Wrap up

‘Ops’ing The Future of IT Security

Tom Hatch SaltStack CTO, technical founder

Why I created Salt

• Salt = visibility + action

• DevOps by gravity

• Now what?

What should we demand from cybersecurity?

• A window of assurance.

• A chance at green security and secure systems.

• Confidence to stay ahead of rapidly proliferating threats

• Security means staying ahead of decay

• DevOps, but for security.

99% of exploits...occur on systems where there are known security issues.

Equifax is the poster child

Equifax knew Apache Struts needed to be patched. Nearly every company today has known vulnerabilities that are

ripe for exploit. Equifax happened to lose this round of IT security roulette, but it could be anyone next.

Why is this broken?

Time

Innovation

Applications

Security

Virtualization

DevOps automation

Public cloud

IoT

Containers

Edge computing

Who am I?

• DevOps pioneer

• Creator of the Salt automation platform

• Former US Intelligence community

• I know automation

The Security Industry

Policies defined

Scan and prioritize

Analyze and recommend

“Remediate!” (create an IT service ticket)

$$$

$$$$

$$$$$$

How do we fix this?

• Understand the problem

• Understand the people

• Understand the issues

• Be willing to rethink the problem

What is SecOps?

• Security working with operations

• More than just communication

• Tools being used in concert between teams

• Needs to be different than the DevOps movement

We don’t have the luxuries of the DevOps movement

• Can’t rewrite how systems work with Kubernetes

• No container “Silver Bullet”

• Legacy systems need to be kept secure alongside new systems

• Application deployment tech exacerbates security issues

• Cultural shift first is a false assumption

Who are security people?

• Network scanning • Auditor relations • Vulnerability scanning • Forensics • Intrusion detection • Compliance • etc.

Security People Workflow

Gather Security data

Compliance, software vulnerabilities, assets, network traffic, FIM, etc.

Find Security Alerts

Violators, software CVEs, rouge assets, rouge network traffic, FIM anomalies, etc.

Prioritize Issues

Filter issues on severity, AI, availability of exploit etc.

File Bug for Operations

File a bug report in ServiceNow or Jira and hope IT operations is watching

Who are operations people?

• System maintenance • Cloud maintenance • Software updates • Site reliability • Monitoring

Operations People Workflow

Receive security ticket

Filter out difficult security tasks, or tasks that operations don’t understand. Prioritize and schedule remaining tasks

Automate repair of issue

Using management tools, build an automation to repair the issue

Execute automation

First execute the automation in a test environment. Once validated, roll out across larger infrastructure

Get notified that fix was incomplete

The same issue lands in the ticketing system and the process starts over

SecOps delivers

• Combine the workflows • Deliver rapid results / remediate

quickly with real automation at scale • Integrate security and operations • Take advantage of operations

innovation

SecOps Workflow

Gather security data

Compliance, software vulnerabilities, assets, network traffic, FIM, etc.

Feed data into management tool

Feed raw data into management tool (SecOps tools are the same tool, skipping this step)

Execute automation

First execute the automation in a test environment. Once validated, roll out across larger infrastructure.

Get notified that fix was incomplete

Use security tool to validate fixes for both teams

The How...

• Get people using the same tools

• Systems management tools need to run security scans

• Multi-team shared pane of glass

• Automate the little things away

• Instead of ignoring 99% of vulnerabilities, fix them!

• Have scans run continuously against new threat data

Wrap up

Try SaltStack Comply now saltstack.com/get-access