SlideShare ist ein Scribd-Unternehmen logo

Security Orchestration Review

Chadni Islam
Chadni Islam

The document summarizes a literature review on security orchestration. The review analyzed papers from various sources to understand different aspects of security orchestration such as definitions, challenges it addresses, proposed solutions, adoption practices, and architectural considerations. Key findings include that security orchestration aims to integrate disparate security tools, automate incident response workflows, and bridge the gap between detection and response. It addresses issues like lack of interoperability, skills shortage and inefficient manual processes. Taxonomies of proposed solutions and open challenges in technology, people and processes are also discussed.

Technologie
1 von 40
Downloaden Sie, um offline zu lesen
Multivocal Review of Security Orchestration Chadni Islam CREST centre University of Adelaide Australia CSIRO’s Data61, Australia M. Ali Babar CREST centre University of Adelaide Australia Surya Nepal CSIRO’s Data61 Australia Chadni Islam, Muhammad Ali Babar, and Surya Nepal. 2019. A Multi-Vocal Review of Security Orchestration. ACM Comput. Surv. 52, 2, Article 37 (May 2019), 45 pages. DOI: https://doi.org/10.1145/3305268
Security Incident CREST Centre | University of Adelaide 2 “A security incident is an unwanted or unexpected event/events that have a significant probability of compromising the security of an organization’s assets. ”
Global Cost of Cyber Crime Security Orchestration and Automation 3 41%increase in the cost of data breach in UK in two year. Source: https://www.ibm.com/downloads/cas/861MNWN2
Root Cause of Security Incident and Impacted Industries 4 Source: https://ridethelightning.senseient.com/2019/04/bakerhostetlers-fifth-annual-data-security-incident- response-report-released.html Five Root Cause 750 Incidents CREST Centre | University of Adelaide
Overview of an Organization Decision Against Security Incident 5 IDS/IPS Security Team IDS IDS Scenario of an Organization CREST Centre | University of Adelaide Firewall Alert IDS/ IPS IDS: Intrusion Detection System IPS: Intrusion Prevention System SIEM: Security Information and Event Monitoring System
Overview of an Organization Decision Against Security Incident 6 IDS/IPS Security Team SIEM IDS IDS Scenario of an Organization CREST Centre | University of Adelaide Firewall Alert IDS/ IPS IDS: Intrusion Detection System IPS: Intrusion Prevention System SIEM: Security Information and Event Monitoring System
Overview of an Organization Decision Against Security Incident 7 IDS/IPS Security Team SIEM IDS IDS Scenario of an Organization CREST Centre | University of Adelaide Firewall Alert IDS/ IPS IDS: Intrusion Detection System IPS: Intrusion Prevention System SIEM: Security Information and Event Monitoring System AnalyzeSystem Activities Integrate Validate Analyze Investigate
Overview of an Organization Decision Against Security Incident 8 IDS/IPS Security Team SIEM IDS IDS Scenario of an Organization CREST Centre | University of Adelaide Firewall Alert IDS/ IPS IDS: Intrusion Detection System IPS: Intrusion Prevention System SIEM: Security Information and Event Monitoring System AnalyzeSystem Activities Integrate Validate Analyze Investigate Response Update Threat Intelligence Block address Implement & Enforce Policy Configure Plan
Organizations Plan to Response to a Security Incident 9 Example of Incident Response Plan (IRP) for Phishing Attack # Response Task Activity 1 Is this a phishing attack? Determine if this is a phishing attack? In the task, select yes or no in the outcome. 2 Scan endpoint – malware found? After running a scan, determine whether malware was found. In the task, select yes or no in Outcome. 3 Remove malware – success? Determine whether the malware was successfully remove. In the task, select Yes or no in outcome. 4 Wipe and reimage If you did not successfully remove the malware found, this task instruct you to perform a wipe and reimage on the computers infected with the malware. 5 Update email protection software If it was determined that this is a phishing attack, you are prompted to update your email protection software accordingly. 6 Remove unread phishing email in queue – For Perform the steps necessary to remove the phishing email still in the queue for all of your users Security Orchestration and Automation
Different Task Performed by Security Team 10 MONITOR PROTECT PREVENT DETECT ANALYZE PLAN RESPONSE EVALUATE Network monitoring tool Firewall Intrusion Prevention System Intrusion Detection System SIEM Endpoint Detection & Response … … … Wide Variety of Security Solutions A Wide Range of Multivendor Security Solutions On Average 25 different security systems, that can be more than 100 for some organizations CREST Centre | University of Adelaide
Problem with Traditional Approach CREST Centre | University of Adelaide 11 Security Tools Security Experts Millions of alerts coming everyday Heterogeneous security tools work independently Manual investigation and response Error-prone response Huge response time
Problem with Traditional Approach … CREST Centre| University of Adelaide Incident Response Timeline Source: http://e.bakerlaw.com/rv/ff00498db267a11ce4182d53934889997a36f6d4/p=8213342/ 28Days --- Time to complete forensic investigation 66Days --- Occurrence to Discovery 8Days --- Discovery to Containment 56Days --- Discovery to Notification Occurrence Containment Notification Forensic Investigation Discovery 0 122 Days
