How I Learned to Stop Worrying and Love TLS | SANS@MIC Talk

Encryption has been the security tool most disliked by security people charged with monitoring networks. While it hides secrets from attackers, it also hides malicious activity and exfiltrated secrets from network monitoring. While the fight against encryption may seem lost (or the fight to encrypt all data may seem won), there is more you can do than turn your IDS into a crypto coin miner. Think outside of the traditional IDS box, and before you despair, remember that it didn't do much for you anyway, but produce false positives. Networks change and so need your skills and approaches to finding evil. In this talk, you will learn about all the useful things you can do once you leave the superficial glamour of analyzing payloads behind and focus on the data that matters. Become one with your network and understand its needs and desires to identify the new evil your IDS never told you about. Speaker Bio Johannes Ullrich, PhD As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.