WEBVTT

1
00:00:12.646 --> 00:00:14.466
Hello. My name is Steven Gomez.

2
00:00:14.606 --> 00:00:15.916
I am a technical staff member

3
00:00:15.916 --> 00:00:17.546
at MIT Lincoln Laboratory,

4
00:00:17.886 --> 00:00:19.456
and I'm working with Rick Skowyra

5
00:00:19.456 --> 00:00:20.466
on the QUASAR project.

6
00:00:20.806 --> 00:00:21.826
The only thing worse

7
00:00:21.886 --> 00:00:23.266
than having no defense

8
00:00:23.266 --> 00:00:25.356
for an attack is having hundreds

9
00:00:25.356 --> 00:00:26.156
to choose from.

10
00:00:26.736 --> 00:00:28.496
CISOs and defense planners have to deal

11
00:00:28.496 --> 00:00:29.846
with this constantly trying

12
00:00:29.846 --> 00:00:31.846
to allocate their limited resources

13
00:00:32.406 --> 00:00:34.416
in the face of constantly evolving

14
00:00:34.416 --> 00:00:35.706
attacker capabilities.

15
00:00:36.086 --> 00:00:38.336
QUASAR is a decision support system

16
00:00:38.336 --> 00:00:40.246
that provides an interactive what-if

17
00:00:40.246 --> 00:00:42.866
analysis that tells how defenses

18
00:00:42.866 --> 00:00:44.706
actually impact against attacks

19
00:00:44.706 --> 00:00:45.656
like memory corruption.

20
00:00:46.006 --> 00:00:47.566
Unlike penetration testing

21
00:00:47.566 --> 00:00:49.156
in threat intelligence companies,

22
00:00:49.316 --> 00:00:51.776
QUASAR provides not only the data needed

23
00:00:51.776 --> 00:00:53.386
to identify where you're vulnerable,

24
00:00:53.916 --> 00:00:55.976
but also the necessary context needed

25
00:00:55.976 --> 00:00:57.946
to take informed action in order

26
00:00:57.946 --> 00:00:58.956
to mitigate and address

27
00:00:58.956 --> 00:00:59.876
these vulnerabilities.

28
00:01:00.516 --> 00:01:02.376
QUASAR combines sophisticated models

29
00:01:02.376 --> 00:01:03.566
of attacker strategies

30
00:01:03.606 --> 00:01:05.846
and modern defenses with a description

31
00:01:05.846 --> 00:01:07.256
of your enterprise in order

32
00:01:07.256 --> 00:01:09.156
to provide tailored, specific,

33
00:01:09.366 --> 00:01:10.916
and quantitative analysis

34
00:01:10.956 --> 00:01:12.866
of possible attacks in your enterprise

35
00:01:12.866 --> 00:01:14.296
and mitigations for those attacks.

36
00:01:14.736 --> 00:01:16.796
Defense planners can use QUASAR in order

37
00:01:16.796 --> 00:01:18.696
to identify gaps in their defenses,

38
00:01:18.696 --> 00:01:20.886
and then also find mitigations

39
00:01:20.886 --> 00:01:21.846
to fill those gaps.

40
00:01:22.576 --> 00:01:24.246
We've actually used QUASAR in order

41
00:01:24.246 --> 00:01:26.716
to identify defenses that were developed

42
00:01:26.716 --> 00:01:27.596
after the fact

43
00:01:27.596 --> 00:01:28.796
by the academic community.

44
00:01:29.566 --> 00:01:31.456
With QUASAR, you can take the guesswork

45
00:01:31.456 --> 00:01:32.636
out of defense planning.