The Magic of Symbiotic Security Creating an Ecosystem of Security Systems

The Magic of Symbiotic Security Creating an Ecosystem of Security Systems

Henry Dalziel | Hacker Hotshots, Latest InfoSec News | July 10, 2013

We are delighted to have Dan Cornell, Principal and Owner of the Denim Group on Hacker Hotshots July 16th.

His presentation, titled: “The Magic of Symbiotic Security Creating an Ecosystem of Security Systems” is going to be special.

About Dan Cornell
Dan Cornell has more than a decade of experience developing web-based software systems. The Denim Group, which Dan founded in 2001, makes software and the applications secure. The obvious benefit here is that firming and securing software minimizes risk: something which every organization on the planet craves for. Like other Hacker Hotshot speakers that have appeared on our web show, the Denim Group, especially Dan, is also deeply involved with the Open Web Application Security Project (OWASP). In fact, Dan is the founding coordinator and chairman for the Java Users Group of San Antonio (JUGSA) and currently serves as the OWASP chapter leader in San Antonio, he’s a member of the OWASP Global Membership Committee and the OWASP Open Review Project. If OWASP is of interest to you then Dan is your Man! You can either contact him via the live web show or by contacting him over at The Denim Group.

The Presentation and Talk on July 16th
The title of the event – especially the term “Symbiotic Security” is of interest. At AppSecUSA 2012 Dan describes the term as ‘the ability of a tool to consume data from other tools or provide data to other tools.’ In fact – our understanding – is that the term ‘symbiotic’ in this context also refers to the way we make purchases – i.e. our decision making criteria. An example Dan has previously given, and one which he might elaborate July 16, is that of purchasing an Intrusion Detection System. Typically the CTO or CEO would review options over at Gartner, review the features of the security tool and then make a decision. Central to researching the Intrusion Detection System (IDS) is the premise that as a system it can send and receive data – and hence this ‘partnership’ (our words!) of data is symbiotic.

Main Points
There are several points that Dan will highlight during his talk, firstly, that IT InfoSec teams work better when their tools talk to one another. Secondly, Dan is going to talk about how using the open source ThreadFix application vulnerability management platform makes security tools communicate better with one another, and thirdly, how security teams benefit from these interactions.
If you are at BlackHat USA 2013 then you are in luck because Dan will be demonstrating ThreadFix.

What is ThreadFix?

In summary, ThreadFix is a software program that is, quote:

“..a vulnerability aggregation and management system that helps organizations aggregate vulnerability data, generate virtual patches, and interact with software defect tracking systems.”

With regards to software vulnerabilities there are really two broad causes of failure, or security weaknesses: those caused by insufficient testing and those by a lack of a well-documented audit trail. Our understanding is that ThreadFix can help remedy this – but we would really recommend that you listen to expert Dan Cornell explain this security tool. We have several other excellent Hacker Hotshot events this July and August 2013 which we would encourage you to learn from! All links are permanent and the video interviews/ presentations will be ever-green so enjoy them at your leisure!

Please don’t forget to ask Dan questions before, during and after the event, either through our chat or directly with him (we can put you in touch with him if you don’t have his details).

Leave a comment or reply below...thanks!