Problem with Traditional Approach … 13 Cybersecurity skills gap worsens, security teams are understaffed 2018 Source: https://cybersecurity.isaca.org/state-of-cybersecurity 2019 CREST Centre | University of Adelaide
Security Orchestration Connect and Integrate disparate security solutions Streamlines incident response process Bridge the gap between detection and response Pre-requisite for security automation Unification of people, process and technology Instantly perform the repetitive job of a security experts 14 | Introduction CREST Centre | University of Adelaide
Security Orchestration … 15 Introduction MARKET PRICE – 1.6 BILLION USD BY 2021 WIDESPREAD ADOPTION IN LAST COUPLE OF YEARS SEVERAL START UPS AND ACQUISITION HAVE ARRIVED CREST Centre | University of Adelaide
Security Orchestration … 16 | Problem … … … Lack of Comprehensive view Lack of Common Understanding Lack of research in Academia CREST Centre | University of Adelaide
17 • How to make the tool interoperable? • What are the core components of security orchestration platform? • How the components interact with each other? • What the organization need to build/buy a security orchestration platform? Security Orchestration … Challenges…
A Multi-Vocal Literature Review Chadni Islam, Muhammad Ali Babar, and Surya Nepal, “A Multi-vocal Review of Security Orchestration”, ACM Computing Survey, 2019 18 |
Research Question  What is Security Orchestration?  What challenges security orchestration intend to solve?  What types of solutions have been proposed? What practices have been reported for adopting security orchestration? What types of tools and techniques researchers and practitioners use, propose, design, and implement in practice? What aspects of architecture security practitioners consider for large-scale deployment of security orchestration? CREST Centre | University of Adelaide
Multi-Vocal Literature Review - MLR 20 Systematic literature review of state-of-the-arts and state-of-the- practices Planning and Designing Conducting Reporting 01 02 03
Multi-Vocal Literature Review - MLR 21 Systematic literature review of state-of-the-arts and state-of-the- practices Planning and Designing Conducting Reporting 01 02 03 Legend Main step Activity Sub-step Flow Start/End Sub step Flow Start MLR planning and design Inclusion and exclusion criteria Research Identification MLR Goal RQs Search Strategies Selecting Data source Design search strings
Multi-Vocal Literature Review - MLR 22 Systematic literature review of state-of-the-arts and state-of-the- practices Planning and Designing Conducting Reporting 01 02 03 Legend Main step Activity Sub-step Flow Start/End Sub step Flow Start Conducting MLR Data extraction Data extraction based on RQ Study Selection Data Synthesis and Data Analysis Generalization and categorization Identification of key elements MLR planning and design Inclusion and exclusion criteria Research Identification MLR Goal RQs Search Strategies Selecting Data source Design search strings
Multi-Vocal Literature Review - MLR 23 Systematic literature review of state-of-the-arts and state-of-the- practices Planning and Designing Conducting Reporting 01 02 03 Legend Main step Activity Sub-step Flow Start/End Sub step Flow Start Conducting MLR Data extraction Data extraction based on RQ Study Selection Data Synthesis and Data Analysis Generalization and categorization Identification of key elements MLR planning and design Inclusion and exclusion criteria Research Identification MLR Goal RQs Search Strategies Selecting Data source Design search strings End Reporting MLR Mapping and review results
Multi-Vocal Literature Review – MLR … 24 | Study Selection Selection of Grey Literature IEEE ACM Step 2: Screen on basis of title and abstract SCOPUS Step 1: Running search string Step 3: Removing duplicates Step 4: Excluding paper shorter than 6 pages 600 271 1017 IEEE ACM DL SCOPUS N: 271 N: 290 N: 225 N: 37 DBLP N: 19 N: 274 Manual Search Google scholar N: 6 Step 6: Additional search on Google Scholar Running search string Applying eligibility criteria Google Search Engine N: 52 Crawl through Websites N: 43 N: 95 Studies included for qualitative synthesis Selection of Academic Literature Step 5: Articles screened on basis on full text
Findings of the MLR 25
What is Security Orchestration? “Security Orchestration is the planning, integration, cooperation, and coordination of the activities of security tools and experts to produce and automate required actions in response to any security incident across multiple technology paradigms.” An Ontology-Driven Approach to Automate the Process of Integration Security Software Systems | ICSSP 2019 26 Definition Integration Orchestration Automation
Overview of an Organization Decision Against Security Incident IDS Integrate Analyze System Activities Security Experts Validate Alerts Update Threat Intelligence Organization Block address Investigation Plan Update Threat Intelligence Block address Configure With Orchestration Manual Automate Implement & Enforce Policy Orchestration Platform Integrate ValidateAnalyze Configure Without Orchestration Investigate Plan Response CREST Centre| University of Adelaide
