Wrap up
‘Ops’ing The Future of IT Security
Tom Hatch SaltStack CTO, technical founder
Why I created Salt
• Salt = visibility + action
• DevOps by gravity
• Now what?
What should we demand from cybersecurity?
• A window of assurance.
• A chance at green security and secure systems.
• Confidence to stay ahead of rapidly proliferating threats
• Security means staying ahead of decay
• DevOps, but for security.
99% of exploits...occur on systems where there are known security issues.
Equifax is the poster child
Equifax knew Apache Struts needed to be patched. Nearly every company today has known vulnerabilities that are
ripe for exploit. Equifax happened to lose this round of IT security roulette, but it could be anyone next.
Why is this broken?
Time
Innovation
Applications
Security
Virtualization
DevOps automation
Public cloud
IoT
Containers
Edge computing
Who am I?
• DevOps pioneer
• Creator of the Salt automation platform
• Former US Intelligence community
• I know automation
The Security Industry
Policies defined
Scan and prioritize
Analyze and recommend
“Remediate!” (create an IT service ticket)
$$$
$$$$
$$$$$$
How do we fix this?
• Understand the problem
• Understand the people
• Understand the issues
• Be willing to rethink the problem
What is SecOps?
• Security working with operations
• More than just communication
• Tools being used in concert between teams
• Needs to be different than the DevOps movement
We don’t have the luxuries of the DevOps movement
• Can’t rewrite how systems work with Kubernetes
• No container “Silver Bullet”
• Legacy systems need to be kept secure alongside new systems
• Application deployment tech exacerbates security issues
• Cultural shift first is a false assumption
Who are security people?
• Network scanning • Auditor relations • Vulnerability scanning • Forensics • Intrusion detection • Compliance • etc.
Security People Workflow
Gather Security data
Compliance, software vulnerabilities, assets, network traffic, FIM, etc.
Find Security Alerts
Violators, software CVEs, rouge assets, rouge network traffic, FIM anomalies, etc.
Prioritize Issues
Filter issues on severity, AI, availability of exploit etc.
File Bug for Operations
File a bug report in ServiceNow or Jira and hope IT operations is watching
Who are operations people?
• System maintenance • Cloud maintenance • Software updates • Site reliability • Monitoring
Operations People Workflow
Receive security ticket
Filter out difficult security tasks, or tasks that operations don’t understand. Prioritize and schedule remaining tasks
Automate repair of issue
Using management tools, build an automation to repair the issue
Execute automation
First execute the automation in a test environment. Once validated, roll out across larger infrastructure
Get notified that fix was incomplete
The same issue lands in the ticketing system and the process starts over
SecOps delivers
• Combine the workflows • Deliver rapid results / remediate
quickly with real automation at scale • Integrate security and operations • Take advantage of operations
innovation
SecOps Workflow
Gather security data
Compliance, software vulnerabilities, assets, network traffic, FIM, etc.
Feed data into management tool
Feed raw data into management tool (SecOps tools are the same tool, skipping this step)
Execute automation
First execute the automation in a test environment. Once validated, roll out across larger infrastructure.
Get notified that fix was incomplete
Use security tool to validate fixes for both teams
The How...
• Get people using the same tools
• Systems management tools need to run security scans
• Multi-team shared pane of glass
• Automate the little things away
• Instead of ignoring 99% of vulnerabilities, fix them!
• Have scans run continuously against new threat data
Wrap up
Try SaltStack Comply now saltstack.com/get-access