BREAKING OUT OF THE SILO - Boston University · (Verizon DBIR 2016) 2015, 2014, 2013, 2012, 2011, 2010, 2009, and 2008 Staff shortage (Peninsula, Cisco) Industry Background & Status

BREAKING OUT OF THE SILO:THE NEED FOR BROAD SECURITY AUTOMATION

Justin PaganoJulian DeFronzo

About Us

2

Julian

Justin

Siloed Automation

3

PREVENT

DETECT

CORRECT

Broad Automation

4

PREVENT

DETECT

CORRECT

Problems

5

DefendersaregettingbetterAttackersaregettingbetterfaster(VerizonDBIR2016*)*2015,2014,2013,2012,2011,2010,2009,and2008

Staffshortage(Peninsula,Cisco)

Industry Background & Status Quo

6

1990s– Early2000s

Industry Background & Status Quo

7

Late2000s Early2010s

Prevent Detect

Correct*

Detect

Correct

Prevent

*Solution: Broad Automation

8

*Oneofmany

Basic Assumptions

9

• Open APIs

• Programming skills

• Time

Strategies

10

• Automate therepeatableprocesses

• Automate acrosstoolsandteams

• Automate rollbacks

• Usemanualstepssparingly

Vulnerability/Patch Management

11

Detectvuln

ServiceRequest

ChangeRequest

Queuepatches Notify Patch! Rescan Close

tickets

=Manual

=Automated


12

Detectvuln

ServiceRequest

ChangeRequest


tickets


13

Detectvuln

ServiceRequest

ChangeRequest


tickets

Quarantine


14

Detectvuln

ServiceRequest

ChangeRequest


tickets

QuarantineDisparatesystems• Vulnerabilityscanner• ITSM• Patchmanagement• Firewall/NetworkManagementDevice

Approve

Configuration Management: Firewalls

15

DefinePolicies&Standards

AuditPoliciesandRules

ReacttoDeviations

ConfigureFirewallRules

Configuration Management: Firewalls

16

DefinePolicies&Standards

AuditPoliciesandRules

ReacttoDeviations

Disparatesystems• ITSM• Config ManagementRepo• Firewall

ConfigureFirewallRules

Rollback

Configuration Management: AWS

17

Phishing Analysis

18

Analyzemetadata

Analyzelinks+

attachments

GrabScreenshots

MessageTrace

DeleteEmails

Notifyuserswho"read"

email

Notifyabusecontacts

Updateprevention+detection

Phishing Analysis

19

Analyzemetadata

Analyzelinks+

attachments

GrabScreenshots

MessageTrace

DeleteEmails

Notifyuserswho"read"

email

Notifyabusecontacts

Updateprevention+detection

Disparatesystems• AVscanner• Email/spamserver• Malwaresandbox• SIEM• Webproxy• ThreatIntel

PushButton

BONUS: Screenshots

20

21

Production System Access Management

22

UserRequestsAccess

ApprovalChain

UserProvisioned

AuditActivity?

RemoveAccess

PushButton

Production System Access Management

23

UserRequestsAccess

ApprovalChain

UserProvisioned

AuditActivity

RemoveAccess

Policies & Compliance

24

Senddocsviaemail

Sendreminders Escalate RecordACKs Real-time

dashboards

Disparatesystems• Email• Documentmanagementsystem• Identity&AccessManagementsystem• HRIS

Quarantine

25

Documents

BREAKING OUT OF THE SILO - Boston University · (Verizon DBIR 2016*) * 2015, 2014, 2013, 2012, 2011, 2010, 2009, and 2008 Staff shortage (Peninsula, Cisco) Industry Background & Status

BREAKING OUT OF THE SILO - Boston University · (Verizon DBIR 2016) 2015, 2014, 2013, 2012, 2011, 2010, 2009, and 2008 Staff shortage (Peninsula, Cisco) Industry Background & Status