WEBVTT 1 00:00:12.646 --> 00:00:14.466 Hello. My name is Steven Gomez. 2 00:00:14.606 --> 00:00:15.916 I am a technical staff member 3 00:00:15.916 --> 00:00:17.546 at MIT Lincoln Laboratory, 4 00:00:17.886 --> 00:00:19.456 and I'm working with Rick Skowyra 5 00:00:19.456 --> 00:00:20.466 on the QUASAR project. 6 00:00:20.806 --> 00:00:21.826 The only thing worse 7 00:00:21.886 --> 00:00:23.266 than having no defense 8 00:00:23.266 --> 00:00:25.356 for an attack is having hundreds 9 00:00:25.356 --> 00:00:26.156 to choose from. 10 00:00:26.736 --> 00:00:28.496 CISOs and defense planners have to deal 11 00:00:28.496 --> 00:00:29.846 with this constantly trying 12 00:00:29.846 --> 00:00:31.846 to allocate their limited resources 13 00:00:32.406 --> 00:00:34.416 in the face of constantly evolving 14 00:00:34.416 --> 00:00:35.706 attacker capabilities. 15 00:00:36.086 --> 00:00:38.336 QUASAR is a decision support system 16 00:00:38.336 --> 00:00:40.246 that provides an interactive what-if 17 00:00:40.246 --> 00:00:42.866 analysis that tells how defenses 18 00:00:42.866 --> 00:00:44.706 actually impact against attacks 19 00:00:44.706 --> 00:00:45.656 like memory corruption. 20 00:00:46.006 --> 00:00:47.566 Unlike penetration testing 21 00:00:47.566 --> 00:00:49.156 in threat intelligence companies, 22 00:00:49.316 --> 00:00:51.776 QUASAR provides not only the data needed 23 00:00:51.776 --> 00:00:53.386 to identify where you're vulnerable, 24 00:00:53.916 --> 00:00:55.976 but also the necessary context needed 25 00:00:55.976 --> 00:00:57.946 to take informed action in order 26 00:00:57.946 --> 00:00:58.956 to mitigate and address 27 00:00:58.956 --> 00:00:59.876 these vulnerabilities. 28 00:01:00.516 --> 00:01:02.376 QUASAR combines sophisticated models 29 00:01:02.376 --> 00:01:03.566 of attacker strategies 30 00:01:03.606 --> 00:01:05.846 and modern defenses with a description 31 00:01:05.846 --> 00:01:07.256 of your enterprise in order 32 00:01:07.256 --> 00:01:09.156 to provide tailored, specific, 33 00:01:09.366 --> 00:01:10.916 and quantitative analysis 34 00:01:10.956 --> 00:01:12.866 of possible attacks in your enterprise 35 00:01:12.866 --> 00:01:14.296 and mitigations for those attacks. 36 00:01:14.736 --> 00:01:16.796 Defense planners can use QUASAR in order 37 00:01:16.796 --> 00:01:18.696 to identify gaps in their defenses, 38 00:01:18.696 --> 00:01:20.886 and then also find mitigations 39 00:01:20.886 --> 00:01:21.846 to fill those gaps. 40 00:01:22.576 --> 00:01:24.246 We've actually used QUASAR in order 41 00:01:24.246 --> 00:01:26.716 to identify defenses that were developed 42 00:01:26.716 --> 00:01:27.596 after the fact 43 00:01:27.596 --> 00:01:28.796 by the academic community. 44 00:01:29.566 --> 00:01:31.456 With QUASAR, you can take the guesswork 45 00:01:31.456 --> 00:01:32.636 out of defense planning.