Applying DevOps Principles to Address Dynamic Changes in Cyber Security

1Fighting Dynamic Cyber Threats with DevOpsFebruary 29, 2016© 2016 Carnegie Mellon University

Approved for Public Release; Distribution is Unlimited

Software Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213

© 2016 Carnegie Mellon UniversityApproved for Public Release; Distribution is Unlimited

Applying DevOps Principles to Address Dynamic Changes in Cyber Security

Hasan Yasar & Aaron Volkmann



Copyright 2016 Carnegie Mellon University

This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center.

Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense.

NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

[Distribution Statement A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.

This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at [email protected].

CERT® is a registered mark of Carnegie Mellon University.

DM-0003342



Dynamic Cyber Threats



100,000 new malicious IP addresses per day in 2015 97% of malware is unique to a specific endpointIn 2016, over 50% of users will encounter a 0-day phishing site *

* http://webroot-cms-cdn.s3.amazonaws.com/7814/5617/2382/Webroot-2016-Threat-Brief.pdf



Picture (Optional)

Network



Picture (Optional)

Host



Picture (Optional)

Host

Malicious Binary



Picture (Optional)

Host

Malicious Binary



Picture (Optional)

Host

Malicious Binary

Database



Picture (Optional)

Host

Malicious Binary

Database



Picture (Optional)

Host

Host?



Picture (Optional)

Host

Host?

Host?



Picture (Optional)

Host

Host?

Host?

Host?



Picture (Optional)

Host

Host?

Host?

Host?



Picture (Optional)

Host

Host?

Host?

Host?



Picture (Optional)

Host

Host?

Host?

Host?



Picture (Optional)

Host

Host

Host?

Host



Picture (Optional)

Host

Host

Host?

Host



Picture (Optional)

Host

Host

Host?

Host



Picture (Optional)

Host

Host

Host?

Host



How long do you think that will take?

Would your organization be able to do this rapidly without disrupting the business mission?

How can we coordinate this kind of movement across geographically dispersed locations?

When your network architecture is known by the bad guys, how can we deploy new network touch points rapidly?

Picture (Optional)



Agile Operations: Escape harm by dynamically reshaping cyber systems as conditions / goals change

Dr. Richard Linderman - Deputy Director for Information Systems and Cyber Technologies in the Office of the Assistant Secretary of Defense, Research and Engineering

Picture (Optional)





Enter DevOps



Shared Goals CollaborationBusiness Needs

DevOps




DevOps

Development Operations




DevOps

Development Operations

Operations Security Analysts



DevOps Values

Culture – Break down team barriers, blame-free culture focused on innovation

Automation of tasks, processes, and workflows

Measurement – Know what’s working and where to do better

Sharing tools, discoveries, and lessons



Culture

Picture (Optional)



Automation

Dynamic reconfigurationNetworksApplicationsSystems

Maneuver for deceiving threatsAutonomous reconfiguration



Bridge Automation

Silos



Measurement



Sharing



DevOpsing Security Picture (Optional)

Dev & Ops Security Analysts

Apps / NetworkExternal Factors

Threat intelligenceSecurity feed

Feedback &Knowledge

Monitor & Change

MonitorMonitor



DevOpsing Security Picture (Optional)

Dev & Ops Security Analysts

Apps / NetworkExternal Factors

Threat intelligenceSecurity feed

Feedback &Knowledge

Monitor & Change

MonitorMonitor









#RuggedDevOps

If you see something cool…



Thank You DevOps Connect Sponsors



Picture (Optional)

Get today’s Rugged DevOps presentations in your inbox

[email protected]



Thanks!

Hasan YasarTechnical ManagerTelephone: +1 412.268.9219Email: [email protected]

Aaron VolkmannSenior Research EngineerTelephone: +1 412.268.8993Email: [email protected]

SEI DevOps Blog:

http://insights.sei.cmu.edu/devops

mailto:[email protected]



Technology

Applying DevOps Principles to Address Dynamic Changes in Cyber Security