SLIDE 1
Michael Brunton-Spall Bruntonspall Ltd
Michael Brunton-Spall Bruntonspall Ltd
The evolving practice of security Michael Brunton-Spall - - PowerPoint PPT Presentation
The evolving practice of security Michael Brunton-Spall - - PowerPoint PPT Presentation
The evolving practice of security Michael Brunton-Spall Bruntonspall Ltd Michael Brunton-Spall He/His/Him michael@bruntonspall.com https://tinyletter.com/cyberweekly Michael Brunton-Spall Bruntonspall Ltd Why is security evolving Where
SLIDE 2
SLIDE 3
Michael Brunton-Spall Bruntonspall Ltd
Why is security evolving Where we’ve come from Where we are going
SLIDE 4
Michael Brunton-Spall Bruntonspall Ltd
How to rethink security practices in organisations
SLIDE 5
Michael Brunton-Spall Bruntonspall Ltd
Some Context
SLIDE 6
08/03/2019 6
Michael Brunton-Spall Bruntonspall Ltd
2005
SLIDE 7
08/03/2019 7
Michael Brunton-Spall Bruntonspall Ltd
2010
SLIDE 8
08/03/2019 8
Michael Brunton-Spall Bruntonspall Ltd
2013
SLIDE 9
08/03/2019 9
Michael Brunton-Spall Bruntonspall Ltd
2018 2018
SLIDE 10
Michael Brunton-Spall Bruntonspall Ltd
Maginot Line
SLIDE 11
Michael Brunton-Spall Bruntonspall Ltd
1930 France “We’d really like the Germans not to invade”
SLIDE 12
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 13
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 14
Michael Brunton-Spall Bruntonspall Ltd
In WW1, they came slowly
- verland and built trenches
SLIDE 15
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 16
Michael Brunton-Spall Bruntonspall Ltd
The Germans had invented Blitzkrieg “Lightning Strike” which simply went around
SLIDE 17
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 18
Michael Brunton-Spall Bruntonspall Ltd
The French were fighting a war from 1920 against an adversary using 1939 techniques
SLIDE 19
Michael Brunton-Spall Bruntonspall Ltd
The evolution of compute
SLIDE 20
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 21
Michael Brunton-Spall Bruntonspall Ltd
From on premise to cloud
SLIDE 22
Michael Brunton-Spall Bruntonspall Ltd
Physical machine
SLIDE 23
Michael Brunton-Spall Bruntonspall Ltd
Remote hosted machine
SLIDE 24
Michael Brunton-Spall Bruntonspall Ltd
Virtual machines in a data center
SLIDE 25
Michael Brunton-Spall Bruntonspall Ltd
Virtual machines at scale
SLIDE 26
Michael Brunton-Spall Bruntonspall Ltd
Side note: Wardley Mapping
SLIDE 27
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 28
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 29
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 30
Michael Brunton-Spall Bruntonspall Ltd
Why Wardley Maps?
SLIDE 31
Michael Brunton-Spall Bruntonspall Ltd
We can see changing landscapes
SLIDE 32
Michael Brunton-Spall Bruntonspall Ltd
We can discuss strategies
SLIDE 33
Michael Brunton-Spall Bruntonspall Ltd
A map isn’t reality, it’s just an abstraction
SLIDE 34
Michael Brunton-Spall Bruntonspall Ltd
Things evolve
SLIDE 35
Michael Brunton-Spall Bruntonspall Ltd
As servers move from physical to virtual, single to multiple, practice evolves
SLIDE 36
Michael Brunton-Spall Bruntonspall Ltd
Coevolution of product and practice
SLIDE 37
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 38
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 39
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 40
Michael Brunton-Spall Bruntonspall Ltd
From pets to cattle
SLIDE 41
Michael Brunton-Spall Bruntonspall Ltd
How do we administer servers?
SLIDE 42
Michael Brunton-Spall Bruntonspall Ltd
Worries about hard drives, CPU’s, power etc
SLIDE 43
Michael Brunton-Spall Bruntonspall Ltd
Cloud providers give us abstractions
SLIDE 44
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 45
Michael Brunton-Spall Bruntonspall Ltd
We stop worrying about whether a hard drive fails in a server
SLIDE 46
Michael Brunton-Spall Bruntonspall Ltd
This results in changing
- perations practice
SLIDE 47
Michael Brunton-Spall Bruntonspall Ltd
DevOps, SRE
SLIDE 48
Michael Brunton-Spall Bruntonspall Ltd
This results in different developer consumption of
- perations
SLIDE 49
Michael Brunton-Spall Bruntonspall Ltd
Kubernetes, Serverless
SLIDE 50
Michael Brunton-Spall Bruntonspall Ltd
What does this mean for security?
