Enviar pesquisa
Carregar
Practical Security Automation
•
6 gostaram
•
2,111 visualizações
Jason Chan
Seguir
Presented at the Data Theorem Advisory Board meeting - 12/5/2014.
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 60
Baixar agora
Baixar para ler offline
Recomendados
Ben Dechrai - Writing Viruses for Fun, not Profit - Codemotion Rome 2019
Ben Dechrai - Writing Viruses for Fun, not Profit - Codemotion Rome 2019
Codemotion
Kemtah IT BYOD NLIT DRAFT 2.5-2012
Kemtah IT BYOD NLIT DRAFT 2.5-2012
"Karate" Karadi
The Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
Careers in Security
Careers in Security
Jason Chan
Defending Netflix from Abuse
Defending Netflix from Abuse
Jason Chan
Amazon Web Services Security
Amazon Web Services Security
Jason Chan
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
Cloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
Recomendados
Ben Dechrai - Writing Viruses for Fun, not Profit - Codemotion Rome 2019
Ben Dechrai - Writing Viruses for Fun, not Profit - Codemotion Rome 2019
Codemotion
Kemtah IT BYOD NLIT DRAFT 2.5-2012
Kemtah IT BYOD NLIT DRAFT 2.5-2012
"Karate" Karadi
The Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
Careers in Security
Careers in Security
Jason Chan
Defending Netflix from Abuse
Defending Netflix from Abuse
Jason Chan
Amazon Web Services Security
Amazon Web Services Security
Jason Chan
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
Cloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
Real World Cloud Application Security
Real World Cloud Application Security
Jason Chan
Practical Cloud Security
Practical Cloud Security
Jason Chan
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Refactoring for Software Architecture Smells - International Workshop on Refa...
Refactoring for Software Architecture Smells - International Workshop on Refa...
Ganesh Samarthyam
Dev ops and safety critical systems
Dev ops and safety critical systems
Len Bass
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
Architecture for the cloud deployment case study future
Architecture for the cloud deployment case study future
Len Bass
presentation-chaos-monkey
presentation-chaos-monkey
Matthew Campbell
Informix 12.10.xC7 MQTT listener - june2016
Informix 12.10.xC7 MQTT listener - june2016
Shawn Moe
Cloud Security at Netflix
Cloud Security at Netflix
Jason Chan
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Jason Chan
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
From Code to the Monkeys: Continuous Delivery at Netflix
From Code to the Monkeys: Continuous Delivery at Netflix
Dianne Marsh
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Release the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at Netflix
Gareth Bowles
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
Netflix: A State of Xen - Chaos Monkey & Cassandra
Netflix: A State of Xen - Chaos Monkey & Cassandra
DataStax Academy
Decluttering Health & Safety
Decluttering Health & Safety
Australian Institute of Health & Safety
The Base Rate Fallacy - Source Boston 2013
The Base Rate Fallacy - Source Boston 2013
Patrick Florer
Mais conteúdo relacionado
Destaque
Real World Cloud Application Security
Real World Cloud Application Security
Jason Chan
Practical Cloud Security
Practical Cloud Security
Jason Chan
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Refactoring for Software Architecture Smells - International Workshop on Refa...
Refactoring for Software Architecture Smells - International Workshop on Refa...
Ganesh Samarthyam
Dev ops and safety critical systems
Dev ops and safety critical systems
Len Bass
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
Architecture for the cloud deployment case study future
Architecture for the cloud deployment case study future
Len Bass
presentation-chaos-monkey
presentation-chaos-monkey
Matthew Campbell
Informix 12.10.xC7 MQTT listener - june2016
Informix 12.10.xC7 MQTT listener - june2016
Shawn Moe
Cloud Security at Netflix
Cloud Security at Netflix
Jason Chan
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Jason Chan
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
From Code to the Monkeys: Continuous Delivery at Netflix
From Code to the Monkeys: Continuous Delivery at Netflix
Dianne Marsh
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Release the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at Netflix
Gareth Bowles
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
Netflix: A State of Xen - Chaos Monkey & Cassandra
Netflix: A State of Xen - Chaos Monkey & Cassandra
DataStax Academy
Destaque
(20)
Real World Cloud Application Security
Real World Cloud Application Security
Practical Cloud Security
Practical Cloud Security
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Refactoring for Software Architecture Smells - International Workshop on Refa...
Refactoring for Software Architecture Smells - International Workshop on Refa...
Dev ops and safety critical systems
Dev ops and safety critical systems
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Architecture for the cloud deployment case study future
Architecture for the cloud deployment case study future
presentation-chaos-monkey
presentation-chaos-monkey
Informix 12.10.xC7 MQTT listener - june2016
Informix 12.10.xC7 MQTT listener - june2016
Cloud Security at Netflix
Cloud Security at Netflix
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
From Code to the Monkeys: Continuous Delivery at Netflix
From Code to the Monkeys: Continuous Delivery at Netflix
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Release the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at Netflix
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Netflix: A State of Xen - Chaos Monkey & Cassandra
Netflix: A State of Xen - Chaos Monkey & Cassandra
Semelhante a Practical Security Automation
Decluttering Health & Safety
Decluttering Health & Safety
Australian Institute of Health & Safety
The Base Rate Fallacy - Source Boston 2013
The Base Rate Fallacy - Source Boston 2013
Patrick Florer
Resilience by Usable Security
Resilience by Usable Security
Sven Wohlgemuth
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
Allison Miller
Points 140Term PaperRedesigning Security OperationsCriteria.docx
Points 140Term PaperRedesigning Security OperationsCriteria.docx
harrisonhoward80223
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Codemotion Tel Aviv
Mobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the Trenches
Yair Amit
A holistic view_of_enterprise_security
A holistic view_of_enterprise_security
ehawk01
Supplier Innovation 2.0: Transparency and Effective Utilization of Scorecard ...
