Making security automation a reality
73
Making Security Automation a Reality September 2011 Tuesday, September 20, 11
-
Upload
adammontville -
Category
Technology
-
view
667 -
download
3
description
I believe we can distill our collective security reality down to a few key points or issues, and we’ll visit each one (quickly). This information, coupled with an assertion leads to a single question: Why are we, as an information security industry, falling behind? The Answer: I’ll take you through what that answer means from the perspective of the information security industry and our tools in general.The Solution: There may, in fact, be a solution well on its way in our industry – it’s just not quite there yet. I’ll provide some insight to what exists, its shortcomings, and finally, how you can help make a difference.
Transcript of Making security automation a reality
Making Security Automation a RealitySeptember 2011
Tuesday, September 20, 11
If you get anything out of this at all...
Tuesday, September 20, 11
If you get anything out of this at all...
We are falling behind...
Tuesday, September 20, 11
If you get anything out of this at all...
But we don’t have to
Tuesday, September 20, 11
Expectations
• Approach some realities
• The Question
• The Answer
• The Solution
Tuesday, September 20, 11
Information Security
Tuesday, September 20, 11
Information Security
• The protection of information and information systems from unauthorized access, use, disruption, modification or destruction.
Tuesday, September 20, 11
Rudiments
Tuesday, September 20, 11
Rudiments• Confidentiality
Tuesday, September 20, 11
Rudiments• Confidentiality
• Integrity
Tuesday, September 20, 11
Rudiments• Confidentiality
• Integrity
• Availability
Tuesday, September 20, 11
Threat Taxonomy
Tuesday, September 20, 11
Threat Agent Evolution
Tuesday, September 20, 11
System Complexity
Tuesday, September 20, 11
Situational Security
Tuesday, September 20, 11
Scarce Resources
Tuesday, September 20, 11
Business Matters
Tuesday, September 20, 11
Our Reality
Tuesday, September 20, 11
Our Reality
• Immutable rudiments: CIA
Tuesday, September 20, 11
Our Reality
• Immutable rudiments: CIA
• Threat taxonomies: Relevant but outdated
Tuesday, September 20, 11
Our Reality
• Immutable rudiments: CIA
• Threat taxonomies: Relevant but outdated
• Threat Agent evolution
Tuesday, September 20, 11
Our Reality
• Immutable rudiments: CIA
• Threat taxonomies: Relevant but outdated
• Threat Agent evolution
• System complexity continues increase
Tuesday, September 20, 11
Our Reality
• Immutable rudiments: CIA
• Threat taxonomies: Relevant but outdated
• Threat Agent evolution
• System complexity continues increase
• Rapid change in situational security
Tuesday, September 20, 11
Our Reality
• Immutable rudiments: CIA
• Threat taxonomies: Relevant but outdated
• Threat Agent evolution
• System complexity continues increase
• Rapid change in situational security
• Severe shortage of security professionals
Tuesday, September 20, 11
Our Reality
• Immutable rudiments: CIA
• Threat taxonomies: Relevant but outdated
• Threat Agent evolution
• System complexity continues increase
• Rapid change in situational security
• Severe shortage of security professionals
• Security needs alignment with business process
Tuesday, September 20, 11
Why Do We Fall Behind?
Tuesday, September 20, 11
Why Do We Fall Behind?
• Too many points of human touch
Tuesday, September 20, 11
Why Do We Fall Behind?
• Too many points of human touch
• Too many smart people working on the mundane
Tuesday, September 20, 11
Why Do We Fall Behind?
• Too many points of human touch
• Too many smart people working on the mundane
• We work from information, not knowledge
Tuesday, September 20, 11
Industry Requirements
Tuesday, September 20, 11
Industry Requirements
• Ability to convey knowledge
Tuesday, September 20, 11
Industry Requirements
• Ability to convey knowledge
• Common representation of concepts
Tuesday, September 20, 11
Industry Requirements
• Ability to convey knowledge
• Common representation of concepts
• Ability to reason over information
Tuesday, September 20, 11
Industry Requirements
• Ability to convey knowledge
• Common representation of concepts
• Ability to reason over information
• Enable dynamic proaction
Tuesday, September 20, 11
Put it together
Tuesday, September 20, 11
Put it together
Conveying knowledge about common concepts between tools with the ability to reason frees security personnel
from repetitive, mundane tasks and allows them to focus on what matters: dynamic proaction.
Tuesday, September 20, 11
A solution Exists
Tuesday, September 20, 11
A solution ExistsSort of...
