Building an enterprise security knowledge graph to fuel better decisions, faster

Presented at BSidesLV 2019, Aug. 6, 2019, 2 p.m. (55 minutes).

The majority of security teams are stuck between a rock (almost static risk registers, updated quarterly from hand-curated spreadsheets), and a hard place (a SIEM - or several! - aggregating 1000s of alerts). But neither of these create, deliver, nor easily link inputs and outputs and reasoning to business context.

If you forgot the status quo existed, and imagined nirvana, what might that look like?

For the Photobox Group Security team, the answer was: ""A continuously updating knowledge graph, that automatically links security and business data to create relevant relationships between all the parts of our enterprise ecosystem, and which enables us to input, query, vizualize, share, update and distribute information. In seconds.""

This talk demos the technology stack we've built to achieve that, using commercially available SaaS-based components including JIRA, Slack and ELK. We'll open-sources the code to run the robot army and give you an introductory handbook for how to adopt a graph-based approach to security in your own organisation, (starting with data you already have!)


Presenters:

  • Jon Hawes
    Jon runs the Detect function at Photobox Group, which covers Security Operations, Incident Response and Red Team Testing. He also leads the Security Innovation Hub, running projects to evaluate technologies and processes that support data-informed decision making, process automation and a DevOps engineering culture. Prior to Photobox, Jon worked in various roles doing strategy, architecture, product management, project management and data analytics for companies that ranged from startups to federated multi-nationals. When he's not doing security he's either longboarding or writing music.

Links:

Similar Presentations: