Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security

1,003 views

Published on

We are rapidly approaching the next era of security where we need to be focused on the ability to recover from irrecoverable attacks. This can also be defined as resiliency. The traditional view of resiliency attempts to quickly restore assets that support services that we care about. This new approach/paradigm looks at resilience in ways that promote design patterns (distributed, immutable, ephemeral) where we do not care about a given asset at all while still keeping the overall service functioning. This new approach allows us to avoid having to deal with security at all.

Published in: Technology
  • Be the first to comment

Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security

  1. 1. How To Solve Cybersecurity New Paradigms for the Next Era of Security Sounil Yu @sounilyu
  2. 2. The Grand Challenge of Our Generation @sounilyu 2 What should we focus on if we want to solve it within the next few years?
  3. 3. Solved State: Get Inside the Attacker OODA Loop? @sounilyu 3 Orient DecideAct Observe Defender OODA Loop Attacker OODA LoopObserve OrientDecide Act Can defenders ever achieve the goal of responding faster than the attacker?
  4. 4. A Quick History of IT and Security @sounilyu 4 1980s 1990s 2000s 2010s Core Challenges Solutions IT / Security Tension Asset Inventory, Asset Mgt, Asset Prioritization Viruses, Insecure Configs, Server- side Attacks Client-side Attacks, Log Analysis and Mgt Assume Breach, Too Many Privileges Systems Mgt Tools, Scanners A/V, Firewalls, Secure Configs, App Sec IDS, SIEM Incident Response, Hunting, EDR, IdAM Era Security Team Composition & Focus None Hobby Shop / Vulnerability Mgt Dedicated Biz Unit / Risk Mgt Sec Ops Center / Threat Mgt STABILITY (CIO) SECURITY (CISO)
  5. 5. Mapping to the NIST Cyber Security Framework @sounilyu 5 1980s 1990s 2000s 2010s Core Challenges Solutions IT / Security Tension Asset Inventory, Asset Mgt, Asset Prioritization Viruses, Insecure Configs, Server- side Attacks Client-side Attacks, Log Analysis and Mgt Assume Breach, Too Many Privileges Systems Mgt Tools, Scanners A/V, Firewalls, Secure Configs, App Sec IDS, SIEM Incident Response, Hunting, EDR, IdAM Era Security Team Composition & Focus None Hobby Shop / Vulnerability Mgt Dedicated Biz Unit / Risk Mgt Sec Ops Center / Threat Mgt STABILITY (CIO) SECURITY (CISO)
  6. 6. 2020s: Age of Recovery (or Resiliency) @sounilyu 6 What kind of attacks should we see in the 2020s that would challenge to our ability to RECOVER or cause irreversible harm? Wikileaks Doxxing Ransomware #fakenews PDoS, MBR Wiper, Bricking Firmware Confidentiality Integrity Availability
  7. 7. 2020s: Age of Recovery (or Resiliency) @sounilyu 7 What kind of solutions directly support our ability to RECOVER or be RESILIENT?
  8. 8. JOIN THE PREVENTION AGE STOP CYBER BREACHES Forging ahead or regressing back? @sounilyu 8 • A call to go back to the 1990s? • How will prevention mitigate the impact of ransomware? - Remember, we learned “assume breach” in the 2010s - Prevention minimizes the occurrences, but does not address the impact or ability to recoverJOIN THE PREVENTION AGE STOP CYBER BREACHES
  9. 9. 2020s: Age of Recovery (or Resiliency) @sounilyu 9 What kind of solutions directly support our ability to RECOVER or be RESILIENT? Copy on Write Computer Hypervisor OS Apps Apps Apps Libraries SERVERLESS ARCHITECTURE Content Delivery Network
  10. 10. But wait! How are these “security” solutions? 10 Distributed Immutable Ephemeral DDoS Resistant The best solution against a distributed attack is a distributed service Changes Easier to Detect and Reverse Unauthorized changes stand out and can be reverted to known good Drives Value of Assets Closer to Zero Makes attacker persistence hard and reduces concern for assets at risk Availability Integrity Confidentiality @sounilyu
  11. 11. The Alternative: An Endless Conveyor Belt of Vulnerabilities and Threats @sounilyu 11 Risk Never Ending Threats Never Ending Vulns Likelihood Impact= x
  12. 12. Pets vs Cattle @sounilyu 12 • Given a familiar name • Taken to the vet when sick • Hugged • Branded with an obscure, unpronounceable name • Shot when sick • Eaten/Recycled (sorry PETA)
  13. 13. A New Measurement for a New Era: Pets vs Cattle Curve @sounilyu 13 10000 0 5000 10000 15000 20000 1000 100 10 1 @40 Days  Pets = 2.5% @10 Days  Pets = 10% Target: @ 10 Days  Pets = 2.5% Fewer pets Find design patterns, policies, and incentives that push the curve in these directions Shorter- lived cattle Uptime(inDays) SystemsPets Cattle 2000systems 10 days 500systems 40 days
  14. 14. A Better Way to Get Inside the Attacker OODA Loop? @sounilyu 14 Orient DecideAct Observe Defender OODA Loop Attacker OODA Loop Observe OrientDecide Act Act ObserveOrient Decide Natural Business OODA Loop Business OODA Loop w/Traditional Security Restrictions Distributed, immutable, and ephemeral design patterns allow businesses to move faster and naturally shorten the OODA loop (OODABusiness – OODACIO+CISO = Shadow IT) Larger swaths of risk are quickly being eliminated at newer companies, at earlier and earlier stages. And usually not because security was the goal. – Ryan McGeehan https://medium.com/starting-up-security/you-dont-need-a-chief-security-officer-3f8d1a76b924
  15. 15. None Hobby Shop / Vulnerability Mgt Dedicated Biz Unit / Risk Mgt Sec Ops Center / Threat Mgt Completing the NIST Cyber Security Framework @sounilyu 15 Asset Inventory, Asset Mgt, Asset Prioritization Viruses, Insecure Configs, Server- side Attacks Client-side Attacks, Log Analysis and Mgt Assume Breach, Too Many Privileges STABILITY (CIO) Systems Mgt Tools, Scanners A/V, Firewalls, Secure Configs, App Sec IDS, SIEM Incident Response, Hunting, EDR, IdAM SECURITY (CISO) 1980 Identify 1990 Protect 2000 Detect 2010 Respond 2020 Recover Ransomware, MBR Wiper, DDoS, Firmware Bricking Distributed, Immutable, Ephemeral (DIE!!!) Systems Integrated Team / Rugged DevOps Core Challenges Solutions IT / Security Tension Era Security Team Composition & Focus
  16. 16. • Known attack methods only get better with time against static systems • The next era in IT and Security will manifest more irreversible attacks that challenge and undermine our ability to RECOVER • Better PROTECT, DETECT, and RESPOND capabilities may reduce occurrences of malicious events but are insufficient against well- executed destructive/irreversible scenarios • Our best countermeasure is resilient design patterns that promote the qualities of distributed, immutable, and ephemeral (DIE!) in lieu of confidentiality, integrity, and availability Summary @sounilyu 16
  17. 17. • Elimination of poor designs will happen either by intentional decommissioning or by destruction. Which would you rather count on? Solving Cybersecurity Through Cyber Train Crashes @sounilyu 17

×