Automate or Die! How to Scale and Evolve to Fix Our Broken Industry
Download as PPTX, PDF1 like1,046 views
The document discusses the necessity of automation in cybersecurity to cope with increasing threats and the inefficiencies of human intervention. It emphasizes the importance of automating routine tasks to enhance scalability, minimize errors, and improve overall security quality. The author encourages a shift in mindset towards resilience and resource optimization while leveraging technology for better decision-making.
Automate or Die! How to Scale and Evolve to Fix Our Broken Industry
- 1. Automate or Die! How to Scale and Evolve to Fix Our Broken Industry Ben Tomhave, Security Architect, K12
- 3. Image Credit: David Masters (https://www.flickr.com/photos/davidmasters/2516902376) ImageCredit:takomabibelot(https://www.flickr.com/photos/takomabibelot/3050589967) Consider the written word… http://16days.thepixelproject.net/wp-content/uploads/2013/12/social-media-1024x683.jpg
- 5. Image Credit: Creative Tools (https://www.flickr.com/photos/creative_tools/8080034547) Image Credit: Bill Jacobus (https://www.flickr.com/photos/billjacobus1/115786818) Consider other industries… Image Credit: darkday (https://www.flickr.com/photos/drainrat/14643613433)
- 6. And the list goes on… Mass transportation… Communication advances… Telegraph Radio Telephone Satellites Television The Internet! Mobile Devices Wearables / IoT
- 8. In the Words of Dr. Dan Geer… “One can only conclude that replacing some part of the human cybersecurity worker's job description with automation is necessary. If the threat space is expanding by X to the Y, then the defense has to arm up accordingly. An accelerating share of the total cybersecurity responsibility will have to be automated, will have to be turned over to machines.” “People in the Loop: Are They a Failsafe or a Liability?” (8 February 2012) http://geer.tinho.net/geer.suitsandspooks.8ii12.txt
- 9. Or Maybe Verizon DBIR 2015? 9 “It may not be obvious at first glance, but the common denominator across the top four patterns - accounting for nearly 90% of all incidents - is people. Whether it's goofing up, getting infected, behaving badly, or losing stuff, most incidents fall in the PEBKAC and ID-10T über-patterns.” (p32) Verizon Data Breach Investigation Report 2015 http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015-insider_en_xg.pdf
- 10. Problem Statement “A perfection of means, and confusion of aims, seems to be our main problem.” –Albert Einstein
- 12. Freq. Impact Busy Work and Noise Scary! BCM 2. Optimize this! 3. Target this! 1. Plan for this!
- 13. What to do? Automate! For Scalability & Resiliency For Agility & Responsiveness For Better Quality / Less Errors
- 14. Analytics, AI, & Automation Current State Just starting to become mainstream See: DevOps Infosec needs to catch-up Many dependencies What’s the motivation? All these breaches, yet life goes on Are we trading one “risk” for another? $$$ is not insignificant! Caveat / Warning: “The question is under what circumstances that we still control can that turning over be a good thing? How can we put a human back into the loop such that that human *is* a failsafe.” (Dr. Geer, also Feb 2012)
- 15. An Automated Future Transparent federated authentication & high-assurance ID Goodbye card fraud Hello "easier life" - greatly reduces friction (shopping, travel (TSA), legal matters, financial matters, hiring, etc, etc, etc) Privacy sidebar: who has control: you or an entity (corp/gov)? Wearables lead to real-time medical tracking and alerts “Grandma, we see you’ve fallen, can you get up?” Revisiting the long tail... Or, social clustering and the reinforcement of confirmation bias...
- 16. An Automated Future Transparent federated authN, high-assurance ID Self-healing networks? e.g., NAC+DDoS Mitigation+IPS+??? Knock down high frequency noise Application security testing automation Address low-end skills gaps through AI+automation Key Objective: Scaling while minimizing human error
- 17. Targets for Automation Internal DNS updates Firewall rule deployments Access deployments & terminations Account reconciliation HR/Legal holds Incident context for investigations Application security Note: Yes, we already see some of these things being automated today! Pick “low risk” activities that are easily scripted.
- 18. Automated Deployment Internal DNS Update Firewall Rule Deployment Request Automated Provisioning Automated Formatting & Context Approve? Yes No
- 19. Access Deployment Assumption: A system of record exists! Properly Formatted Request Automated Provisioning Distribute for Approvals Yes No Approve? Approve? Approve? Approve? Approve?
