Presented at the Data Theorem Advisory Board meeting - 12/5/2014.

1. Prac%cal'Security'
Automa%on
Jason&Chan
Data$Theorem$Advisory$Board
12/5/2014

7. Visibility
Knowing'the'Environment

9. Discover

10. Discover
Inventory

11. Discover
Inventory
Test

12. Discover
Inventory
Test
Report

13. Knowing'the'Environment'/'Takeaways
Tailor'discovery'to'rate'of'change
Think&about&normaliza0on&of&discovery&data

14. Visibility
Risk%Priori)za)on

20. Risk%Priori)za)on%-%Takeaways
What%is%measurable?%(objec3vely)
Use$as$an$input,$not$law

21. Visibility
Mul$%Layer+Security+Tes$ng

22. Deconstruc*ng,security,tes*ng

26. Integrated)tes+ng)for)CI/CD

29. Mul$%Layer+Security+Tes$ng+%+Takeaways
What%conversa-ons%can%you%avoid?
Is#there#a#pyramid#you#can#leverage?

30. Visibility
Configura)on*Monitoring

32. Security)Monkey

34. Configura)on*Monitoring*.*Takeaways
Config&changes&have&a&con-nuum&of&safety
Find%ways%to%observe%and%differen1ate

35. Visibility
Intelligence)Discovery)and)Disposi3on

37. Goals
Find%Ne(lix+relevant%security%intelligence
Do#something#(ideally,#via#automa4on)

42. Intelligence)Discovery)and)Disposi3on)4)
Takeaways
Develop'and'priori-ze'an'intel'taxonomy

43. Visibility
Signal'Refinement'and'Response

44. Key$Ques(ons
What%alerts%require%response?
How$quickly?
What%ac'ons%do%you%take?

47. Goal
Reduce&'me&to:
detect/triage/contain/eradicate

48. Step%1
Alert&is&generated&and&sent&to&FIDO
(Cyphort,*Carbon*Black/Bit9,*Sophos,*PAN,*Aruba,*etc.)

49. Step%2
Gather'data
(on$issue,$target,$machine,$etc.)

50. Step%3
Score&the&issue
(user,'machine,'threat,'trust)

56. Step%4
Take%ac'on
(ignore,)remediate,)etc.)

59. Signal'Refinement'and'Response'1'Takeaways
Start%small
API$as$build/buy$criteria

60. Thank&you!
chan@ne'lix.com.:.@chanjbs