Dynamic whitelisting and security policy automation - pipe-dream or not?

Presented at ToorCon San Diego 19 (2017), Sept. 3, 2017, 12:30 p.m. (20 minutes).

Many cybersecurity experts have said for years that we need to do better whitelisting, and that relying on blacklisting and anomaly detection is not good enough anymore. Unfortunately, organizations often cannot technically implement the comprehensive security policies they want to (or should want to). This is because there are too many overlapping technical configs in too many places, and everything keeps changing dynamically. This is particularly hard for large, interconnected “IT landscapes” like IoT. We need better security policy automation tools that allow us to write policies in generic, simple terms, and automatically implement them, and update them if the IT landscape changes. This is of course easier said than done. In this talk we will present (and run a demo) of security policy automation we are developing as part of a current government R&D subcontract (across an interconnected medical device landscape and across an interconnected intelligent transport system). It allows to author generic policies, ingests numerous data sources, tests policies, generates technical policy configurations, and monitor. The presentation will explain technical approaches, benefits and challenges.

Presenters:

  • Ulrich Lang as Ulrich Lang (@objectsecurity)
    Ulrich received his Ph.D. from the University of Cambridge Computer Laboratory (Security Group) on access policies for middleware in 2003, after having completed a Master’s Degree (M. Sc.) in Information Security from Royal Holloway College (London) in 1997. Ulrich is a renowned thought leader in access control policy, model-driven security, and Cloud/SOA/middleware security. He is on the Board of Directors of the Cloud Security Alliance (Silicon Valley Chapter). He is also responsible for the business and technical strategy, architecture and direction of ObjectSecurity and the OpenPMF product. He has published over 150 papers/presentations, and has previously worked as a proposal evaluator, project evaluator, conference program committee, panel moderator, consultant, book author.

Links:

Similar Presentations: