Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Automation Standards Landscape

Published byJuliana Warren Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Automation Standards Landscape"— Presentation transcript:

1 Security Automation Standards Landscape

2 The Evolution of a Security Event Ecosystem
SEM Security Event Management Real time event detection and classification SIEM Security Information & Event Management Merger of SEM and SIM tools and their data stores Proactive Defense Real time use of event data to reconfigure defenses to stop attacks as they occur Unorganized Data from Syslog, Firewall & IDS logs, etc. Self Healing Ecosystem for Networks, Devices and Data 2014 SIM Security Information Management Stored data analysis for forensics, trend data, and compliance evidence Data Analytics Situational awareness provided by advanced source ingestion, data correlation and analysis Security Automation Standard protocols and content repositories merge network and device detection and remediation Contact Frequency Probability of Action

3 Automating Event Management
2) Protect Standardize and enforce device configuration, policies 1) Identify Standardize and enforce device configuration, policies 3) Detect Continuously monitor for unapproved accidental or malicious changes 4) Respond Affected or observant devices report to community, operations centers, etc. 5) Recover Alerts automatically restore device. New threats automatically enhance configuration Common configuration & event repository

4 Ongoing Industry & Standard Support
2) Protect NIST-MITRE: SCAP NIST: CAESAR-FE IETF: SACM Open Group: ACEML Identify NIST-MITRE: SCAP NIST: CAESAR-FE IETF: NEA, SACM Open Group: ACEML 3) Detect TCG: TPM, MTM 4) Respond IETF: IODEF, RID, MILE Open Group: XDAS MITRE: STIX, TAXII Common configuration & event repository Trusted Computing Group: IF-MAP User-Advisors: Boeing, CMU, DHS, DoD, MITRE, NASA, NIST, NSA Vendor Participation: Avaya, Chinamobile, Cisco, EMC, HP ArcSight, IBM, Juniper, nCircle, McAfee, Qualys, ThreatGuard, Tripwire 5) Recover IETF: NEA, SACM

5 Standards Gaps: Security Automation
Whitepaper framing customer pain points & problems, requirements Over-arching framework or architecture describing all relevant standards and interoperability Multi vendor interoperable solutions Other gaps?

6 Vision for Future State: Security Automation
14 September, 2018 Vision for Future State: Security Automation Use behind healthcare forum discussion, las 2 questions Copyright © The Open Group 2012

7 Security Automation Summary
Benefits Challenges Accurate and timely situational awareness Support for informed decision-making Share information with other defenders Enable automated or facilitate manual responses Automated responses can be used against you Security automation is new technology Defenders relying on automation can become complacent Sophisticated attacks can go unnoticed

8 Food for Thought: Is there a need to rationalize or connect security automation in enterprise security architectures? Today we may have manually-oriented functions (event management, incident response, patching) described in our enterprise security architecture Going forward, Automated Security responses could be designed in… Is there a need to connect security automation to risk management? Risk analysis could help pinpoint where assets at risk need mitigating controls

Download ppt "Security Automation Standards Landscape"

Similar presentations

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.

© 2013 Bradford Networks. All rights reserved. Rapid Threat Response From 7 Days to 7 Seconds.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.

Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Security Controls – What Works

Security Controls – What Works
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Lessons Learned in Smart Grid Cyber Security

Lessons Learned in Smart Grid Cyber Security
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
EEye Digital Security  1.866.339.3732   On the Frontline of the Threat Landscape: Simple configuration goes a long way.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan www.gilligangroupinc.com May, 2009.

Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.

Similar presentations

Ads by Google