Key Functionalities of Security Orchestration • Unify security tools • Determine endpoint for human investigation • Share contextual insight Act as a hub • Translate complex process into streamline workflow • Maintain process consistency across security program • Provide deployment model • Determine appropriate course of action Orchestrate security activities • Automate repetitive and manual task • Automate policy enforcement across disparate solutions Enable automated response
Core Components of Security Orchestration Security Orchestration Platform Unification Unit Description Module Collector Pre- processor Dashboard Orchestration Unit Planning Module Threat Intelligence Detection Module Automation Unit Remediation Module Action Performer
Key Quality Attributes of Security Orchestration 30 | UsabilityAdaptability Flexibility Timeliness AccuracyScalability
What Challenges Security Orchestration Intend to Solve? 31 |CREST Centre | University of Adelaide
Drivers of Security Orchestration Socio-technical Issues Technical Issues Challenges Lack of tools and technologies to automate response Lack of Interoperability among isolated security tools Limitation of existing tools to provide required services Lack of collaboration and coordination Lack of skills and expertise Lack of frameworks More responsibility on human experts CREST Centre | University of Adelaide
What types of solutions have been proposed? 33 |
Taxonomy of Security Orchestration Workflow Scripting Prioritization Learning Plugin Auto-Integration Automation Strategy End point Cloud Data Centre Threat Management Execution Environment Automated Semi -Automated Manual Task Mode Central Distributed Hybrid Deployment Type Security Orchestration Platform CREST Centre | University of Adelaide
Open Issues • Little involvement and collaboration among different level of staffs during the orchestration and automation • Lack of security architect for risk and policy management • No holistic training for staff to understand security orchestration platform, integrated tools and incident response workflow TechnologyPeople Process CREST Centre | University of Adelaide
Open Issues • Little involvement and collaboration among different level of staffs during the orchestration and automation • Lack of security architect for risk and policy management • No holistic training for staff to understand security orchestration platform, integrated tools and incident response workflow • Insufficient alignment of Incident response process with organizations existing IT operational framework • No clear agreement among vendor on what need to orchestrate and what can be automated • No guideline to assess maturity of orchestration process and incorporate automation into the system TechnologyPeople Process CREST Centre | University of Adelaide
Open Issues • Little involvement and collaboration among different level of staffs during the orchestration and automation • Lack of security architect for risk and policy management • No holistic training for staff to understand security orchestration platform, integrated tools and incident response workflow • Insufficient alignment of Incident response process with organizations existing IT operational framework • No clear agreement among vendor on what need to orchestrate and what can be automated • No guideline to assess maturity of orchestration process and incorporate automation into the system • Lack of modeling notation and language to support integration of security information at runtime • Increasing diversity of integrated security solutions due to dynamic change of attack patterns • Few research on AI for scalable and flexible security orchestration and integration TechnologyPeople Process CREST Centre | University of Adelaide
Future Direction 38 • Design and implement an Architecture to support large scale realization of security orchestration. • To provide Reference Architecture for security orchestration that can facilitate design and development of concrete security orchestration architectures. • Instantiate a distributed and self-adaptable security orchestration engine.
Reference https://dl.acm.org/doi/fullHtml/10.1145/3305268 Preprint https://www.researchgate.net/publication/332818244_A_Mul ti-Vocal_Review_of_Security_Orchestration Published Version @article{10.1145/3305268, author= {Islam,Chadni and Babar,MuhammadAli and Nepal, Surya}, title = {A Multi-VocalReview of Security Orchestration}, year = {2019}, issue_date= {May 2019}, publisher= {Associationfor ComputingMachinery}, address= {New York, NY, USA}, volume = {52}, number = {2}, issn = {0360-0300}, url = {https://doi.org/10.1145/3305268}, doi = {10.1145/3305268}, journal= {ACM Comput.Surv.}, month= apr, articleno = {37}, numpages= {45}, keywords = {intelligentsecurityassistant,security automation, multivocalliteraturereview, Security orchestration}} BibTex Chadni Islam, Muhammad Ali Babar, and Surya Nepal. 2019. A Multi-Vocal Review of Security Orchestration. ACM Comput. Surv. 52, 2, Article 37 (May 2019), 45 pages. DOI:https://doi.org/10.1145/3305268
Question??? Chadni Islam CREST Centre (https://crest-centre.net/) School of Computer Science, University of Adelaide Adelaide, Australia and CSIRO’s Data61, Australia Email: chadni19@gmail.com, chadni.islam@adelaide.edu.au @_Chadni_ https://twitter.com/_Chadni_

