When we think of industrialization and the industrial revolution, images of smoke stacks, purpose-built machinery, and automation come to mind. Some examples are the Jacquard Machine, as pictured below. This machine simplified the process of manufacturing textiles in the early 1800s, and some consider it an early example of computer punch cards and punch tape if not one of the earliest examples of a working computer.
In cybersecurity – especially regarding red teaming and blue teaming – the use of specialized tools and a level of automation is commonplace. From vulnerability scanners and exploit kits to firewalls and SIEMs, we invest vast amounts of money, time, and manpower into solutions we assume will secure our environments. Then once in a while, we attack our environments (or hire someone else to attack them) to see if there are holes left by our security tools that nefarious actors can exploit.
However, despite our red and blue teaming cybersecurity tools and processes, we still base our security effectiveness on assumptions. We assume our preventative controls for network, endpoint, email, and cloud, for example, are stopping bad things. We assume that nefarious activity will be detected by our intrusion detection solutions, and we assume that alerts and logs will make it to the right place for correlation and analysis. We further assume that our people and processes are taking full advantage of the assumed-to-be-functioning security tools. That’s a lot to be guessing about.
What we lack is evidence and quantitative data about our security effectiveness. We lack a purpose-built solution that leverages automation to help determine what’s working, what’s not, and how to fix it.
We need a perspective solution beyond patching to actually measure and improve the efficacy of the security tools protecting our assets. And most critically, we need an automated platform that will alert us to environmental drift, or when a security tool drifts from known good state (successfully blocking, detecting, correlating, alerting, etc.) to a degraded state (which happens all the time, everywhere, and for a million different reasons).
Cybersecurity needs to be industrialized to be effective. With evidence-based results, red and blue teams can benefit almost instantly with greater symbiotic mutualism: purple teams. At the vanguard of the industrialization of red and blue teaming is a new and different approach to measuring, managing, improving, and communicating security effectiveness: Security Instrumentation Platforms, or SIPs.
SIPs aren’t yet another security tool. SIPs are business platforms for security that, because of their evidence-based model with zero false positives regarding your security effectiveness, are equally valuable for red teams, blue teams, and purple teams as well as CISOs, CIOs, CFOs, CEOs and even boards.
By leveraging SIP, the industrialization of red and blue teaming can be realized, saving time, money and resources and allowing security teams to greater align with business imperatives.
Come and learn more at BSides Idaho Falls on September 15, 2018. We will dive deeper into the architecture of SIP and how it can help you. Find more information here: https://www.bsidesif.org/.
About the Author: Eric combines his experience in teaching and technology to help large IT organizations secure their business. His first career was teaching high school physics and math. His second career spans a breath of technology, including Linux systems admin, software development automation, microprocessor application engineering, data storage system engineering and endpoint and network security. He bridges the gap between needs and solutions. He is currently focused on helping businesses remove assumptions from their security programs. Security programs strive to increase effectiveness with the best people, solutions and processes. But while other businesses are driven by data, much of security is still based on assumptions. Eric sees Security Instrumentation Platforms as a powerful way of removing assumptions and driving improvement through data. This results in more effective security programs, optimizing resources and confidently securing the business. He enjoys combining his teaching and technology skills every day.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.