Death of enterprise security: introduction to abstraction and machine-to-machine orchestration
Submitted by Pukhraj Singh (@bhujang) on Tuesday, 27 March 2018
The enterprise security architecture is dying by a thousand cuts. The commercial security product landscape remains too fragmented, creating intelligence siloes within an organisation which the attackers wade through with ease and elegance.
The internet has always been driven by standards with commercial applications being an afterthought, whereas in cybersecurity it has been the opposite. Such is the state of affairs in this industry that the contemporary security architecture itself has been weaponized and become completely divergent from the threat. No reason, even after 25 years, we are still running an anti-virus. This is an existential reckoning not only for organisations but for nation states as well; and we are not even touching upon the geopolitics of the situation. There’s no corporate or government in cyber – they are joined to the hip.
The older models, which heavily focused on detection, have given way to new paradigms of response and mitigation with an emphasis on sharing and collaboration. Rounding off situational awareness from human to machine speed is also on the horizon.
This talk will discuss some aspects of that. The evolution of machine-to-machine orchestration standards like Open Command-&-Control (OpenC2) and Structured Threat Information Exchange (STIX) is a case in point. The rise of Information Sharing & Analysis Centres (ISACs) in the United States also heralds a new approach towards cyber defence. So is the increasing adoption of open source security automation stacks like Apache Metron and Apache Spot which challenges the hegemony of horrible monstrosities called the Security Incident & Event Management (SIEMs).
We would visit the case studies and practical applications of these emerging frameworks, which hint at a broader churn within the domain.
This talk will cover:
The silos within the enterprise security architecture
We are divergent from the threat
Introduction to STIX-TAXII
Introduction to OpenC2
Introduction to Apache Metron and Apache Spot
Pukhraj Singh is the Director of Bhujang – a cyber intelligence analytics venture creating indigenous technical enablers for securing national cyberspace and critical infrastructure.
Bhujang is backed by decorated national security functionaries, with Vice Admiral DSP Varma (retd.) – the former Director General of the Indian nuclear submarine programme – acting as its Chairman.
Pukhraj had earlier played an instrumental role in setting up the cyber-warfare operations centre of the Indian Government.
He was laterally inducted into the Government from the private sector at a very short notice after the 26/11 attacks. It was a multi-disciplinary tenure, ranging from geopolitical doctrine formulation, eventually approved by the Prime Minister, to the very brass tacks of cyber operations.
Later, he spent some time at Aadhaar, India’s flagship social security project as the national cybersecurity manager.
Pukhraj also had very brief stints in the private sector, working with Symantec’s DeepSight Threat Intelligence Team – industry’s first threat intelligence platform – and other innovative American, Canadian and Israeli firms.
He has spoken at a variety of national security forums and hacking conferences.