Triangulating a Sustainable Revolution

Charles Herring 3 September 2020
George Washington

By the end of 2015 it was clear to me that the craft of cybersecurity was broken. My mind continuously compared SECOPS with other mature crafts that I had observed and executed, and it bothered me to the point of stealing peace and sleep. I decided I was going to start a revolution to “Build the tools and data needed to enable the craft of cybersecurity operations to mature.” This focus formed the mission of WitFoo and the battle cry for the revolution. Most revolutions fail because there is a myriad of devious factors stacked against them. Most Davids are murdered by Goliath. It is very rare for bold, underdog revolutions to succeed. We knew that even before we filed Articles of Incorporation. We knew to deliver sustainable, healthy change into a toxic market, we were going to have to have a set of plans resilient to the dangers and evils that existed.

The Rock & Roll of Startup Development

Charles Herring 1 August 2020
Led Zeppelin

Rock On

For the last 4-5 years of running with the WitFoo revolution, I have constantly had to defend our small team. In the early days, potential investors would remark, “You can’t get all this done with such a small team.” Now that we have accomplished building the product, the go-to-market strategy, have many happy customers we are still told, “I don’t see how you can get so much done with such a small team.” I want to respond with “that seems to be a problem with your ability to see since we’ve already done it and you are looking at it,” but I realize that is not going to help the situation.

In dealing with customers, analysts, partners and investors I am regularly faced with having to decide whether I should acquiesce and deliver what they want or try to teach them why they should change their minds and accept what I believe they need.

ExploitCON West 2020 Slides – Metric Driven SECDEVOPS
ExploitCon
Charles Herring

Slides of our talk can be downloaded here.

Details on the session are available here: https://exploitcon.com/#/west

WitFoo Global Community Indicator of Compromise (IOC) Feed Demo

Charles Herring 10 May 2020
Indicators of Compromise

WitFoo’s Global Indicator of Compromise feed is a secure and reliable way for the WitFoo community to share intelligence about emerging threat sources.

The feed is updated in near-real time as attacks occur across the WitFoo Community. It consists of the IP address and hostname of the attacking source, the tools and methods that the community is using to detect the threat and how many incidents the source has been a part of across the community.

Hits in the feed are automatically shared across the entire community and big data stacks of each deployment are retrospectively analyzed to find hits that may have been missed. All records including firewall, proxy, EDR and NetFlow records are checked for communications with the known bad indicators.

Secure360 2020 Slides – Metric Driven SECDEVOPS
Secure360
Charles Herring

Slides for our talk at Secure360 2020 can be downloaded here.

Details on the session are posted here: https://secure360.org/session/charles-herring-metric-driven-secdevops/?conference=11809&date=20200505

An Ounce of Prevention is Worth a Pound of SOAR
Tool Effectiveness
Charles Herring

Later today I am headed to see my surgeon to schedule a proceedure. I need to have a surgery that is going to leave me off my feet for a week or more. My family will have to pick up the slack at home and my co-workers will have to take on my share of the work. The surgery is disrupting to my life and carries with it a measure of enduring risk. The most troubling thing is it could have been prevented had I adopted some healthier habits earlier in life. An ounce of prevention is worth a pound of cure. 

Metric Driven Development

Charles Herring 29 October 2019

Abstract

Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development. It will cover the following topics:

Metric Driven Development Presentations
Metrics
Charles Herring

From  IIA/ISACA IT Hacking Conference : Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development

Breaking NBAD & UEBA Talk
Cloud of Death
Charles Herring

From DEFCON & GrrCON: Network Behavior Anomaly Detection (NBAD) and User and Entity Behavior Analytics (UEBA) are heralded as machine learning fueled messiahs for finding advanced attacks. The data collection and processing methodologies of these approaches create a series of new exploitable vectors that can allow attackers to navigate network and systems undetected. In this session, methods for poisoning data, transforming calculations and preventing alerts will be examined. Proof of concept code will be demonstrated and made available. Approaches to harden against these attacks will also be discussed as well as outlining needed changes in detection standards.

Subscribe to cybersecurity