Supplier Innovation 2.0: Transparency and Effective Utilization of Scorecard ...
Sustainable Brands
Cloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure Security
Tom Janetscheck
Hutton/Miller SourceBarcelona
Hutton/Miller SourceBarcelona
Alexander Hutton
Predicting the Future and Improving UX Based on the Past
Predicting the Future and Improving UX Based on the Past
Tim Schneider
Keynote @ ECMECC School Security Summit
Keynote @ ECMECC School Security Summit
SecurityStudio
Cloud controls final2
Cloud controls final2
Valencell, Inc.
Converge ppt
Converge ppt
David Trollman
Application Security
Application Security
Reggie Niccolo Santos
Awais rashids-dhaca-presentation
Awais rashids-dhaca-presentation
3GDR
Risk assessment as "The Art of Prevention"
Risk assessment as "The Art of Prevention"
Gabriel (Gaby) Bar Giora
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
SecurityStudio
People Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language Problem
SecurityStudio
Semelhante a Practical Security Automation
(20)
Decluttering Health & Safety
Decluttering Health & Safety
The Base Rate Fallacy - Source Boston 2013
The Base Rate Fallacy - Source Boston 2013
Resilience by Usable Security
Resilience by Usable Security
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
Points 140Term PaperRedesigning Security OperationsCriteria.docx
Points 140Term PaperRedesigning Security OperationsCriteria.docx
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the Trenches
A holistic view_of_enterprise_security
A holistic view_of_enterprise_security
Supplier Innovation 2.0: Transparency and Effective Utilization of Scorecard ...
Supplier Innovation 2.0: Transparency and Effective Utilization of Scorecard ...
Cloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure Security
Hutton/Miller SourceBarcelona
Hutton/Miller SourceBarcelona
Predicting the Future and Improving UX Based on the Past
Predicting the Future and Improving UX Based on the Past
Keynote @ ECMECC School Security Summit
Keynote @ ECMECC School Security Summit
Cloud controls final2
Cloud controls final2
Converge ppt
Converge ppt
Application Security
Application Security
Awais rashids-dhaca-presentation
Awais rashids-dhaca-presentation
Risk assessment as "The Art of Prevention"
Risk assessment as "The Art of Prevention"
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
People Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language Problem
Último
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Rick Flair
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
gvaughan
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
LoriGlavin3
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
Último
(20)
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Practical Security Automation
1.
Prac%cal'Security' Automa%on Jason&Chan
Data$Theorem$Advisory$Board 12/5/2014
2.
3.
4.
5.
6.
7.
Visibility Knowing'the'Environment
8.
9.
Discover
10.
Discover Inventory
11.
Discover Inventory Test
12.
Discover Inventory Test
Report
13.
Knowing'the'Environment'/'Takeaways Tailor'discovery'to'rate'of'change Think&about&normaliza0on&of&discovery&data
14.
Visibility Risk%Priori)za)on
15.
16.
17.
18.
19.
20.
Risk%Priori)za)on%-%Takeaways What%is%measurable?%(objec3vely) Use$as$an$input,$not$law
21.
Visibility Mul$%Layer+Security+Tes$ng
22.
Deconstruc*ng,security,tes*ng
23.
24.
25.
26.
Integrated)tes+ng)for)CI/CD
27.
28.
29.
Mul$%Layer+Security+Tes$ng+%+Takeaways What%conversa-ons%can%you%avoid? Is#there#a#pyramid#you#can#leverage?
30.
Visibility Configura)on*Monitoring
31.
32.
Security)Monkey
33.
34.
Configura)on*Monitoring*.*Takeaways Config&changes&have&a&con-nuum&of&safety Find%ways%to%observe%and%differen1ate
35.
Visibility Intelligence)Discovery)and)Disposi3on
36.
37.
Goals Find%Ne(lix+relevant%security%intelligence Do#something#(ideally,#via#automa4on)
38.
39.
40.
41.
42.
Intelligence)Discovery)and)Disposi3on)4) Takeaways Develop'and'priori-ze'an'intel'taxonomy
43.
Visibility Signal'Refinement'and'Response
44.
Key$Ques(ons What%alerts%require%response? How$quickly?
What%ac'ons%do%you%take?
45.
46.
47.
Goal Reduce&'me&to: detect/triage/contain/eradicate
48.
Step%1 Alert&is&generated&and&sent&to&FIDO (Cyphort,*Carbon*Black/Bit9,*Sophos,*PAN,*Aruba,*etc.)
49.
Step%2 Gather'data (on$issue,$target,$machine,$etc.)
50.
Step%3 Score&the&issue (user,'machine,'threat,'trust)
51.
52.
53.
54.
55.
56.
Step%4 Take%ac'on (ignore,)remediate,)etc.)
57.
58.
59.
Signal'Refinement'and'Response'1'Takeaways Start%small API$as$build/buy$criteria
60.
Thank&you! chan@ne'lix.com.:.@chanjbs
Baixar agora