Tuesday, September 20, 11
Security Automation Standards
Tuesday, September 20, 11
The General Idea
Tuesday, September 20, 11
The General Idea
Tuesday, September 20, 11
The Good
• Protocols
• Enumerations
• Languages
• Metrics
Tuesday, September 20, 11
The Bad
• Lack of Governance
• Lack of rigor
• Model issues
Tuesday, September 20, 11
The Ugly
• They just keep on keeping on...
• Politics
Tuesday, September 20, 11
One More Good
• The bad and the ugly are changing for the better starting RIGHT NOW.
Tuesday, September 20, 11
Needed Change
Tuesday, September 20, 11
Needed Change
• Still too static
Tuesday, September 20, 11
Needed Change
• Still too static
• Not cohesive
Tuesday, September 20, 11
Needed Change
• Still too static
• Not cohesive
• Differing views of the world
Tuesday, September 20, 11
The End Game
Tuesday, September 20, 11
Enterprise SimulationIf we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them.
Tuesday, September 20, 11
Enterprise SimulationIf we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them.
File systems & permissions
Platform configuration items
Network stack configuration
Host and network services
Ports & Protocols
Host hardware configuration
Process maps
Tuesday, September 20, 11
Enterprise SimulationIf we want to react to new attack vectors and threats in a dynamic manner, then we must accurately simulate system state, events, and the attacks against them.
File systems & permissions
Platform configuration items
Network stack configuration
Host and network services
Ports & Protocols
Host hardware configuration
Process maps
Compliance frameworks
Security Concepts
Security Contexts
Cryptographic Primitives
Measurements for strength
Asset Identification
Reporting
Tuesday, September 20, 11
Requirements Redux
Tuesday, September 20, 11
Requirements Redux
• Ability to convey knowledge
Tuesday, September 20, 11
Requirements Redux
• Ability to convey knowledge
• Common representation of concepts
Tuesday, September 20, 11
Requirements Redux
• Ability to convey knowledge
• Common representation of concepts
• Ability to reason over information
Tuesday, September 20, 11
Requirements Redux
• Ability to convey knowledge
• Common representation of concepts
• Ability to reason over information
• Enable dynamic proaction
Tuesday, September 20, 11
Requirements Redux
• Ability to convey knowledge
• Common representation of concepts
• Ability to reason over information
• Enable dynamic proaction
• Reduce code changes
Tuesday, September 20, 11
Example: Relationships
Tuesday, September 20, 11
Example: Attack method discovery
Tuesday, September 20, 11
Recommendations
Tuesday, September 20, 11
Recommendations• Refocus compliance to focus on security
Tuesday, September 20, 11
Recommendations• Refocus compliance to focus on security
• Define relationships between and within models
Tuesday, September 20, 11
Recommendations• Refocus compliance to focus on security
• Define relationships between and within models
• Move to knowledge-based technologies
Tuesday, September 20, 11
Recommendations• Refocus compliance to focus on security
• Define relationships between and within models
• Move to knowledge-based technologies
• Emphasize concepts and their relationships
Tuesday, September 20, 11
Recommendations• Refocus compliance to focus on security
• Define relationships between and within models
• Move to knowledge-based technologies
• Emphasize concepts and their relationships
• Emphasize machine reasoning
Tuesday, September 20, 11
Recommendations• Refocus compliance to focus on security
• Define relationships between and within models
• Move to knowledge-based technologies
• Emphasize concepts and their relationships
• Emphasize machine reasoning
• Emphasize dynamic content w/o code change
Tuesday, September 20, 11
Recommendations• Refocus compliance to focus on security
• Define relationships between and within models
• Move to knowledge-based technologies
• Emphasize concepts and their relationships
• Emphasize machine reasoning
• Emphasize dynamic content w/o code change
• Investigate “Big Data” Technologies
Tuesday, September 20, 11
Recommendations• Refocus compliance to focus on security
• Define relationships between and within models
• Move to knowledge-based technologies
• Emphasize concepts and their relationships
• Emphasize machine reasoning
• Emphasize dynamic content w/o code change
• Investigate “Big Data” Technologies
• Especially Semantic Web Technologies
Tuesday, September 20, 11
Call To Action
• Everyone here is a stakeholder
• Your voice can be heard
• Participate, participate, participate
• http://scap.nist.gov
Tuesday, September 20, 11
Questions?
Tuesday, September 20, 11
Contact
[email protected]@tripwire.com
https://stoicsecurity.comhttp://www.tripwire.com/blog
Tuesday, September 20, 11