SLIDE 51
Michael Brunton-Spall Bruntonspall Ltd
How we think about security has to change
SLIDE 52
Michael Brunton-Spall Bruntonspall Ltd
Security practices are evolving
SLIDE 53
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 54
Michael Brunton-Spall Bruntonspall Ltd
Traditional security is about assurance
SLIDE 55
Michael Brunton-Spall Bruntonspall Ltd
Where will my data sit
SLIDE 56
Michael Brunton-Spall Bruntonspall Ltd
Where does the data go
SLIDE 57
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 58
Michael Brunton-Spall Bruntonspall Ltd
This works when you have individual servers
SLIDE 59
Michael Brunton-Spall Bruntonspall Ltd
This doesn’t work with modern cloud
SLIDE 60
Michael Brunton-Spall Bruntonspall Ltd
This doesn’t work th
the e same same
with modern cloud
SLIDE 61
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 62
Michael Brunton-Spall Bruntonspall Ltd
“Skate to where the puck is going, not where it has been” Wayne Gretsky
SLIDE 63
Michael Brunton-Spall Bruntonspall Ltd
Where the puck was yesterday
SLIDE 64
Michael Brunton-Spall Bruntonspall Ltd
What are solved problems?
SLIDE 65
Michael Brunton-Spall Bruntonspall Ltd
Commonly solved the same way
SLIDE 66
Michael Brunton-Spall Bruntonspall Ltd
Productionised processes
SLIDE 67
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 68
Michael Brunton-Spall Bruntonspall Ltd
SDLC, Assurance of suppliers, network assurance, hardware assurance
SLIDE 69
Michael Brunton-Spall Bruntonspall Ltd
All cloud customers have similar concerns in this area
SLIDE 70
Michael Brunton-Spall Bruntonspall Ltd
Buy don’t Build
SLIDE 71
Michael Brunton-Spall Bruntonspall Ltd
Compliance via certificates ISO27001, CSA, ISO27017, SOC, FISMA, HIPAA …
SLIDE 72
Michael Brunton-Spall Bruntonspall Ltd
Where the puck is today
SLIDE 73
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 74
Michael Brunton-Spall Bruntonspall Ltd
Continuous Integration, Continuous Deployment, DevOps
SLIDE 75
Michael Brunton-Spall Bruntonspall Ltd
Patching
SLIDE 76
Michael Brunton-Spall Bruntonspall Ltd
How quickly can you patch?
SLIDE 77
Michael Brunton-Spall Bruntonspall Ltd
DevOps
SLIDE 78
Michael Brunton-Spall Bruntonspall Ltd
How secure is your code?
SLIDE 79
Michael Brunton-Spall Bruntonspall Ltd
Code review and Pull requests
SLIDE 80
Michael Brunton-Spall Bruntonspall Ltd
Staff identity and single sign
- n
SLIDE 81
Michael Brunton-Spall Bruntonspall Ltd
Zero Trust Networking
SLIDE 82
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 83
Michael Brunton-Spall Bruntonspall Ltd
But where is the puck going?
SLIDE 84
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 85
Michael Brunton-Spall Bruntonspall Ltd
Adversary thinking
SLIDE 86
Michael Brunton-Spall Bruntonspall Ltd
ATT&CK Framework
SLIDE 87
Michael Brunton-Spall Bruntonspall Ltd
Goals, Restrictions
SLIDE 88
Michael Brunton-Spall Bruntonspall Ltd
No adversary has unlimited funds, time and energy
SLIDE 89
Michael Brunton-Spall Bruntonspall Ltd
Anti Personas
SLIDE 90
Michael Brunton-Spall Bruntonspall Ltd
Han Solo
Motivation
Han Solo is motivated primarily by money, but also works with the rebel alliance. Han is capable of using common tools as well as modifying existing tools on the fly Han doesn’t want to be caught and so takes an effort to avoid head on confrontations
Capabilities
Resources: 2/5 Capability: 4/5 Bravery: 2/5 Criminal connections: 3/5
Connections
Rebel Alliance, Hutts
SLIDE 91
Michael Brunton-Spall Bruntonspall Ltd
Red Teams
SLIDE 92
Michael Brunton-Spall Bruntonspall Ltd
Internal pentesting
SLIDE 93
Michael Brunton-Spall Bruntonspall Ltd
Threat Hunting
SLIDE 94
Michael Brunton-Spall Bruntonspall Ltd
DevSecOps
SLIDE 95
Michael Brunton-Spall Bruntonspall Ltd
Security as code
SLIDE 96
Michael Brunton-Spall Bruntonspall Ltd
Compliance as Code
SLIDE 97
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 98
Michael Brunton-Spall Bruntonspall Ltd
Cloud configuration as code
SLIDE 99
Michael Brunton-Spall Bruntonspall Ltd
Pull requests = audit trail
SLIDE 100
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 101
Michael Brunton-Spall Bruntonspall Ltd
SLIDE 102
Michael Brunton-Spall Bruntonspall Ltd
AWS System Manager
SLIDE 103
Michael Brunton-Spall Bruntonspall Ltd
Azure Policy
SLIDE 104
Michael Brunton-Spall Bruntonspall Ltd
Final thoughts?
SLIDE 105
Michael Brunton-Spall Bruntonspall Ltd
How to get value from your existing security teams?
SLIDE 106
Michael Brunton-Spall Bruntonspall Ltd
Empathy first
SLIDE 107
Michael Brunton-Spall Bruntonspall Ltd
“Re
Regardless of what we discover, we unde understand and t and and truly be uly belie lieve t tha hat ev everyone did the best job they ey could, giv given w en wha hat t the hey kne y knew a at t the t he time, ime, t their heir sk skills s and abiliti ties, s, th the resou sources s av available, and the situation at hand.”
SLIDE 108
Michael Brunton-Spall Bruntonspall Ltd