length: 00:26:22

SANS benefit from different diversity

SANS is fine to report about things that still in early phase of investigation –it could be the beginning of something big or it could be nothing…

First responder type job – very stressful –gotta make a call

At the end of the day -low false is more important than 100% detection.

McAfee is the first coined the term IPS

Lenny believes in cloud- at the time it was called Application Service Provider

Biggest problem: ppl adopt before they design – the didn’t consider the security ramification

Virtualization: people made mistake

Cloud: people will repeat the same mistake

Web 2.0: malware writer dream

McAfee cloud – Aramus – allow us to gather a huge quantity of data – use solely behavioral analysis – if the cloud detect something suspicious – it will send the sample to AVERT lab – AVERT lab will analyze and send back the result to the cloud.
This is very powerful and very interesting.

Allow to react very quickly leveraging cloud.

Also use DNS security
Very scalable

Sample gathered:

Actual zoo: everything > 22 million

Unique sample

Closing word: if you don’t pay attention you ended up protecting against last year threat.