Servers compliance: audit, remediation, proof

Transcript

1. 10 & 11 DÉCEMBRE 2019 Servers compliance: audit, remediation, proof

   Alexandre BRIANCEAU

2. Abstract > > >

3. • Everyone has authority over their activities and carries responsibilities:

   security is a cross-cutting concern • A team dedicated to security is not enough, the attacker will know how to find weak points: it is a question of security hygiene, as for healthcare. Cybersecurity and business

4. Cybersecurity and IT infrastructure DEV QA PRODUCTION RECOVERY DEV SEC

   OPS MGMT EXTERN Multiple teams, diluted expertise, harder reporting Heterogeneous systems, reduced visibility, ease of use and understanding

5. • Cyber posture Security status (network, information, IT…) with mananing

   capabilities to react on any change. • Cyber Risk Management Actions and process to maintain an cyber posture • Cyber exposure Holistic and dynamic risk visibility to obtain meaningful data • Cyber Bullshit Vendors telling you that their magical software solve everything Cyber <put here what you want> Cyber Bullsh*t

6. • Main issues: ◦ Systems complexity and heterogeneous infrastructures ◦

   Lack visibility and have blind spots ◦ Difficulties in having enough qualified people ◦ Collaboration between security and IT operational teams is difficult: ▪ non-aligned objectives ▪ different processes and technologies ▪ significant delays increasing reaction time SecOps is a collaborative effort to align needs, objectives, values and technologies to effectively support Cyber Risk Management. SecOps: team collaboration for cybersecurity

7. 52% of organizations admit to cutting back on security measures

   to meet a business deadline or objective SecOps: easy to say, hard to do Half companies find that coordination between security and IT operations teams is challenging. Half of organizations cited that the absence of effective orchestration and automation is barrier

8. Automation makes it possible to make SecOps goals real by

   allowing: ◦ To act quickly across all infrastructures by speeding up workflows ◦ To be 100% predictable and therefore reliable ◦ To centralize information, allow effective communication and ensure knowledge transfer ◦ To trace and log all events, report meaningful data and context to the teams with holistic and detailed informations ◦ To free up teams so that human intervention is valuable: analysis, decision-making, design, sharing Automation & SecOps

9. • Perimeter is huge: from servers to network or IOT…

   • Two main actions: ◦ Proactive: risk identification and mitigation (incident prevention) ◦ Reactive: incident response (that limit the loss) Risk management is proactive, but mapping and identifying risks is useless if they cannot be easily addressed! IT systems & SecOps >

10. Open-source and French continuous configuration management solution for IT compliance

    ➔ Are my systems in compliance with our security policy? ➔ Which DMZ servers are vulnerable to this CVE? ➔ How do I prove my compliance to the auditor?

11. RUDDER & IT Ops landscape Business needs Operating System Versioned

    source code Applicative binaries Middleware App App App Server Agile methodology Continuous integration Continuous deployment Provisioning RUN DEV Installation & Configuration Updating & Patch Management Security & Risk Management Running & Incident resolution SECURITY

12. Ensure that the rules are applied

13. Ensure that the risks are managed

14. Give context to your team

15. Rudder: running principle 2. Configuration download 1. Target state definition

    3. Continuous local verification (+ Automatic fixing) 4. Continuous reporting Server App version XX.XX

16. Collaboration to define compliance state

17. Ensure that all your IT is compliant

18. Fit to your workflows Sec Production Interns Ops Dev Externals

    audit - sudoers / logs validation workflow DMZ Compliance reporting

19. IT automation & compliance for SecOps RUDDER in a nutshell

    • Automate and ensure that your IT systems are under control • Beyond auditing: act and remediate! • Give your teams quick feedbacks and contexts • Allow Sec & Ops team to collaborate in autonomy • Integrate with your workflows and your ecosystem:

20. Manage OS, middleware and software level Team oriented (WebUI, CLI,

    API) Audit only or automatic drift remediation Continuous reporting and dashboarding IT automation & compliance for SecOps RUDDER in a nutshell

21. Project website: Documentation: Online Chat: To contact me: More details

    on RUDDER with... www.rudder.io docs.rudder.io chat.rudder.io [email protected]

22. 10 & 11 DÉCEMBRE 2019 Servers compliance: audit, remediation, proof

    Alexandre BRIANCEAU