Archive for the ‘Architecture’ Category

The Future of Security Automation.

It is entirely possible I am about to have a flying car moment. Recently I have been asked by a variety of product vendors and security consultancies for my opinions on the future direction of security and where they should be focusing their innovation efforts. I’m honestly not sure why I get asked this but I enjoy both the sound of my own voice and free lunches so i’m not complaining. Here is my view on the core of how we will be delivering security in large enterprises in the near-ish future.
(more…)

The security opportunity in Digital

Four years ago I discussed some of the characteristics of cyber security that made the use of the term useful, this was at a time when the use of cyber security was widely derided by practitioners of IT security and Information Security. One of the common complaints was that Cyber was just the same things we had already been doing re-branded to seem ‘cool’. As time has moved on the practices of cyber have become clearer, the use of threat intelligence, the development of threat hunting, the increased focused on incident response, the wide deployment of behavioural analytics etc. As is the case early adopters knew they were solving new problems in a new way but the articulation of meaning to the later adopters has needed a body of activity and emerging practices to clarify how cyber security overlaps with but also differs from the other predecessor disciplines IT and Information Security (both of which are still going strong and are still necesary).

Another buzzword appeared soon after cyber and that was Digital. Digital is a customer-focused technology-first approach to business that again looked just like what we were doing before in technology and business activities. Over time practices have emerged, agile development, devops, infrastructure automation, cloud, mobile, social etc that have started defining what the early adopters really meant when they said Digital.

Digital lies in the intersection of velocity, scale and complexity.

(more…)

SOC Value Chain & Delivery Models

I was recently working with a firm to develop their Security Operations Centre (SOC) from a good but limited capability to a mature enterprise capability. While working through the maturity assessment, formalising their requirements and developing a roadmap we needed to consider a variety of delivery model characteristics. To draw out some of the key characteristics we needed to consider the organisation itself but also the state of SOC components.

To dig into this we developed a Wardley map mapping the value chain and evolution of SOC components. Wardley maps look complicated but are effectively a tool for discussion in front of a white board to identify dependencies and the maturity of components and services. (Click on the diagram for a full size version).

(more…)

Measuring Black Boxes, part one

I have been attempting to capture the process or to be more accurate the heuristics of how I analyse security architectures. This was originally driven by the time it took me to document my conclusions and the lack of any particularly well-suited tooling but has increasingly become an attempt to communicate the method to other security architects. I also have a sneaking suspicion that a useful chunk of the process could be automated.

Due to the scale and complexity of many of the systems I have worked with a large part of the process has been to decompose a system and measure and characterise it’s components. This allows me to identify high risk areas of the system to focus my efforts.

(more…)

We need to talk about IT

It has long been a truism of security practitioners that security is not an IT problem. This is an attempt to lift the gaze of the security team from technology to the wider business. A laudable and useful goal. However, IT is a security problem.
(more…)

Twitter RSS