the cybersecurity evidence to know, empirically, what’s working, what’s not, how to fix it, how to verify the fix worked, and how to make sure it stays working across your security tools, your people, and the processes they follow, this presentation is for you.

There is an urgent need for evidence in cybersecurity regarding the effectiveness of specific systems as well as the overall security systems of systems. Are my security tools preventing, detecting, logging, correlating, and alerting? Does the new configuration, patch, rule, or signature result in what was intended? Are systems that were working before still working or have they drifted from a known good state? Without evidence about our security effectiveness, how can we ever empirically answer these questions and get our organizations to the “left of boom?”

Studies across endpoint, network, email, and cloud security tools have established that, on average, we’re only getting about 15-25% effectiveness out of our incident prevention security tools. When it comes to incident detection, it’s as low as 25-35% effectiveness. And for SIEMs, their ability to effectively correlate and alert ranges between 0-45%. We haven’t put a big enough dent in our risk profile and we’re wasting time, money, and resources by not getting value from these security tools. In most cases, the problem isn’t that we have bad technology or ineffective security teams. Instead, it’s an inability to effectively measure, manage, improve, and communicate the security effectiveness of our security tools in a scalable manner that results in actionable evidence.

From a leadership perspective, we’re not able to communicate our security effectiveness to executives based on evidence because we don’t have the evidence. This is devastating, as cybersecurity isn’t about cyber risk – it’s about the financial and operational risk from cyber. Without evidence, executive decision makers can’t do their jobs effectively when it comes to protecting shareholder value, revenue, and reputation.

This presentation will demonstrate automated methods to mitigate these problems. It will identify approaches that you can apply to improve the effectiveness of your security tools, security teams, and processes. Following this presentation, you’ll be able to develop your own strategy to get “left of boom.”

avatar for Brian Contos

Brian Contos

CISO & VP Technology Innovation, Verodin
Brian Contos is the CISO & VP Technology Innovation at Verodin. He is aseasoned executive with over two decades of experience in the securityindustry, board advisor, entrepreneur and author. After getting his start insecurity with the Defense Information Systems Agency (DISA) and... Read More →

Friday May 17, 2019 11:40am - 12:30pm PDT
Terrace Lounge