BSides Idaho Falls Preview: The Industrialization of Red and Blue Teaming

0

When we weigh of industrialization and the industrial revolution, images of smoke stacks, purpose-built machinery, and automation revile to mind. Some examples are the Jacquard Machine, as pictured below. This make simplified the process of manufacturing textiles in the early 1800s, and some note it an early example of computer punch cards and punch tape if not one of the earliest instances of a working computer.The Industrialization of Red and Blue Teaming

The Industrialization of Red and Blue Teaming

In cybersecurity – especially regarding red teaming and blue yoking – the use of specialized tools and a level of automation is commonplace. From vulnerability scanners and manipulate kits to firewalls and SIEMs, we invest vast amounts of money, experience, and manpower into solutions we assume will secure our environments. Then years in a while, we attack our environments (or hire someone else to attack them) to see if there are tight spots left by our security tools that nefarious actors can exploit.How, despite our red and blue teaming cybersecurity tools and processes, we still scurrilous our security effectiveness on assumptions. We assume our preventative controls for network, endpoint, email, and cloud, for specimen, are stopping bad things. We assume that nefarious activity will be noted by our intrusion detection solutions, and we assume that alerts and logs pass on make it to the right place for correlation and analysis. We further assume that our people and functions are taking full advantage of the assumed-to-be-functioning security tools. That’s a lot to be judge about.What we lack is evidence and quantitative data about our certainty effectiveness. We lack a purpose-built solution that leverages automation to workers determine what’s working, what’s not, and how to fix it.We need a perspective solution beyond set right to actually measure and improve the efficacy of the security tools protecting our assets. And most critically, we neediness an automated platform that will alert us to environmental drift, or when a conviction tool drifts from known good state (successfully balk, detecting, correlating, alerting, etc.) to a degraded state (which happens all the period, everywhere, and for a million different reasons).Cybersecurity needs to be industrialized to be operative. With evidence-based results, red and blue teams can benefit almost instantly with egregious symbiotic mutualism: purple teams. At the vanguard of the industrialization of red and blue getting is a new and different approach to measuring, managing, improving, and communicating security effectiveness: Safe keeping Instrumentation Platforms, or SIPs.SIPs aren’t yet another security gimmick. SIPs are business platforms for security that, because of their evidence-based wear with zero false positives regarding your security effectiveness, are equally valuable for red yokes, blue teams, and purple teams as well as CISOs, CIOs, CFOs, CEOs and tranquil boards.By leveraging SIP, the industrialization of red and blue teaming can be realized, saving linger, money and resources and allowing security teams to greater align with concern imperatives.Come and learn more at BSides Idaho Falls on September 15, 2018. We wishes dive deeper into the architecture of SIP and how it can help you. Find more advice here: https://www.bsidesif.org/. Eric Koegler

Eric Koegler

About the Author: Eric combines his contact in teaching and technology to help large IT organizations secure their trade.  His first career was teaching high school physics and math.  His subordinate career spans a breath of technology, including Linux systems admin, software incident automation, microprocessor application engineering, data storage system engineering and endpoint and network deposit.  He bridges the gap between needs and solutions.  He is currently focused on helping problems remove assumptions from their security programs.  Security programs work at to increase effectiveness with the best people, solutions and processes.  But while other concerns are driven by data, much of security is still based on assumptions.  Eric recognizes Security Instrumentation Platforms as a powerful way of removing assumptions and driving upswing through data.  This results in more effective security programs, optimizing resources and confidently closing the business.  He enjoys combining his teaching and technology skills every day.Woman’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not incontrovertibly reflect those of Tripwire, Inc.

Leave a Reply

Your email address will not be published. Required fields are marked *