Successfully reported this slideshow.

Making security automation a reality

868 views

Published on

I believe we can distill our collective security reality down to a few key points or issues, and we’ll visit each one (quickly). This information, coupled with an assertion leads to a single question: Why are we, as an information security industry, falling behind?

The Answer: I’ll take you through what that answer means from the perspective of the information security industry and our tools in general.
The Solution: There may, in fact, be a solution well on its way in our industry – it’s just not quite there yet. I’ll provide some insight to what exists, its shortcomings, and finally, how you can help make a difference.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Making security automation a reality

  1. 1. Making Security Automation a Reality September 2011Tuesday, September 20, 11
  2. 2. If you get anything out of this at all...Tuesday, September 20, 11
  3. 3. If you get anything out of this at all... We are falling behind...Tuesday, September 20, 11
  4. 4. If you get anything out of this at all... But we don’t have toTuesday, September 20, 11
  5. 5. Expectations • Approach some realities • The Question • The Answer • The SolutionTuesday, September 20, 11
  6. 6. Information SecurityTuesday, September 20, 11
  7. 7. Information Security • The protection of information and information systems from unauthorized access, use, disruption, modification or destruction.Tuesday, September 20, 11
  8. 8. RudimentsTuesday, September 20, 11
  9. 9. Rudiments • ConfidentialityTuesday, September 20, 11
  10. 10. Rudiments • Confidentiality • IntegrityTuesday, September 20, 11
  11. 11. Rudiments • Confidentiality • Integrity • AvailabilityTuesday, September 20, 11
  12. 12. Threat TaxonomyTuesday, September 20, 11
  13. 13. Threat Agent EvolutionTuesday, September 20, 11
  14. 14. System ComplexityTuesday, September 20, 11
  15. 15. Situational SecurityTuesday, September 20, 11
  16. 16. Scarce ResourcesTuesday, September 20, 11
  17. 17. Business MattersTuesday, September 20, 11
  18. 18. Our RealityTuesday, September 20, 11
  19. 19. Our Reality • Immutable rudiments: CIATuesday, September 20, 11
  20. 20. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdatedTuesday, September 20, 11
  21. 21. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolutionTuesday, September 20, 11
  22. 22. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolution • System complexity continues increaseTuesday, September 20, 11
  23. 23. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolution • System complexity continues increase • Rapid change in situational securityTuesday, September 20, 11
  24. 24. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolution • System complexity continues increase • Rapid change in situational security • Severe shortage of security professionalsTuesday, September 20, 11
  25. 25. Our Reality • Immutable rudiments: CIA • Threat taxonomies: Relevant but outdated • Threat Agent evolution • System complexity continues increase • Rapid change in situational security • Severe shortage of security professionals • Security needs alignment with business processTuesday, September 20, 11
  26. 26. Why Do We Fall Behind?Tuesday, September 20, 11
  27. 27. Why Do We Fall Behind? • Too many points of human touchTuesday, September 20, 11
  28. 28. Why Do We Fall Behind? • Too many points of human touch • Too many smart people working on the mundaneTuesday, September 20, 11
  29. 29. Why Do We Fall Behind? • Too many points of human touch • Too many smart people working on the mundane • We work from information, not knowledgeTuesday, September 20, 11
  30. 30. Industry RequirementsTuesday, September 20, 11
  31. 31. Industry Requirements • Ability to convey knowledgeTuesday, September 20, 11
  32. 32. Industry Requirements • Ability to convey knowledge • Common representation of conceptsTuesday, September 20, 11
  33. 33. Industry Requirements • Ability to convey knowledge • Common representation of concepts • Ability to reason over informationTuesday, September 20, 11
  34. 34. Industry Requirements • Ability to convey knowledge • Common representation of concepts • Ability to reason over information • Enable dynamic proactionTuesday, September 20, 11
  35. 35. Put it togetherTuesday, September 20, 11
  36. 36. Put it together Conveying knowledge about common concepts between tools with the ability to reason frees security personnel from repetitive, mundane tasks and allows them to focus on what matters: dynamic proaction.Tuesday, September 20, 11
  37. 37. A solution ExistsTuesday, September 20, 11
  38. 38. A solution Exists Sort of...Tuesday, September 20, 11
  39. 39. Security Automation StandardsTuesday, September 20, 11
  40. 40. The General IdeaTuesday, September 20, 11
  41. 41. The General IdeaTuesday, September 20, 11
  42. 42. The Good • Protocols • Enumerations • Languages • MetricsTuesday, September 20, 11
  43. 43. The Bad • Lack of Governance • Lack of rigor • Model issuesTuesday, September 20, 11
  44. 44. The Ugly • They just keep on keeping on... • PoliticsTuesday, September 20, 11
  45. 45. One More Good • The bad and the ugly are changing for the better starting RIGHT NOW.Tuesday, September 20, 11
  46. 46. Needed ChangeTuesday, September 20, 11
  47. 47. Needed Change • Still too staticTuesday, September 20, 11
  48. 48. Needed Change • Still too static • Not cohesiveTuesday, September 20, 11
  49. 49. Needed Change • Still too static • Not cohesive • Differing views of the worldTuesday, September 20, 11
  50. 50. The End GameTuesday, September 20, 11
  51. 51. Enterprise Simulation If we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them.Tuesday, September 20, 11
  52. 52. Enterprise Simulation If we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them. File systems & permissions Platform configuration items Network stack configuration Host and network services Ports & Protocols Host hardware configuration Process mapsTuesday, September 20, 11
  53. 53. Enterprise Simulation If we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them. File systems & permissions Compliance frameworks Platform configuration items Security Concepts Network stack configuration Security Contexts Host and network services Cryptographic Primitives Ports & Protocols Measurements for strength Host hardware configuration Asset Identification Process maps ReportingTuesday, September 20, 11
  54. 54. Requirements ReduxTuesday, September 20, 11
  55. 55. Requirements Redux • Ability to convey knowledgeTuesday, September 20, 11
  56. 56. Requirements Redux • Ability to convey knowledge • Common representation of conceptsTuesday, September 20, 11
  57. 57. Requirements Redux • Ability to convey knowledge • Common representation of concepts • Ability to reason over informationTuesday, September 20, 11
  58. 58. Requirements Redux • Ability to convey knowledge • Common representation of concepts • Ability to reason over information • Enable dynamic proactionTuesday, September 20, 11
  59. 59. Requirements Redux • Ability to convey knowledge • Common representation of concepts • Ability to reason over information • Enable dynamic proaction • Reduce code changesTuesday, September 20, 11
  60. 60. Example: RelationshipsTuesday, September 20, 11
  61. 61. Example: Attack method discoveryTuesday, September 20, 11
  62. 62. RecommendationsTuesday, September 20, 11
  63. 63. Recommendations • Refocus compliance to focus on securityTuesday, September 20, 11
  64. 64. Recommendations • Refocus compliance to focus on security • Define relationships between and within modelsTuesday, September 20, 11
  65. 65. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologiesTuesday, September 20, 11
  66. 66. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationshipsTuesday, September 20, 11
  67. 67. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationships • Emphasize machine reasoningTuesday, September 20, 11
  68. 68. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationships • Emphasize machine reasoning • Emphasize dynamic content w/o code changeTuesday, September 20, 11
  69. 69. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationships • Emphasize machine reasoning • Emphasize dynamic content w/o code change • Investigate “Big Data” TechnologiesTuesday, September 20, 11
  70. 70. Recommendations • Refocus compliance to focus on security • Define relationships between and within models • Move to knowledge-based technologies • Emphasize concepts and their relationships • Emphasize machine reasoning • Emphasize dynamic content w/o code change • Investigate “Big Data” Technologies • Especially Semantic Web TechnologiesTuesday, September 20, 11
  71. 71. Call To Action • Everyone here is a stakeholder • Your voice can be heard • Participate, participate, participate • http://scap.nist.govTuesday, September 20, 11
  72. 72. Questions?Tuesday, September 20, 11
  73. 73. Contact adam@stoicsecurity.com amontville@tripwire.com https://stoicsecurity.com http://www.tripwire.com/blogTuesday, September 20, 11

×