Empfohlen

Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationChadni Islam
 
Automated Interpretation and Integration of Security Tools Using Semantic Kno...
Automated Interpretation and Integration of Security Tools Using Semantic Kno...Automated Interpretation and Integration of Security Tools Using Semantic Kno...
Automated Interpretation and Integration of Security Tools Using Semantic Kno...Chadni Islam
 
Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Chadni Islam
 
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...IRJET Journal
 
Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudCloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudTom Janetscheck
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkDigit Oktavianto
 
IIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseIIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseKaspersky
 

Empfohlen

Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationChadni Islam
 
Automated Interpretation and Integration of Security Tools Using Semantic Kno...
Automated Interpretation and Integration of Security Tools Using Semantic Kno...Automated Interpretation and Integration of Security Tools Using Semantic Kno...
Automated Interpretation and Integration of Security Tools Using Semantic Kno...Chadni Islam
 
Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Chadni Islam
 
Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...Implementation of Secured Network Based Intrusion Detection System Using SVM ...
Implementation of Secured Network Based Intrusion Detection System Using SVM ...IRJET Journal
 
Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudCloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudTom Janetscheck
 
Cyber Security Threat Modeling
Cyber Security Threat ModelingCyber Security Threat Modeling
Cyber Security Threat ModelingDr. Anish Cheriyan (PhD)
 
Leverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkLeverage Endpooint Visibilit with MITRE ATT&CK Framework
Leverage Endpooint Visibilit with MITRE ATT&CK FrameworkDigit Oktavianto
 
IIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseIIC IoT Security Maturity Model: Description and Intended Use
IIC IoT Security Maturity Model: Description and Intended UseKaspersky
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Threat modeling demystified
Threat modeling demystifiedThreat modeling demystified
Threat modeling demystifiedPriyanka Aash
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepEnterpriseGRC Solutions, Inc.
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?InfosecTrain
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superwormUltraUploader
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Dragos, Inc.
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatSurachai Chatchalermpun
 
CIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneCIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneSean Roth
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...Tom Nipravsky
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016EnterpriseGRC Solutions, Inc.
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 

Weitere ähnliche Inhalte

Was ist angesagt?

Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Threat modeling demystified
Threat modeling demystifiedThreat modeling demystified
Threat modeling demystifiedPriyanka Aash
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slidesSteve Arnold
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Phil Agcaoili
 
How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?InfosecTrain
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superwormUltraUploader
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Dragos, Inc.
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsIRJET Journal
 
CIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneCIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneSean Roth
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingPriyanka Aash
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...Tom Nipravsky
 

Was ist angesagt? (20)

Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Threat modeling demystified
Threat modeling demystifiedThreat modeling demystified
Threat modeling demystified
 
security_assessment_slides
security_assessment_slidessecurity_assessment_slides
security_assessment_slides
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6Intel Presentation from NIST Cybersecurity Framework Workshop 6
Intel Presentation from NIST Cybersecurity Framework Workshop 6
 
How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
A theoretical superworm
A theoretical superwormA theoretical superworm
A theoretical superworm
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
CSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoatCSSLP & OWASP & WebGoat
CSSLP & OWASP & WebGoat
 
CIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOneCIO Review 2016-AUG SentinelOne
CIO Review 2016-AUG SentinelOne
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digita...
 

Ähnlich wie Security Orchestration Review

For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRhys A. Mossom
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalJohn Dunne
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learningBryan Fendley
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Cisco 2016 Security Report
Cisco 2016 Security Report Cisco 2016 Security Report
Cisco 2016 Security Report Steve Fantauzzo
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportJames Gachie
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementMel Drews
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirtvngundi
 

Ähnlich wie Security Orchestration Review (20)

Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Presentation to GFCE 2019 in Addis Ababa, Ethiopia
Presentation to GFCE 2019 in Addis Ababa, EthiopiaPresentation to GFCE 2019 in Addis Ababa, Ethiopia
Presentation to GFCE 2019 in Addis Ababa, Ethiopia
 
Cyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdfCyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdf
 
Cyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdfCyber security report 2017 cisco 2017 acr_pdf
Cyber security report 2017 cisco 2017 acr_pdf
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 Final
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Cisco Annual Security Report 2016
Cisco Annual Security Report 2016Cisco Annual Security Report 2016
Cisco Annual Security Report 2016
 
Cisco 2016 Security Report
Cisco 2016 Security Report Cisco 2016 Security Report
Cisco 2016 Security Report
 
Cisco asr-2016-160121231711
Cisco asr-2016-160121231711Cisco asr-2016-160121231711
Cisco asr-2016-160121231711
 
Cisco Annual Security Report
Cisco Annual Security ReportCisco Annual Security Report
Cisco Annual Security Report
 
Cisco 2016 Annual Security Report
Cisco 2016 Annual Security ReportCisco 2016 Annual Security Report
Cisco 2016 Annual Security Report
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
information security management
information security managementinformation security management
information security management
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirt
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 

Kürzlich hochgeladen

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Kürzlich hochgeladen (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Security Orchestration Review

