Enviar pesquisa
Carregar
Practical Security Automation
•
6 gostaram
•
2,111 visualizações
Jason Chan
Seguir
Presented at the Data Theorem Advisory Board meeting - 12/5/2014.
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 60
Baixar agora
Baixar para ler offline
Recomendados
Ben Dechrai - Writing Viruses for Fun, not Profit - Codemotion Rome 2019
Ben Dechrai - Writing Viruses for Fun, not Profit - Codemotion Rome 2019
Codemotion
Kemtah IT BYOD NLIT DRAFT 2.5-2012
Kemtah IT BYOD NLIT DRAFT 2.5-2012
"Karate" Karadi
The Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
Careers in Security
Careers in Security
Jason Chan
Defending Netflix from Abuse
Defending Netflix from Abuse
Jason Chan
Amazon Web Services Security
Amazon Web Services Security
Jason Chan
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
Cloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
Recomendados
Ben Dechrai - Writing Viruses for Fun, not Profit - Codemotion Rome 2019
Ben Dechrai - Writing Viruses for Fun, not Profit - Codemotion Rome 2019
Codemotion
Kemtah IT BYOD NLIT DRAFT 2.5-2012
Kemtah IT BYOD NLIT DRAFT 2.5-2012
"Karate" Karadi
The Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
Careers in Security
Careers in Security
Jason Chan
Defending Netflix from Abuse
Defending Netflix from Abuse
Jason Chan
Amazon Web Services Security
Amazon Web Services Security
Jason Chan
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
Cloud Security @ Netflix
Cloud Security @ Netflix
Jason Chan
Real World Cloud Application Security
Real World Cloud Application Security
Jason Chan
Practical Cloud Security
Practical Cloud Security
Jason Chan
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Refactoring for Software Architecture Smells - International Workshop on Refa...
Refactoring for Software Architecture Smells - International Workshop on Refa...
Ganesh Samarthyam
Dev ops and safety critical systems
Dev ops and safety critical systems
Len Bass
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
Architecture for the cloud deployment case study future
Architecture for the cloud deployment case study future
Len Bass
presentation-chaos-monkey
presentation-chaos-monkey
Matthew Campbell
Informix 12.10.xC7 MQTT listener - june2016
Informix 12.10.xC7 MQTT listener - june2016
Shawn Moe
Cloud Security at Netflix
Cloud Security at Netflix
Jason Chan
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Jason Chan
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
From Code to the Monkeys: Continuous Delivery at Netflix
From Code to the Monkeys: Continuous Delivery at Netflix
Dianne Marsh
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Release the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at Netflix
Gareth Bowles
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
Netflix: A State of Xen - Chaos Monkey & Cassandra
Netflix: A State of Xen - Chaos Monkey & Cassandra
DataStax Academy
Decluttering Health & Safety
Decluttering Health & Safety
Australian Institute of Health & Safety
The Base Rate Fallacy - Source Boston 2013
The Base Rate Fallacy - Source Boston 2013
Patrick Florer
Mais conteúdo relacionado
Destaque
Real World Cloud Application Security
Real World Cloud Application Security
Jason Chan
Practical Cloud Security
Practical Cloud Security
Jason Chan
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
Jason Chan
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Refactoring for Software Architecture Smells - International Workshop on Refa...
Refactoring for Software Architecture Smells - International Workshop on Refa...
Ganesh Samarthyam
Dev ops and safety critical systems
Dev ops and safety critical systems
Len Bass
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Alex Stamos
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
Architecture for the cloud deployment case study future
Architecture for the cloud deployment case study future
Len Bass
presentation-chaos-monkey
presentation-chaos-monkey
Matthew Campbell
Informix 12.10.xC7 MQTT listener - june2016
Informix 12.10.xC7 MQTT listener - june2016
Shawn Moe
Cloud Security at Netflix
Cloud Security at Netflix
Jason Chan
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Jason Chan
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
From Code to the Monkeys: Continuous Delivery at Netflix
From Code to the Monkeys: Continuous Delivery at Netflix
Dianne Marsh
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
Release the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at Netflix
Gareth Bowles
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Jason Chan
Netflix: A State of Xen - Chaos Monkey & Cassandra
Netflix: A State of Xen - Chaos Monkey & Cassandra
DataStax Academy
Destaque
(20)
Real World Cloud Application Security
Real World Cloud Application Security
Practical Cloud Security
Practical Cloud Security
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and Scale
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Refactoring for Software Architecture Smells - International Workshop on Refa...
Refactoring for Software Architecture Smells - International Workshop on Refa...
Dev ops and safety critical systems
Dev ops and safety critical systems
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Architecture for the cloud deployment case study future
Architecture for the cloud deployment case study future
presentation-chaos-monkey
presentation-chaos-monkey
Informix 12.10.xC7 MQTT listener - june2016
Informix 12.10.xC7 MQTT listener - june2016
Cloud Security at Netflix
Cloud Security at Netflix
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
From Code to the Monkeys: Continuous Delivery at Netflix
From Code to the Monkeys: Continuous Delivery at Netflix
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Release the Monkeys ! Testing in the Wild at Netflix
Release the Monkeys ! Testing in the Wild at Netflix
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
Netflix: A State of Xen - Chaos Monkey & Cassandra
Netflix: A State of Xen - Chaos Monkey & Cassandra
Semelhante a Practical Security Automation
Decluttering Health & Safety
Decluttering Health & Safety
Australian Institute of Health & Safety
The Base Rate Fallacy - Source Boston 2013
The Base Rate Fallacy - Source Boston 2013
Patrick Florer
Resilience by Usable Security
Resilience by Usable Security
Sven Wohlgemuth
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
Allison Miller
Points 140Term PaperRedesigning Security OperationsCriteria.docx
Points 140Term PaperRedesigning Security OperationsCriteria.docx
harrisonhoward80223
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Codemotion Tel Aviv
Mobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the Trenches
Yair Amit
A holistic view_of_enterprise_security
A holistic view_of_enterprise_security
ehawk01
Supplier Innovation 2.0: Transparency and Effective Utilization of Scorecard ...
