2024-06-08, 16:00–16:45, Track 1 (UC Conference Rm A)
Incident detection today is based on protecting the conduit to protect the data inside. Lack of correlation between APIs and data has lead to high false positive rates that are inundating incident response teams. We present a new approach to data security incident detection and response that avoids correlation with the goal of maximizing the real incident to false positive ratio. This approach is particularly useful with APIs that feed RAG and fine tuning models in generative AI.
If you’re not already be numb to the statistic: High false positive rates in today’s security tools are killing incident response teams. Many true positive alerts go unseen. Security job vacancies can’t be filled. OWASP Top10 authorization and access control failures often are not detected at all. Today’s tools share a common doctrine dating back to the first network firewall 30 years ago: Protect the conduit to protect the data it carries. But in today’s applications APIs are the conduit. Does a trustworthy correlation between API and data even exist? Over the last 4 years we architected and built a new solution for incident detection and response free from parameter interpretation, pattern matching, keyword searches, and other correlation-based techniques. In this talk we’ll detail the approach and the tradeoffs made to maximize detection of real incidents while optimizing for near-zero false positives.
Rob Quiros is a technologist and entrepreneur with more than 30 years building enterprise-class solutions in networking and security. He is the inventor, architect and builder of the new approach being discussed, and chief dreamer of Caber Systems, Inc., a startup with hopes to bring the solution to market. Prior to Caber, Rob was with Akamai after their purchase of Soha Systems, a pioneer in the now multi-billion dollar Secure Access Secure Edge (SASE) market, where he was an early team member and executive.