Your SlideShare is downloading. ×
0
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Making security automation a reality
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Making security automation a reality

704

Published on

I believe we can distill our collective security reality down to a few key points or issues, and we’ll visit each one (quickly). This information, coupled with an assertion leads to a single …

I believe we can distill our collective security reality down to a few key points or issues, and we’ll visit each one (quickly). This information, coupled with an assertion leads to a single question: Why are we, as an information security industry, falling behind?

The Answer: I’ll take you through what that answer means from the perspective of the information security industry and our tools in general.
The Solution: There may, in fact, be a solution well on its way in our industry – it’s just not quite there yet. I’ll provide some insight to what exists, its shortcomings, and finally, how you can help make a difference.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
704
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Making Security Automation a Reality September 2011Tuesday, September 20, 11
  • 2. If you get anything out of this at all...Tuesday, September 20, 11
  • 3. If you get anything out of this at all... We are falling behind...Tuesday, September 20, 11
  • 4. If you get anything out of this at all... But we don’t have toTuesday, September 20, 11
  • 5. Expectations • Approach some realities • The Question • The Answer • The SolutionTuesday, September 20, 11
  • 6. Information SecurityTuesday, September 20, 11
  • 7. Information Security • The protection of information and information systems from unauthorized access, use, disruption, modification or destruction.Tuesday, September 20, 11
  • 8. RudimentsTuesday, September 20, 11
  • 9. Rudiments • ConfidentialityTuesday, September 20, 11
  • 10. Rudiments • Confidentiality • IntegrityTuesday, September 20, 11
  • 11. Rudiments • Confidentiality • Integrity • AvailabilityTuesday, September 20, 11
  • 12. Threat TaxonomyTuesday, September 20, 11
  • 13. Threat Agent EvolutionTuesday, September 20, 11
  • 14. System ComplexityTuesday, September 20, 11
  • 15. Situational SecurityTuesday, September 20, 11
  • 16. Scarce ResourcesTuesday, September 20, 11
  • 17. Business MattersTuesday, September 20, 11
  • 18. Our RealityTuesday, September 20, 11
  • 19. Our Reality • Immutable rudiments: CIATuesday, September 20, 11
  • 20. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdatedTuesday, September 20, 11
  • 21. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolutionTuesday, September 20, 11
  • 22. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolution • System complexity continues increaseTuesday, September 20, 11
  • 23. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolution • System complexity continues increase • Rapid change in situational securityTuesday, September 20, 11
  • 24. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolution • System complexity continues increase • Rapid change in situational security • Severe shortage of security professionalsTuesday, September 20, 11
  • 25. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolution • System complexity continues increase • Rapid change in situational security • Severe shortage of security professionals • Security needs alignment with business processTuesday, September 20, 11
  • 26. Why Do We Fall Behind?Tuesday, September 20, 11
  • 27. Why Do We Fall Behind? • Too many points of human touchTuesday, September 20, 11
  • 28. Why Do We Fall Behind? • Too many points of human touch • Too many smart people working on the mundaneTuesday, September 20, 11
  • 29. Why Do We Fall Behind? • Too many points of human touch • Too many smart people working on the mundane • We work from information, not knowledgeTuesday, September 20, 11
  • 30. Industry RequirementsTuesday, September 20, 11
  • 31. Industry Requirements • Ability to convey knowledgeTuesday, September 20, 11
  • 32. Industry Requirements • Ability to convey knowledge • Common representation of conceptsTuesday, September 20, 11
  • 33. Industry Requirements • Ability to convey knowledge • Common representation of concepts • Ability to reason over informationTuesday, September 20, 11
  • 34. Industry Requirements • Ability to convey knowledge • Common representation of concepts • Ability to reason over information • Enable dynamic proactionTuesday, September 20, 11
  • 35. Put it togetherTuesday, September 20, 11
