2024-09-14 –, Room 300
Trust in our security vendors is fundamental for every security organization in the world. We trust them to provide material value to our programs, to develop new features to address emerging security challenges, and to not cause fleet-wide BSOD outages on Fridays. After a cybersecurity company’s recent global outage, EDR customers understand (now more than ever) the necessity of building operational resilience into their deployments. In this talk, we will discuss the base architecture of EDR agents and how this inherently-privileged sensor presents unique risks to customers. We will dive deep into the principles of operational resilience, weighing security risk against operational risk, and provide guidance on customer-driven controls that tangibly reduce operational risk of privileged agents. We describe the shared-responsibility between an EDR vendor and its customers through a threat model of an agent’s deployment at a company. Rebuilding trust requires transparency from technology and leadership, and operational resilience requires we don’t trust the agent to fail gracefully!
Gabe is a senior security engineer with experience in endpoint security, SaaS security, DLP, and threat detection. He focuses on enterprise threats to high-tech businesses, building scalable engineering solutions to materially reduce risk for organizations. He also volunteers time with Columbus State University and with extracurricular organizations in the community towards Cybersecurity students looking to enter the field.
Gabe holds a B.S. in Computer Science from Columbus State University and a M.S. in Cybersecurity from NYU.