PAUL VIXIE (President, ISC)

PRESENTATION TITLE: Silo Busting in Information Security — The ISC SIE Approach

PRESENTATION ABSTRACT: 

Every few weeks a new security company is born. No matter what the brand or the segment, the data flow looks the same from on high: let’s get smart people and write some smart software, suck in all kinds of telemetry and samples, and produce threat feeds and reputation feeds, and then… profit! This plan works more often than not, since the problem space and therefore the market continues to grow.

But why? Why if we’re putting that many smart people to work on security, and writing all that smart software, and making all this money, does the problem space and therefore the market continue to grow? Are we doing this right — since everybody’s making money? Or are we doing this wrong — and we’re a bunch of corrupt dolts who aren’t even recognizing the real problem or at least not trying very hard to solve it?

ISC’s theory is that the nature of information sharing in the security industry is part of the problem. Having N security companies each have 1/Nth of the available telemetry and samples means that nobody has a chance of seeing everything — and mostly nobody sees anything. To that end we launched in 2008 the ISC Security Information Exchange (SIE), and today (2012) we’re sharing about 500Mbit/sec of real time security telemetry.

Dr. Vixie will explain where we are with ISC SIE, how we got here, and where we’re going. Of special interest is our first “vertical application”, a high speed high quality Passive DNS database (ISC DNSDB), which Vixie will demo for the crowd in a couple of creepy ways. This presentation is mostly show and tell with a pitch to get people to contribute data, plus a pitch to join the Exchange and see the data, plus a pitch to anyone who might be able to use DNSDB in their work (free or cheap for dogooders, not free but reasonably priced for commercial use).

ABOUT PAUL VIXIE