For every security engineer you train, there are 20 or more developers writing code with potential vulnerabilities. There’s no human way to keep up. We need to be more effective with less resources. It’s time to make security a fully integrated part of modern software development and operations.
It’s time to automate.
This year’s THREADS will focus exclusively on automating security. In this single forum, a selection of the industry’s best experts will present previously unseen in-house innovations deployed at major technology firms, and share leading research advances available in the future.
Buy tickets for THREADS now to get the early-bird special (expires 10/13).
DARPA Returns – Exclusive
If you attended THREADS’13, you know that our showcase of DARPA’s Cyber Fast Track was not-to-be-missed. Good news, folks. DARPA’s coming back with a brief of another exciting project, the Integrated Cyber Attribution System (ICAS). ICAS enables streamlined detection of targeted attacks on large and diverse corporate networks. (Think Target, Home Depot, and JP Morgan Chase.)
We’ll hear from the three players DARPA invited to tackle the problem: Invincea Labs, Raytheon BBN, and Digital Operatives. Each group attempted to meet the project goals in a unique way, and will share their experiences and insights.
World-Class Speakers at THREADS’14
Robert Joyce, Chief, Tailored Access Operations (TAO), NSA
As the Chief of TAO, Rob leads an organization that provides unique, highly valued capabilities to the Intelligence Community and the Nation’s leadership. His organization is the NSA mission element charged with providing tools and expertise in computer network exploitation to deliver foreign intelligence. Prior to becoming the Chief of TAO, Rob served as the Deputy Director of the Information Assurance Directorate (IAD) at NSA, where he led efforts to harden, protect and defend the Nation’s most critical National Security systems and improve cybersecurity for the nation.
Smten and the Art of Satisfiability-based Search
Nirav Dave, SRI
Reverse All the Things with PANDA
Brendan Dolan-Gavitt, Columbia University
Laszlo Szekeres, Stony Brook University
Static Translation of X86 Instruction Semantics to LLVM with McSema
Artem Dinaburg & Andrew Ruef, Trail of Bits
Transparent ROP Detection using CPU Performance Counters
Xiaoning Li, Intel & Michael Crouse, Harvard
Integrated Cyber Attribution System (ICAS) Program Brief
Richard Guidorizzi, DARPA
TAPIO: Targeted Attack Premonition using Integrated Operational Data Sources
Gestalt: Integrated Cyber Analysis System
Federated Understanding of Security Information Over Networks (FUSION)
Building Your Own DFIR Sidekick
Scott J Roberts, Github
Operating system analytics and host intrusion detection at scale
Mike Arpaia, Facebook
Reasoning about Optimal Solutions to Automation Problems
Jared Carlson & Andrew Reiter, Veracode
Augmenting Binary Analysis with Python and Pin
Omar Ahmed, Etsy & Tyler Bohan, NYU-Poly
Are attackers using automation more efficiently than defenders?
Marc-Etienne M.Léveillé, ESET
Making Sense of Content Security Policy (CSP) Reports @ Scale
Ivan Leichtling, Yelp
Automatic Application Security @twitter
Neil Matatall, Twitter
Cleaning Up the Internet with Scumblr and Sketchy
Andy Hoernecke, Netflix
CRITs: Collaborative Research Into Threats
Michael Goffin, Wesley Shields, MITRE
Don’t miss out. Buy tickets for THREADS now to get the early-bird special (expires 10/13). You won’t find a more comprehensive treatment of scaling security anywhere else.