Supplier Innovation 2.0: Transparency and Effective Utilization of Scorecard ...
Sustainable Brands
Cloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure Security
Tom Janetscheck
Hutton/Miller SourceBarcelona
Hutton/Miller SourceBarcelona
Alexander Hutton
Predicting the Future and Improving UX Based on the Past
Predicting the Future and Improving UX Based on the Past
Tim Schneider
Keynote @ ECMECC School Security Summit
Keynote @ ECMECC School Security Summit
SecurityStudio
Cloud controls final2
Cloud controls final2
Valencell, Inc.
Converge ppt
Converge ppt
David Trollman
Application Security
Application Security
Reggie Niccolo Santos
Awais rashids-dhaca-presentation
Awais rashids-dhaca-presentation
3GDR
Risk assessment as "The Art of Prevention"
Risk assessment as "The Art of Prevention"
Gabriel (Gaby) Bar Giora
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
SecurityStudio
People Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language Problem
SecurityStudio
Semelhante a Practical Security Automation
(20)
Decluttering Health & Safety
Decluttering Health & Safety
The Base Rate Fallacy - Source Boston 2013
The Base Rate Fallacy - Source Boston 2013
Resilience by Usable Security
Resilience by Usable Security
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
2010.08 Applied Threat Modeling: Live (Hutton/Miller)
Points 140Term PaperRedesigning Security OperationsCriteria.docx
Points 140Term PaperRedesigning Security OperationsCriteria.docx
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security Attacks: A Glimpse from the Trenches - Yair Amit, Skycure
Mobile Security: A Glimpse from the Trenches
Mobile Security: A Glimpse from the Trenches
A holistic view_of_enterprise_security
A holistic view_of_enterprise_security
Supplier Innovation 2.0: Transparency and Effective Utilization of Scorecard ...
Supplier Innovation 2.0: Transparency and Effective Utilization of Scorecard ...
Cloudbrew 2019 - Azure Security
Cloudbrew 2019 - Azure Security
Hutton/Miller SourceBarcelona
Hutton/Miller SourceBarcelona
Predicting the Future and Improving UX Based on the Past
Predicting the Future and Improving UX Based on the Past
Keynote @ ECMECC School Security Summit
Keynote @ ECMECC School Security Summit
Cloud controls final2
Cloud controls final2
Converge ppt
Converge ppt
Application Security
Application Security
Awais rashids-dhaca-presentation
Awais rashids-dhaca-presentation
Risk assessment as "The Art of Prevention"
Risk assessment as "The Art of Prevention"
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
ISSA-OC and Webster University Cybersecurity Seminar Series Presentation
People Committed to Solving our Information Security Language Problem
People Committed to Solving our Information Security Language Problem
Último
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
XfilesPro
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
Neo4j
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
Último
(20)
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Slack Application Development 101 Slides
Slack Application Development 101 Slides
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Practical Security Automation
1.
Prac%cal'Security' Automa%on Jason&Chan
Data$Theorem$Advisory$Board 12/5/2014
2.
3.
4.
5.
6.
7.
Visibility Knowing'the'Environment
8.
9.
Discover
10.
Discover Inventory
11.
Discover Inventory Test
12.
Discover Inventory Test
Report
13.
Knowing'the'Environment'/'Takeaways Tailor'discovery'to'rate'of'change Think&about&normaliza0on&of&discovery&data
14.
Visibility Risk%Priori)za)on
15.
16.
17.
18.
19.
20.
Risk%Priori)za)on%-%Takeaways What%is%measurable?%(objec3vely) Use$as$an$input,$not$law
21.
Visibility Mul$%Layer+Security+Tes$ng
22.
Deconstruc*ng,security,tes*ng
23.
24.
25.
26.
Integrated)tes+ng)for)CI/CD
27.
28.
29.
Mul$%Layer+Security+Tes$ng+%+Takeaways What%conversa-ons%can%you%avoid? Is#there#a#pyramid#you#can#leverage?
30.
Visibility Configura)on*Monitoring
31.
32.
Security)Monkey
33.
34.
Configura)on*Monitoring*.*Takeaways Config&changes&have&a&con-nuum&of&safety Find%ways%to%observe%and%differen1ate
35.
Visibility Intelligence)Discovery)and)Disposi3on
36.
37.
Goals Find%Ne(lix+relevant%security%intelligence Do#something#(ideally,#via#automa4on)
38.
39.
40.
41.
42.
Intelligence)Discovery)and)Disposi3on)4) Takeaways Develop'and'priori-ze'an'intel'taxonomy
43.
Visibility Signal'Refinement'and'Response
44.
Key$Ques(ons What%alerts%require%response? How$quickly?
What%ac'ons%do%you%take?
45.
46.
47.
Goal Reduce&'me&to: detect/triage/contain/eradicate
48.
Step%1 Alert&is&generated&and&sent&to&FIDO (Cyphort,*Carbon*Black/Bit9,*Sophos,*PAN,*Aruba,*etc.)
49.
Step%2 Gather'data (on$issue,$target,$machine,$etc.)
50.
Step%3 Score&the&issue (user,'machine,'threat,'trust)
51.
52.
53.
54.
55.
56.
Step%4 Take%ac'on (ignore,)remediate,)etc.)
57.
58.
59.
Signal'Refinement'and'Response'1'Takeaways Start%small API$as$build/buy$criteria
60.
Thank&you! chan@ne'lix.com.:.@chanjbs
Baixar agora