  • 1. Multivocal Review of Security Orchestration Chadni Islam CREST centre University of Adelaide Australia CSIRO’s Data61, Australia M. Ali Babar CREST centre University of Adelaide Australia Surya Nepal CSIRO’s Data61 Australia Chadni Islam, Muhammad Ali Babar, and Surya Nepal. 2019. A Multi-Vocal Review of Security Orchestration. ACM Comput. Surv. 52, 2, Article 37 (May 2019), 45 pages. DOI: https://doi.org/10.1145/3305268
  • 2. Security Incident CREST Centre | University of Adelaide 2 “A security incident is an unwanted or unexpected event/events that have a significant probability of compromising the security of an organization’s assets. ”
  • 3. Global Cost of Cyber Crime Security Orchestration and Automation 3 41%increase in the cost of data breach in UK in two year. Source: https://www.ibm.com/downloads/cas/861MNWN2
  • 4. Root Cause of Security Incident and Impacted Industries 4 Source: https://ridethelightning.senseient.com/2019/04/bakerhostetlers-fifth-annual-data-security-incident- response-report-released.html Five Root Cause 750 Incidents CREST Centre | University of Adelaide
  • 5. Overview of an Organization Decision Against Security Incident 5 IDS/IPS Security Team IDS IDS Scenario of an Organization CREST Centre | University of Adelaide Firewall Alert IDS/ IPS IDS: Intrusion Detection System IPS: Intrusion Prevention System SIEM: Security Information and Event Monitoring System
  • 6. Overview of an Organization Decision Against Security Incident 6 IDS/IPS Security Team SIEM IDS IDS Scenario of an Organization CREST Centre | University of Adelaide Firewall Alert IDS/ IPS IDS: Intrusion Detection System IPS: Intrusion Prevention System SIEM: Security Information and Event Monitoring System
  • 7. Overview of an Organization Decision Against Security Incident 7 IDS/IPS Security Team SIEM IDS IDS Scenario of an Organization CREST Centre | University of Adelaide Firewall Alert IDS/ IPS IDS: Intrusion Detection System IPS: Intrusion Prevention System SIEM: Security Information and Event Monitoring System AnalyzeSystem Activities Integrate Validate Analyze Investigate
  • 8. Overview of an Organization Decision Against Security Incident 8 IDS/IPS Security Team SIEM IDS IDS Scenario of an Organization CREST Centre | University of Adelaide Firewall Alert IDS/ IPS IDS: Intrusion Detection System IPS: Intrusion Prevention System SIEM: Security Information and Event Monitoring System AnalyzeSystem Activities Integrate Validate Analyze Investigate Response Update Threat Intelligence Block address Implement & Enforce Policy Configure Plan
  • 9. Organizations Plan to Response to a Security Incident 9 Example of Incident Response Plan (IRP) for Phishing Attack # Response Task Activity 1 Is this a phishing attack? Determine if this is a phishing attack? In the task, select yes or no in the outcome. 2 Scan endpoint – malware found? After running a scan, determine whether malware was found. In the task, select yes or no in Outcome. 3 Remove malware – success? Determine whether the malware was successfully remove. In the task, select Yes or no in outcome. 4 Wipe and reimage If you did not successfully remove the malware found, this task instruct you to perform a wipe and reimage on the computers infected with the malware. 5 Update email protection software If it was determined that this is a phishing attack, you are prompted to update your email protection software accordingly. 6 Remove unread phishing email in queue – For Perform the steps necessary to remove the phishing email still in the queue for all of your users Security Orchestration and Automation
  • 10. Different Task Performed by Security Team 10 MONITOR PROTECT PREVENT DETECT ANALYZE PLAN RESPONSE EVALUATE Network monitoring tool Firewall Intrusion Prevention System Intrusion Detection System SIEM Endpoint Detection & Response … … … Wide Variety of Security Solutions A Wide Range of Multivendor Security Solutions On Average 25 different security systems, that can be more than 100 for some organizations CREST Centre | University of Adelaide
  • 11. Problem with Traditional Approach CREST Centre | University of Adelaide 11 Security Tools Security Experts Millions of alerts coming everyday Heterogeneous security tools work independently Manual investigation and response Error-prone response Huge response time
  • 12. Problem with Traditional Approach … CREST Centre| University of Adelaide Incident Response Timeline Source: http://e.bakerlaw.com/rv/ff00498db267a11ce4182d53934889997a36f6d4/p=8213342/ 28Days --- Time to complete forensic investigation 66Days --- Occurrence to Discovery 8Days --- Discovery to Containment 56Days --- Discovery to Notification Occurrence Containment Notification Forensic Investigation Discovery 0 122 Days
  • 13. Problem with Traditional Approach … 13 Cybersecurity skills gap worsens, security teams are understaffed 2018 Source: https://cybersecurity.isaca.org/state-of-cybersecurity 2019 CREST Centre | University of Adelaide
