Today we’re announcing the Fastly Security Speaker Series, an informal event for bringing together researchers and engineers to share research, tools, and ideas. Fastly will bring some of the most innovative and thoughtful security researchers to Fastly headquarters in San Francisco to share their work. Our first event is February 25th, and our first two speakers are Alex Pinto and Rolf Rolles.
Alex Pinto, Chief Data Scientist of Niddel and the lead of MLSec Project, will speak about machine learning and how it can make us better at defense with his talk “Secure Because Math: Challenges on Applying Machine Learning to Security.”
Large-scale machine learning, be it supervised or unsupervised, has become an important cornerstone of the information systems we use today. It is only natural that it would become a hot topic in Information Security as well, and a large number of security startups have appeared claiming miracles due to their experience with big data technologies even without previous experience in the Information Security field. It turns out not all algorithms and techniques are born equal, and protecting networks and endpoints from attackers is a very different problem than recommendation engines and automated ad bidding. Not to speak of the potentially disastrous results if techniques are applied incorrectly or with a bad sensitivity/specificity calibration.
This presentation will describe how information security is a different problem and the challenges intrinsic to this specific field that many first entrants seem to ignore. We will discuss strengths and caveats of unsupervised and supervised models in this scenario and where they have historically been applied in different segments of InfoSec. It will provide all the background in both Machine Learning and Information Security you may need to enjoy it, and will shed some light on burning questions about "why isn’t this all secure with deep learning already?" and "if I can decide to bid on an ad in milliseconds, why can't I use this tech to block an attacker?"
Rolf Rolles of Möbius Strip Reverse Engineering will join us to discuss program synthesis and its uses in reverse engineering:
Program synthesis is an academic discipline devoted to creating computer programs automatically, given a precise specification of how the program should operate. It works on small scales and is mostly researched for programs without loops in them. We apply and adapt existing academic work in program synthesis to solve problems in reverse engineering.
- Semi-automated synthesis of CPU emulators
- Automated generation of deobfuscators for peephole-expansion obfuscators
- Reconstruction of obfuscated, metamorphic code sequences
We invite you to come and participate, and join us for beers, snacks, and a few hours of excellent security discussion. Sign up on our Eventbrite page.
We look forward to seeing you on February 25th!
You may also like:
Lean Threat Intelligence, Part 1: The plan
Fastly Security Researcher Zack Allen discusses how you can draw from open source resources to build a lean and powerful Threat Intelligence plan for your organization.
Introducing Fastly Security Advisories
Today we’re announcing Fastly Security Advisories. Fastly will publish these to address security concerns that either trigger customer interest or require customer action to address.
Update to our TLS 1.0 and 1.1 deprecation plan
Last October, we announced our deprecation plan for TLS 1.0 and 1.1. The PCI Security Standards has since updated their guidance, and we are revising our deprecation schedule accordingly.