- 20. Access Term./Acct. Reconciliation Assumption: A system of record exists! Properly Formatted Request Proceed? Proceed? Proceed? Proceed? Proceed? Distribute for Approvals Automated Processing Initiate HR or Legal Hold No Access Issues Report
- 21. HR/Legal Holds Assumption: A system of record exists! Properly Formatted Authorized Request Query Accounts, Access, Etc. Archive All Data Lock All Accounts Send Notifications Employee Management Sysadmins (as appropriate)
- 22. Incident Support Start Orchestrate Querying Systems Execute Query Execute Query Execute Query … Data Data Data Malware alert Fraud inbox msg. IPS alert Actio n? Automated Action(s) Manual Action(s) Automated Data Format & Synthesis Close Incident Automated Response
- 23. Application Security SAST SRC git svn Build & Pkg QA testing Production! DAST/IAST VA+PentestQuick Checks Software Comp. Analysis (SCA)
- 24. Things to Consider… Are you copying data from one system to paste to another? Are there highly repetitive tasks that could be automated with basic data input? Automation is not the absence of manual intervention, but the facilitation of smarter manual involved only as needed! With automation comes the impetus for positive resource utilization shifts – now you can get by with a couple high-value resources instead of entire teams of them. Automation not only improves scalability, but it also improves quality by reducing human error!
- 25. What Tools Can You Use? This is just a quick sampling… literally dozens more, free or commercial!
- 26. The Evolutionary Imperative We must evolve, or we will die. Evolution is in response to survivalist intuition. Choose to survive!
- 27. Survival Tips Shift risk management mindset architecting for resiliency DevOps + "all the world's a cloud” + IRM Embrace the power of utility compute power Automate where possible, shift resources to important things! Empower users The secure choice should be the easy choice Don't be a barrier! Incentivize good decisions Remember: It’s not just about achieving an ideal!
- 28. My Grand Vision
- 30. Ben Tomhave @falconsview www.secureconsulting.net
Editor's Notes
- #4: Think about this: the written word was a great innovation, but it didn’t scale until the printing press. https://www.flickr.com/photos/69214385@N04/9535062704 https://www.flickr.com/photos/davidmasters/2516902376 https://www.flickr.com/photos/takomabibelot/3050589967 https://www.flickr.com/photos/smithser/6547866367 https://www.flickr.com/photos/fatedenied/7335413942
- #5: http://hereandnow.wbur.org/2013/10/16/assembly-line-anniversary https://www.flickr.com/photos/jurvetson/6858583426 http://en.wikipedia.org/wiki/File:Tesla_auto_bots.jpg
- #6: https://www.flickr.com/photos/ben_salter/390989131 https://www.flickr.com/photos/55229469@N07/15565227021 https://www.flickr.com/photos/kitmondo/16270896895 https://www.flickr.com/photos/elsie/14490510074 https://www.flickr.com/photos/drainrat/14643613433 https://www.flickr.com/photos/billjacobus1/115786818 https://www.flickr.com/photos/kakissel/6165114664 https://www.flickr.com/photos/creative_tools/8080034547
- #7: https://www.flickr.com/photos/daniel-rehn/9510955960/
- #12: If you look at the things that largely occupy your time, you’ll find that it tends toward high-frequency/low-impact events. And… we’ve become good at chasing down all that garbage… the constant reactive firefighting mode… On the other end of the spectrum, we have low-frequency/high-impact events for which most of us have at least some degree of plans in place (BCM/BCP/DRP)… However, the interesting thing is the needle in the haystack… those medium-to-low-frequency/medium-to-high-impact events that get lost in the blur of all the firefighting, but that don’t quite rise to the level of a BCM event…
- #13: If you look at the things that largely occupy your time, you’ll find that it tends toward high-frequency/low-impact events. And… we’ve become good at chasing down all that garbage… the constant reactive firefighting mode… On the other end of the spectrum, we have low-frequency/high-impact events for which most of us have at least some degree of plans in place (BCM/BCP/DRP)… However, the interesting thing is the needle in the haystack… those medium-to-low-frequency/medium-to-high-impact events that get lost in the blur of all the firefighting, but that don’t quite rise to the level of a BCM event…
- #17: Less focus on authentication, more on authorization.
- #18: Other examples: Automated on-call notifications, system outage notifications, escalations
- #26: Incident response automation is VERY popular in marketing today!