  • 14. Security Orchestration Connect and Integrate disparate security solutions Streamlines incident response process Bridge the gap between detection and response Pre-requisite for security automation Unification of people, process and technology Instantly perform the repetitive job of a security experts 14 | Introduction CREST Centre | University of Adelaide
  • 15. Security Orchestration … 15 Introduction MARKET PRICE – 1.6 BILLION USD BY 2021 WIDESPREAD ADOPTION IN LAST COUPLE OF YEARS SEVERAL START UPS AND ACQUISITION HAVE ARRIVED CREST Centre | University of Adelaide
  • 16. Security Orchestration … 16 | Problem … … … Lack of Comprehensive view Lack of Common Understanding Lack of research in Academia CREST Centre | University of Adelaide
  • 17. 17 • How to make the tool interoperable? • What are the core components of security orchestration platform? • How the components interact with each other? • What the organization need to build/buy a security orchestration platform? Security Orchestration … Challenges…
  • 18. A Multi-Vocal Literature Review Chadni Islam, Muhammad Ali Babar, and Surya Nepal, “A Multi-vocal Review of Security Orchestration”, ACM Computing Survey, 2019 18 |
  • 19. Research Question  What is Security Orchestration?  What challenges security orchestration intend to solve?  What types of solutions have been proposed? What practices have been reported for adopting security orchestration? What types of tools and techniques researchers and practitioners use, propose, design, and implement in practice? What aspects of architecture security practitioners consider for large-scale deployment of security orchestration? CREST Centre | University of Adelaide
  • 20. Multi-Vocal Literature Review - MLR 20 Systematic literature review of state-of-the-arts and state-of-the- practices Planning and Designing Conducting Reporting 01 02 03
  • 21. Multi-Vocal Literature Review - MLR 21 Systematic literature review of state-of-the-arts and state-of-the- practices Planning and Designing Conducting Reporting 01 02 03 Legend Main step Activity Sub-step Flow Start/End Sub step Flow Start MLR planning and design Inclusion and exclusion criteria Research Identification MLR Goal RQs Search Strategies Selecting Data source Design search strings
  • 22. Multi-Vocal Literature Review - MLR 22 Systematic literature review of state-of-the-arts and state-of-the- practices Planning and Designing Conducting Reporting 01 02 03 Legend Main step Activity Sub-step Flow Start/End Sub step Flow Start Conducting MLR Data extraction Data extraction based on RQ Study Selection Data Synthesis and Data Analysis Generalization and categorization Identification of key elements MLR planning and design Inclusion and exclusion criteria Research Identification MLR Goal RQs Search Strategies Selecting Data source Design search strings
  • 23. Multi-Vocal Literature Review - MLR 23 Systematic literature review of state-of-the-arts and state-of-the- practices Planning and Designing Conducting Reporting 01 02 03 Legend Main step Activity Sub-step Flow Start/End Sub step Flow Start Conducting MLR Data extraction Data extraction based on RQ Study Selection Data Synthesis and Data Analysis Generalization and categorization Identification of key elements MLR planning and design Inclusion and exclusion criteria Research Identification MLR Goal RQs Search Strategies Selecting Data source Design search strings End Reporting MLR Mapping and review results
  • 24. Multi-Vocal Literature Review – MLR … 24 | Study Selection Selection of Grey Literature IEEE ACM Step 2: Screen on basis of title and abstract SCOPUS Step 1: Running search string Step 3: Removing duplicates Step 4: Excluding paper shorter than 6 pages 600 271 1017 IEEE ACM DL SCOPUS N: 271 N: 290 N: 225 N: 37 DBLP N: 19 N: 274 Manual Search Google scholar N: 6 Step 6: Additional search on Google Scholar Running search string Applying eligibility criteria Google Search Engine N: 52 Crawl through Websites N: 43 N: 95 Studies included for qualitative synthesis Selection of Academic Literature Step 5: Articles screened on basis on full text
  • 25. Findings of the MLR 25
  • 26. What is Security Orchestration? “Security Orchestration is the planning, integration, cooperation, and coordination of the activities of security tools and experts to produce and automate required actions in response to any security incident across multiple technology paradigms.” An Ontology-Driven Approach to Automate the Process of Integration Security Software Systems | ICSSP 2019 26 Definition Integration Orchestration Automation
  • 27. Overview of an Organization Decision Against Security Incident IDS Integrate Analyze System Activities Security Experts Validate Alerts Update Threat Intelligence Organization Block address Investigation Plan Update Threat Intelligence Block address Configure With Orchestration Manual Automate Implement & Enforce Policy Orchestration Platform Integrate ValidateAnalyze Configure Without Orchestration Investigate Plan Response CREST Centre| University of Adelaide
  • 28. Key Functionalities of Security Orchestration • Unify security tools • Determine endpoint for human investigation • Share contextual insight Act as a hub • Translate complex process into streamline workflow • Maintain process consistency across security program • Provide deployment model • Determine appropriate course of action Orchestrate security activities • Automate repetitive and manual task • Automate policy enforcement across disparate solutions Enable automated response
