The recent ‘Application Security’ Experience Sharing Day covered several Belgian research projects on advanced security approaches.
At the VUB, Thierry Renaux looks into automated monitoring using ‘complex event processing’ in order to detect network, operations and transaction anomalies, at run time. Axel Legay (UCL) dived into tools and means to improve on the YARA-based malware-analysis, including machine learning, symbolic analysis and graph mining. Jeremy Grandclaudon’s (Cetic) participation in Europe’s SPARTA project envisages changing the nature of security from reactive to adaptive.
From a commercial point of view, John Matthew Holt (CTO, Waratek) proposed apps protection through modernizing agents, without changing application code. Pascal Matthieu (BNP Paribas Fortis) illustrated the advantages of a security architecture team in enterprises, and encouraged members of the Coalition to join the ‘Enterprise Security Architecture’ focus group. Of utmost importance remain ‘security by design’ efforts from day ‘zero’ when developing new applications, and investment in ‘secure software developers’.