Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
BREAKING OUT OF THE SILO:THE NEED FOR BROAD SECURITY AUTOMATION
Justin PaganoJulian DeFronzo
About Us
2
Julian
Justin
Siloed Automation
3
PREVENT
DETECT
CORRECT
Broad Automation
4
PREVENT
DETECT
CORRECT
Problems
5
DefendersaregettingbetterAttackersaregettingbetterfaster(VerizonDBIR2016*)*2015,2014,2013,2012,2011,2010,2009,and2008
Staffshortage(Peninsula,Cisco)
Industry Background & Status Quo
6
1990s– Early2000s
Industry Background & Status Quo
7
Late2000s Early2010s
Prevent Detect
Correct*
Detect
Correct
Prevent
*Solution: Broad Automation
8
*Oneofmany
Basic Assumptions
9
• Open APIs
• Programming skills
• Time
Strategies
10
• Automate therepeatableprocesses
• Automate acrosstoolsandteams
• Automate rollbacks
• Usemanualstepssparingly
Vulnerability/Patch Management
11
Detectvuln
ServiceRequest
ChangeRequest
Queuepatches Notify Patch! Rescan Close
tickets
=Manual
=Automated
Vulnerability/Patch Management
12
Detectvuln
ServiceRequest
ChangeRequest
Queuepatches Notify Patch! Rescan Close
tickets
Vulnerability/Patch Management
13
Detectvuln
ServiceRequest
ChangeRequest
Queuepatches Notify Patch! Rescan Close
tickets
Quarantine
Vulnerability/Patch Management
14
Detectvuln
ServiceRequest
ChangeRequest
Queuepatches Notify Patch! Rescan Close
tickets
QuarantineDisparatesystems• Vulnerabilityscanner• ITSM• Patchmanagement• Firewall/NetworkManagementDevice
Approve
Configuration Management: Firewalls
15
DefinePolicies&Standards
AuditPoliciesandRules
ReacttoDeviations
ConfigureFirewallRules
Configuration Management: Firewalls
16
DefinePolicies&Standards
AuditPoliciesandRules
ReacttoDeviations
Disparatesystems• ITSM• Config ManagementRepo• Firewall
ConfigureFirewallRules
Rollback
Configuration Management: AWS
17
Phishing Analysis
18
Analyzemetadata
Analyzelinks+
attachments
GrabScreenshots
MessageTrace
DeleteEmails
Notifyuserswho"read"
Notifyabusecontacts
Updateprevention+detection
Phishing Analysis
19
Analyzemetadata
Analyzelinks+
attachments
GrabScreenshots
MessageTrace
DeleteEmails
Notifyuserswho"read"
Notifyabusecontacts
Updateprevention+detection
Disparatesystems• AVscanner• Email/spamserver• Malwaresandbox• SIEM• Webproxy• ThreatIntel
PushButton
BONUS: Screenshots
20
21
Production System Access Management
22
UserRequestsAccess
ApprovalChain
UserProvisioned
AuditActivity?
RemoveAccess
PushButton
Production System Access Management
23
UserRequestsAccess
ApprovalChain
UserProvisioned
AuditActivity
RemoveAccess
Policies & Compliance
24
Senddocsviaemail
Sendreminders Escalate RecordACKs Real-time
dashboards
Disparatesystems• Email• Documentmanagementsystem• Identity&AccessManagementsystem• HRIS
Quarantine
25