The NoN Evolution of

SecurityMatt Suiche

@msuiche / m@comae.ioFounder, Comae Technologies

About us UAE-based Cyber Security start-up

Building the most comprehensive and powerful memory forensics platform of the industry.

Services / Advising

Founded by Matt Suiche Co-Founder & Chief Scientist of CloudVolumes (VMware AppVolumes) Microsoft MVP Enterprise Security since 2009 BlackHat Review Board Member Shakacon Program Committee

More and more companiesSource: Crunchbase

More and more fund raisersSource: Crunchbase

More and more moneySource: Crunchbase

2010-2016Source: Crunchbase

Top acquirersSource: Crunchbase

Top startupsSource: Crunchbase

Critical Exploitable Vulnerabilities

Vulnerability trends Up and Down

Increased investment cost per exploit

5 Critical Attributes1. Identify2. Protect3. Detect4. Respond5. Recover

5 Critical Attributes1. Identify2. Protect3. Detect4. Respond5. Recover

Top current trends Endpoint Protection Platform (EPP) Endpoint Detection and Response (EDR) Next-Generation Anti Virus

EPP and EDR will most likely consolidate in the future.

Top #10 BlackHat USA 2016 talks The Linux Kernel Hidden inside Windows 10 by Alex Ionescu Measuring Adversary Costs to Exploit Commercial Software: The Government- Bootstrapped

Non-Profit C.I.T.L. by Mudge + Sarah Zatko Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX by Yeongjin Jang

+ Sangho Lee + Taesoo Kim Keystone Engine: Next Generation Assembler Framework by Nguyen Anh Quynh Advanced CAN Injection Techniques for Vehicle Networks by Charlie Miller + Chris Valasek Demystifying the Secure Enclave Processor by Tarjei Mandt + Mathew Solnik + David Wang Analysis of the Attack Surface of Windows 10 Virtualization-Based Security by Rafal Wojtczuk Windows 10 Mitigation Improvements by Matt Miller + David Weston DPTrace: Dual Purpose Trace for Exploitability Analysis of Program Crashes by Rodrigo Branco

+ Rohit Mothe Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network by

Neil Wyler + Bart Stump

References https://medium.com/@msuiche/infosec-why-be-a-criminal-when-you-can-be-ric

h-cde579a35a99#.qaewr4eir https://medium.com/@msuiche/infosec-top-acquirers-and-top-start-ups-cabc0e

a7f74a#.p2a7cn8fc https://medium.com/@msuiche/infosec-top-acquirers-and-top-start-ups-cabc0e

a7f74a#.p2a7cn8fc https://medium.com/@msuiche/infosec-ipos-vs-acquisitions-ff40f45e7cfd#.aq8

dawjei https://www.blackhat.com/us-16/schedule.html http://blogs.gartner.com/anton-chuvakin/2015/12/03/where-does-edr-end-and-

ng-av-begin/

Contactm@comae.io (@msuiche) or support@comae.ioMore information on www.comae.io (@comaeio)