  • 36. Put it together Conveying knowledge about common concepts between tools with the ability to reason frees security personnel from repetitive, mundane tasks and allows them to focus on what matters: dynamic proaction.Tuesday, September 20, 11
  • 37. A solution ExistsTuesday, September 20, 11
  • 38. A solution Exists Sort of...Tuesday, September 20, 11
  • 39. Security Automation StandardsTuesday, September 20, 11
  • 40. The General IdeaTuesday, September 20, 11
  • 41. The General IdeaTuesday, September 20, 11
  • 42. The Good • Protocols • Enumerations • Languages • MetricsTuesday, September 20, 11
  • 43. The Bad • Lack of Governance • Lack of rigor • Model issuesTuesday, September 20, 11
  • 44. The Ugly • They just keep on keeping on... • PoliticsTuesday, September 20, 11
  • 45. One More Good • The bad and the ugly are changing for the better starting RIGHT NOW.Tuesday, September 20, 11
  • 46. Needed ChangeTuesday, September 20, 11
  • 47. Needed Change • Still too staticTuesday, September 20, 11
  • 48. Needed Change • Still too static • Not cohesiveTuesday, September 20, 11
  • 49. Needed Change • Still too static • Not cohesive • Differing views of the worldTuesday, September 20, 11
  • 50. The End GameTuesday, September 20, 11
  • 51. Enterprise Simulation If we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them.Tuesday, September 20, 11
  • 52. Enterprise Simulation If we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them. File systems & permissions Platform configuration items Network stack configuration Host and network services Ports & Protocols Host hardware configuration Process mapsTuesday, September 20, 11
  • 53. Enterprise Simulation If we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them. File systems & permissions Compliance frameworks Platform configuration items Security Concepts Network stack configuration Security Contexts Host and network services Cryptographic Primitives Ports & Protocols Measurements for strength Host hardware configuration Asset Identification Process maps ReportingTuesday, September 20, 11
  • 54. Requirements ReduxTuesday, September 20, 11
  • 55. Requirements Redux • Ability to convey knowledgeTuesday, September 20, 11
  • 56. Requirements Redux • Ability to convey knowledge • Common representation of conceptsTuesday, September 20, 11
  • 57. Requirements Redux • Ability to convey knowledge • Common representation of concepts • Ability to reason over informationTuesday, September 20, 11
  • 58. Requirements Redux • Ability to convey knowledge • Common representation of concepts • Ability to reason over information • Enable dynamic proactionTuesday, September 20, 11
  • 59. Requirements Redux • Ability to convey knowledge • Common representation of concepts • Ability to reason over information • Enable dynamic proaction • Reduce code changesTuesday, September 20, 11
  • 60. Example: RelationshipsTuesday, September 20, 11
  • 61. Example: Attack method discoveryTuesday, September 20, 11
  • 62. RecommendationsTuesday, September 20, 11
  • 63. Recommendations • Refocus compliance to focus on securityTuesday, September 20, 11
  • 64. Recommendations • Refocus compliance to focus on security • Define relationships between and within modelsTuesday, September 20, 11
  • 65. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologiesTuesday, September 20, 11
  • 66. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationshipsTuesday, September 20, 11
  • 67. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationships • Emphasize machine reasoningTuesday, September 20, 11
  • 68. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationships • Emphasize machine reasoning • Emphasize dynamic content w/o code changeTuesday, September 20, 11
  • 69. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationships • Emphasize machine reasoning • Emphasize dynamic content w/o code change • Investigate “Big Data” TechnologiesTuesday, September 20, 11
  • 70. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationships • Emphasize machine reasoning • Emphasize dynamic content w/o code change • Investigate “Big Data” Technologies • Especially Semantic Web TechnologiesTuesday, September 20, 11
  • 71. Call To Action • Everyone here is a stakeholder • Your voice can be heard • Participate, participate, participate • http://scap.nist.govTuesday, September 20, 11
  • 72. Questions?Tuesday, September 20, 11
  • 73. Contact adam@stoicsecurity.com amontville@tripwire.com https://stoicsecurity.com http://www.tripwire.com/blogTuesday, September 20, 11

×