Security Precognition: Chaos Engineering in Incident Response

Similar documents
The Road to Istio: How IBM, Google and Lyft Joined Forces to Simplify Microservices

DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

PREPARING FOR DISASTER

WHITEPAPER. Embracing Containers & Microservices for future-proof application modernization

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

Elizabeth Lawler CEO & Co-Founder Conjur,

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Logging, Monitoring, and Alerting

2018 Database DevOps Survey DBmaestro 1

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Marc Hornbeek DevOps-the-Gray Principal DevOps Consultant, Trace3 Author, DevOps Test Engineering Course The DevOps Institute

Cloud-Native Applications. Copyright 2017 Pivotal Software, Inc. All rights Reserved. Version 1.0

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Best Practices for Alert Tuning. This white paper will provide best practices for alert tuning to ensure two related outcomes:

SECURITY-AS-A-SERVICE BUILT FOR AWS

CWIN CAPGEMINI WEEK OF INNOVATION NETWORKS. Re-platforming and Cloud Journey. Fausto Pasqualetti, Milano, 25 Settembre 2018

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

CLOUD WORKLOAD SECURITY

The Resilient Incident Response Platform

How Can Testing Teams Play a Key Role in DevOps Adoption?

How to Build an Appium Continuous Testing Pipeline

Automating Security Practices for the DevOps Revolution

Accelerate High-Quality App Delivery with the Micro Focus DevOps Suite March 28, 2018

Research Faculty Summit Systems Fueling future disruptions

Application Security at Scale

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Creating a Hybrid Gateway for API Traffic. Ed Julson API Platform Product Marketing TIBCO Software

FROM VSTS TO AZURE DEVOPS

API, DEVOPS & MICROSERVICES

PRAGMATIC SECURITY AUTOMATION FOR CLOUD

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

Cloud Native Architecture 300. Copyright 2014 Pivotal. All rights reserved.

in collaboration with

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Best Practices for Securing Your AWS Cloud Network

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Infrastructure in Transition; Securing Your Cloud Environment

WEBMETHODS AGILITY FOR THE DIGITAL ENTERPRISE WEBMETHODS. What you can expect from webmethods

THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE

TM DevOps Use Case TechMinfy All Rights Reserved

Modern Database Architectures Demand Modern Data Security Measures

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives

Designing Services for Resilience Experiments: Lessons from Netflix. Nora Jones, Senior Chaos

NEXT GENERATION SECURITY OPERATIONS CENTER

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Strengthen and Scale security using DevSecOps

SIEMLESS THREAT DETECTION FOR AWS

BUILDING MICROSERVICES ON AZURE. ~ Vaibhav

Continuous Integration and Delivery with Spinnaker

Automating Elasticity. March 2018

Securing Digital Transformation

Exam C Foundations of IBM Cloud Reference Architecture V5

TM DevOps Use Case. 2017TechMinfy All Rights Reserved

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

HIPAA Compliance and Auditing in the Public Cloud

Deploying and Operating Cloud Native.NET apps

Aspirin as a Service: Using the Cloud to Cure Security Headaches

Performance Testing in a Containerized World. Paola Rossaro

Building an Effective Cloud Operating Model on AWS

The Customer Relationship:

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Embracing Failure. Fault Injec,on and Service Resilience at Ne6lix. Josh Evans Director of Opera,ons Engineering, Ne6lix

Five Essential Capabilities for Airtight Cloud Security

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

AGILE AND CONTINUOUS THREAT MODELS

Please give me your feedback

Strategies for a Successful Security and Digital Transformation

Building a Threat-Based Cyber Team

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Release Your Inner DevSecOp

Continuous Delivery for Cloud Native Applications

Containers & Microservices For Realists. Karthik

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Hardening AWS Environments. Automating Incident Response. AWS Compromises

AWS Well Architected Framework

No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide

A DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West

Discover the all-flash storage company for the on-demand world

TM DevOps Use Case. 2017TechMinfy All Rights Reserved

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

CONTAINERIZATION ARCHITECT Certification. Containerization Architect

Trustwave Managed Security Testing

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

Building a Resilient Security Posture for Effective Breach Prevention

Market Trends in Public Cloud Storage

Cisco CloudCenter Use Case Summary

Serverless Computing. Redefining the Cloud. Roger S. Barga, Ph.D. General Manager Amazon Web Services

DevOps Agility in the Evolving Cloud Services Landscape

Best practices for OpenShift high-availability deployment field experience

An SDLC for the DevSecOps Era Or SecDevOps, or DevOpsSec,

Deploying and Operating Cloud Native.NET apps

Transcription:

SESSION ID: ASD-W03 Security Precognition: Chaos Engineering in Incident Response Aaron Rinehart Chief Technology Officer Verica.io @aaronrinehart Kyle Erickson Director of IoT Security Medtronic

Resilience is the story of the outage that never happened. - John Allspaw @aaronrinehart

Security PreCognition

About A.A.Ron CTO of Stealthy Startup in Chaos Engineering Former Chief Security Architect @UnitedHealth responsible for strategy Led the DevOps and Open Source Transformation at UnitedHealth Group Extensive enterprise experience (DOD, NASA, DHS, CollegeBoard ) Frequent speaker and author on Chaos Engineering & Security Pioneer behind Security Chaos Engineering Led ChaoSlingr team at UnitedHealth 4

About Kyle E> Cybersecurity Director of IOT Security @ Largest Medical Device Company in the World Former Director of Security Incident Response @UnitedHealth Former Director of Cloud and Application Security Engineering @Optum Startup and enterprise experience as an engineer and leader Build and break all the things! Wannabe financial analyst Baseball stadium aficionado 5