  • 29. Core Components of Security Orchestration Security Orchestration Platform Unification Unit Description Module Collector Pre- processor Dashboard Orchestration Unit Planning Module Threat Intelligence Detection Module Automation Unit Remediation Module Action Performer
  • 30. Key Quality Attributes of Security Orchestration 30 | UsabilityAdaptability Flexibility Timeliness AccuracyScalability
  • 31. What Challenges Security Orchestration Intend to Solve? 31 |CREST Centre | University of Adelaide
  • 32. Drivers of Security Orchestration Socio-technical Issues Technical Issues Challenges Lack of tools and technologies to automate response Lack of Interoperability among isolated security tools Limitation of existing tools to provide required services Lack of collaboration and coordination Lack of skills and expertise Lack of frameworks More responsibility on human experts CREST Centre | University of Adelaide
  • 33. What types of solutions have been proposed? 33 |
  • 34. Taxonomy of Security Orchestration Workflow Scripting Prioritization Learning Plugin Auto-Integration Automation Strategy End point Cloud Data Centre Threat Management Execution Environment Automated Semi -Automated Manual Task Mode Central Distributed Hybrid Deployment Type Security Orchestration Platform CREST Centre | University of Adelaide
  • 35. Open Issues • Little involvement and collaboration among different level of staffs during the orchestration and automation • Lack of security architect for risk and policy management • No holistic training for staff to understand security orchestration platform, integrated tools and incident response workflow TechnologyPeople Process CREST Centre | University of Adelaide
  • 36. Open Issues • Little involvement and collaboration among different level of staffs during the orchestration and automation • Lack of security architect for risk and policy management • No holistic training for staff to understand security orchestration platform, integrated tools and incident response workflow • Insufficient alignment of Incident response process with organizations existing IT operational framework • No clear agreement among vendor on what need to orchestrate and what can be automated • No guideline to assess maturity of orchestration process and incorporate automation into the system TechnologyPeople Process CREST Centre | University of Adelaide
  • 37. Open Issues • Little involvement and collaboration among different level of staffs during the orchestration and automation • Lack of security architect for risk and policy management • No holistic training for staff to understand security orchestration platform, integrated tools and incident response workflow • Insufficient alignment of Incident response process with organizations existing IT operational framework • No clear agreement among vendor on what need to orchestrate and what can be automated • No guideline to assess maturity of orchestration process and incorporate automation into the system • Lack of modeling notation and language to support integration of security information at runtime • Increasing diversity of integrated security solutions due to dynamic change of attack patterns • Few research on AI for scalable and flexible security orchestration and integration TechnologyPeople Process CREST Centre | University of Adelaide
  • 38. Future Direction 38 • Design and implement an Architecture to support large scale realization of security orchestration. • To provide Reference Architecture for security orchestration that can facilitate design and development of concrete security orchestration architectures. • Instantiate a distributed and self-adaptable security orchestration engine.
  • 39. Reference https://dl.acm.org/doi/fullHtml/10.1145/3305268 Preprint https://www.researchgate.net/publication/332818244_A_Mul ti-Vocal_Review_of_Security_Orchestration Published Version @article{10.1145/3305268, author= {Islam,Chadni and Babar,MuhammadAli and Nepal, Surya}, title = {A Multi-VocalReview of Security Orchestration}, year = {2019}, issue_date= {May 2019}, publisher= {Associationfor ComputingMachinery}, address= {New York, NY, USA}, volume = {52}, number = {2}, issn = {0360-0300}, url = {https://doi.org/10.1145/3305268}, doi = {10.1145/3305268}, journal= {ACM Comput.Surv.}, month= apr, articleno = {37}, numpages= {45}, keywords = {intelligentsecurityassistant,security automation, multivocalliteraturereview, Security orchestration}} BibTex Chadni Islam, Muhammad Ali Babar, and Surya Nepal. 2019. A Multi-Vocal Review of Security Orchestration. ACM Comput. Surv. 52, 2, Article 37 (May 2019), 45 pages. DOI:https://doi.org/10.1145/3305268
  • 40. Question??? Chadni Islam CREST Centre (https://crest-centre.net/) School of Computer Science, University of Adelaide Adelaide, Australia and CSIRO’s Data61, Australia Email: chadni19@gmail.com, chadni.islam@adelaide.edu.au @_Chadni_ https://twitter.com/_Chadni_