Bringing Wisdom to Automation: Using Identity and Intent-Based Security
Time 10/18/17 10:20AM-11:10AM
Room Seacliff A
As the threat landscape continues to evolve and the cyber-skills gap remains a challenge, organizations struggle to keep up with the volume and sophistication of threats pounding them from all sides. Networks borders are expanding exponentially with the rise of mobility, the Internet of Things and Cloud, and it is not always clear where your most precious data is or if it is safe. The need for a coordinated strategy built on tracking user and device behavior, as well as intent for a network, is critical.
Authentication and authorization are major building blocks for automation and intent-based security. Authentication is the act of making sure something or someone is what they\it claim to be. Authorization is the granting of resources or rights after Authentication. Roles inside organizations are where the two of those activities meet. Authentication and Authorization, or “Rights Assertion”, gives organizations the ability to identify a user or device and allow them to get to resources through a security chain. That is typically a one-time check in most organizations. Advanced companies check rights assertions at very many checkpoints. The bleeding edge of technology allows an organization to “nano-segment” a network based a multitude of attributes, including their user ID and role, the device they are using to access the resources, the temporal information, and even the intended use or activity of the resources themselves. A bleeding edge model, “nano-segmentation”, allows an organization to track and indeed change a user’s role over time. If this data can be learned once someone is admitted into an organization, and then tracked over time and adjusted as needed, based on title change, resource utilization, and even health maintenance of their own devices, this takes the need to actively manage permissions out of the hands of IT and puts it back into the network. IT people can become data scientists to find out why certain things aren’t working, retrain or tweak them if necessary, and provide an infrastructure that evolves with the user, as opposed to forcing the user to comply with a set of rules they may not be comfortable with.
In this session, two cybersecurity experts will explore the critical success factors for applying intent-based methodology to cybersecurity, including standardized data collection and analysis, broad-based and comprehensive sharing of threat intelligence, open development standards and API definition for cross-architecture communication, and effective authentication, including nomenclature and taxonomy. They will discuss specific steps individual organizations can take today to implement these approaches within their own borders, and also delve into the greater good that can be generated by taking similar action across organizations and in the broader digital economy.
• Moving from simple intelligence to truly automated, intent-based security requires three critical building blocks: the ability to process and store huge amounts of data; the ability to learn and translate that data to known patterns; and the ability to take action against those patterns in a coordinated, automated way.
• Defining and creating a “wisdom template” for users, devices, and the intent of the network itself to treat it like more than just a hammer as a tool. This allows unique needs and behaviors of your business to effectively and comprehensively inform and direct your security strategy.
• Informed by this wisdom template, it is possible to automate identification of suspicious or malicious activity happening on the network, freeing up precious resources to focus on understanding intent and responding appropriately.
• The wisdom template will be most effective when it is informed by specialized information and expertise shared across corporate boundaries and the entire security ecosystem and integrated into the infrastructure.
Primary track Information Security
Secondary tracks Applications for Research