In this Session we will cover

Takeaways Problems with Complex Adaptive Systems

Takeaways Problems with Complex Adaptive Systems Security Chaos Engineering

Takeaways Problems with Complex Adaptive Systems Security Chaos Engineering How it works: Security IR Use Case

Our systems have evolved beyond human ability to mentally model their behavior. 10

A Complex Dynamic Problem

Evolution of Modern Architecture Monolith Microservices Functions

Complex? Continuous Delivery Blue/Green Deployments Infracode Service Mesh Circuit Breaker Patterns Distributed Systems Containers DevOps Immutable Infrastructure API Microservice Architectures Automation Pipelines CI/CD Continuous Integration Cloud Computing Auto Canaries 13

Security? Mostly Monolithic Prevention focused Defense in Depth Expert Systems Poorly Aligned Requires Domain Knowledge Stateful in nature Adversary Focused DevSecOps not widely adopted 14

Simplicity?

Complexity

How well do you really understand how your system works?

Stella Report

System Mental Model

So what does all of this have to do with Security?

Failure Happens.

Security Incidents & System Outages are Costly

Security Incidents are Subjective in Nature

We really don't know very much Where? How? Why? Who? What?

Let s face it, when outages happen..

Teams spend too much time reacting to outages instead of building more resilient systems.

Unexpected application behavior often causes people to intervene and make the situation worse I wonder why it did that? Let s reboot it. Now it s really hosed Whoops!

Response is the problem with Incident Response

Ring Ring!

Conditioned?

War Rooms

True Cost

IR Success

Chaos Engineering is the discipline of experimenting on a distributed system in order to build confidence in the system s ability to withstand turbulent conditions

Who is doing Chaos?

Security Engineering

People Operate Differently when they expect things to fail

The Normal Condition of a Human & Systems they Build is to Fail

We need failure to learn & Grow 46

Let s Flip the Model Post Mortem = Preparation

Create Order through Chaos

Use Chaos Engineering to initiate Objective Feedback Loops about Security Effectiveness

Proactively Manage & Measure Validate Runbooks Measure Team Skills Determine Control Effectiveness Learn new insights into system behavior Transfer knowledge Build a learning culture

Testing vs. Experimentation

Security Crayon Differences Noisy distributed system behavior Not geared for Cascading Events Point-in-time even if Automated Performed by Security Teams with Specialized skill sets

Security Chaos Differences Distributed Systems Focus Goal: Experimentation Human Factors focused Small Isolated Scope Focus on Cascading Events Performed by Mixed Engineering Teams in Gameday During business hours

2018 Causes of Data Breaches

Proactively Manage & Measure

Incidents vs. Chaos Uncontrolled Unpredictable Time to Detect: Minutes Controlled Scheduled 0 Time to Detect Time to Resolve:???? Analysis Time:???? Time to Resolve: seconds Root Cause Analysis: Intentional

Continuous SECURITY Validation

Build Confidence in What Actually Works

So how does it work?

How it Works Plan & Organize GameDay Exercise

How it Works Plan & Organize GameDay Exercise Develop & Evaluate Chaos Experiment

People Chaos Engineering Team Tool s Application Switching Infrastructure Tool s Security

What could go wrong?

What has gone wrong before?

How does My Security Really Work?

What evidence do I have to prove it?

How it Works Plan & Organize GameDay Exercise Develop & Evaluate Chaos Experiment Execute Live GameDay Operations

How it Works Plan & Organize GameDay Exercise Develop & Evaluate Chaos Experiment Execute Live GameDay Operations Conduct Pre- Incident Review

How it Works Plan & Organize GameDay Exercise Develop & Evaluate Chaos Experiment Execute Live GameDay Operations Conduct Pre- Incident Review Automate & Evangelize Results & Take Action

Firewall? Config Mgmt? Log data? Alert SOC? IR Triage Wait... Misconfigured Port Injection Hypothesis: If someone accidentally or maliciously introduced a misconfigured port then we would immediately detect, block, and alert on the event.

Firewall? Config Mgmt? Log data? Alert SOC? IR Triage Wait... Misconfigured Port Injection Result: Hypothesis disproved. Firewall did not detect or block the change on all instances. Standard Port AAA security policy out of sync on the Portal Team instances. Port change did not trigger an alert and log data indicated successful change audit. However we unexpectedly learned the configuration mgmt tool caught change and alerted the SoC.

More Experiment Examples Software Secret Clear Text Disclosure Permission collision in Shared IAM Role Policy Disabled Service Event Logging Introduce Latency on Security Controls API Gateway Shutdown Internet exposed Kubernetes API Unauthorized Bad Container Repo Unencrypted S3 Bucket Disable MFA Bad AWS Automated Block Rule

An Open Source Tool 74

ChaoSlingr Product Features ChatOps Integration Configuration-as-Code Example Code & Open Framework Serverless App in AWS 100% Native AWS Configurable Operational Mode & Frequency Opt-In Opt-Out Model

Apply What You Have Learned Today Next week you should: Identify critical database(s) within your organization In the first three months following this presentation you should: Understand who is accessing the database(s), from where and why Define appropriate controls for the database Within six months you should: Select a security system which allows proactive policy to be set according to your organization s needs Drive an implementation project to protect all critical databases 77

Q&A @aaronrinehart aaron@verica.io @ericksonky ericksonky@gmail.com

Thank you RSA!!!! @aaronrinehart aaron@verica.io @ericksonky ericksonky@gmail.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback