In 1943 Abraham Maslow published his now famous, “A Theory of Human Motivation” in which he outlined a five-tier model for human motivation. Maslow’s hierarchy of needs started with basic needs for survival such as food and water as a necessary foundation and ended with enlightenment or self-actualization at the top.
So what does Maslow’s hierarchy of needs have to do with cyber security? We could all learn a thing or two from Maslow as we head into Black Hat 2019 on our continual pursuit to provide safety and security for digital business infrastructure.Soon more than 20,000 IT and security professionals will descend on Las Vegas for BlackHat USA 2019.No doubt there will be vendors at BlackHat promoting products claiming to offer enlightenment (self-actualization in Maslow’s terms) so that your respective organizations can reach their full potential and cyber security challenges are no longer a bottleneck for innovation. Buzzwords like artificial intelligence, machine learning, and blockchain will cause confusion but sound promising enough to warrant consideration. But when BlackHat ends and you get back to work you realize most organizations are still struggling to meet basic needs to secure their infrastructure and remain at the “physiological needs” level of Maslow’s hierarchy.
A few months ago we defined the need for better cyber hygiene. At a high level it breaks down as follows:
- Keep an accurate count of all software and hardware assets.
- Configure these assets based on industry best practices such as CIS and DISA STIGs to reduce the attack surface.
- Limit access to these assets to only authorized personnel.
- In a timely manner patch these assets to the latest version of the software available to avoid vulnerabilities.
- Repeat this process on a regular basis for continual compliance.
Sounds simple, right? We all know it isn’t so easy. If it were we wouldn’t be witness to the parade of daily headlines describing the latest data loss or security breach.
Cyber security challenges
Of course there are multiple challenges preventing IT and security organizations from meeting these basic needs, starting with security tools.
Many security tools are not designed with an API-first architecture, limiting a user’s ability to query applications for information and take automated actions without human intervention. If the tools can’t talk to each other, the teams using the tools will struggle as well. Siloed processes that should be shared between development, security, and IT operations teams plague a move to DevSecOps or SecOps collaboration and workflows. Often infosec teams are manually sharing dead-end CSV or PDF (ugh) reports with IT operations teams, who then have to make sense of these reports, take action on them, and hope they got it right despite no automated feedback loop. Poorly designed or short-sighted tools too often contribute to error-prone work and bad cyber hygiene.
Modern infrastructure sprawl
The VM sprawl of last decade has today grown into infrastructure sprawl across not only VMs but containers, IoT, hybrid cloud, network gear, and everything in between.Infrastructure sprawl makes accurately and continuously tracking assets extremely difficult. And the lack of tools that can scale to support modern infrastructure has only compounded the problem. Often organizations have to resort to point solutions to manage and secure each type of infrastructure. These point solutions often don’t talk to one another; they certainly don’t offer anything in the way of infrastructure automation.
The People & Process Problem
And finally there is the people/process problem. The cybersecurity skills shortage is well known. Compounding the problem is the number of reported vulnerabilities has now reached an all-time high in 2019. In effect, IT and security organizations are responding to more security vulnerabilities with fewer resources at hand. And even if a vulnerability exists and is reported within an organization it often doesn’t get patched right away. The failure to patch Apache Struts cost Equifax at least $700 million dollars in hard costs, and untold millions (billions?) in soft costs. The Equifax breach was a case of change and patch management gone bad. It can and does happen to hundreds and thousands of organizations per year with varying levels of consequences. While most organizations have stringent change management process in place every change (a software update in this case) has to go through multiple levels of approval and tests before executed. In some cases a change might never see the light of day because by the time all approvals are in a new critical vulnerability shows up and trumps the old in priority putting process and work all back at square one again. Even though a tool exists to solve a problem, it is often unable to fully deliver a solution in a timely manner, leaving teams with a false confidence in the security posture of the organization’s infrastructure.
The SaltStack SecOps Solution
So far have I painted a bleak picture of the state of affairs, but all is not lost. SaltStack is here to help in ways not possible at last year’s Black Hat conference. Earlier this year at RSAC19 we laid out our vision for a modern security operations solution and delivered SaltStack SecOps. The product was very well received at the conference, and was named one of the hottest products at RSAC19 by CSO Online. At BlackHat 2019 we will demonstrate continued execution of our vision to deliver intelligent automation for SecOps with the introduction of SaltStack SecOps 6.1. We’ve been busy since RSAC19 and SaltStack SecOps has been since recognized as a Cyber Defense Black Unicorn Award finalist, and as the 2019 Stevie Award People’s Choice Winner in the category of Endpoint Security Management Solution. In our view a modern SecOps solution should meet the following requirements to effectively help IT and security teams succeed in their vigilant efforts to keep modern infrastructure compliant and secure:
A SecOps solution should readily integrate with existing solutions, from VM vendors, to CMDBs, to ticketing systems and firewalls. Intelligent automation for SecOps should facilitate infrastructure automation that resolves security threats.
Support Hybrid Infrastructure
A SecOps solution solution should support containers, IoT, VMs, hybrid cloud, and everything in between to provide real-time visibility into all infrastructure used across the organization.
Assess and Remediate
It’s one thing to report vulnerabilities, compliance violations, configuration issues natively or through importing of data from other vendors, but ideally a SecOps solution should also remediate or fix issues.
Role-Based Access Control (RBAC)
Stringent RBAC controls are required so various members of the infosec team can assess or import vulnerabilities, and the IT operations teams can remediate them. Teams can only make changes to authorized systems and an audit trail is available if needed.
And finally, a SecOps solution should support reporting, ideally in a machine and human-readable format such as JSON or XML so that organizations can manipulate the data and provide reports needed for business intelligence and executive level analysis.
SaltStack @ BlackHat
SaltStack will be at BlackHat this year where we will introduce SaltStack 6.1. If you would like to participate in the SaltStack SecOps 6.1 beta, please apply here: https://www.saltstack.com/beta-programs/secops-61-beta-program/
Please stop by the SaltStack booth at Black Hat Innovation City (IC2201) to learn more about the latest new capabilities coming in SaltStack SecOps. We look forward to meeting you there.If you aren’t attending Black Hat, contact us to schedule an overview and demo of SaltStack SecOps 6.1.