| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Throw out everything that you know about security tools today. No more
six-figure appliances that only do one thing marginally well. No more
proprietary protocols. We deserve better and we demand better. Envision a world
where your security tools talk with eachother. They communicate and share data
in order to leverage eachothers strengths and and help compensate for their
weaknesses. They work together to solve problems. Envision "Symbiotic Security". As an example, let's pretend that you are purchasing a new Intrusion
Prevention System for your enterprise. As you begin to evaluate the various
tools from the Gartner Magic Quadrant, you quickly realize that they almost all
have the same primary feature set. The key differentiator at this point aren't
the rules or the hardware, but rather, the ability for the system to send and
receive data with other systems. The IPS itself has some signatures and blocking
abilities, but has zero relevancy data. Now, we give the IPS the ability to pull
in vulnerability data and system configuration information from network and host
scans and we gain relevancy. Add in some additional data on where the potential
threat is coming from and now you have the data necessary to take a decisive
action on threats. This new system is a "Consumer". Now, if you give the IPS the
ability to send information to other devices on things like the source of
relevant threats, those devices, like a firewall or HIPS, can now make
intelligent blocking decisions as well. Our IPS now has "Provider" abilities.
Since our IPS is labeled as both a "Provider" and "Consumer" it is deemed
"Symbiotic". This convention can now be used both by the manufacturer to market
the value-add of the device as well as a way for the purchasers to differentiate
between otherwise similar devices. In order to demonstrate the true powers of being symbiotic, we are releasing
a free tool that epitomizes this concept. The tool, named ThreadFix, has been
labeled as a "Consumer" because of it's abilities to pull vulnerability data
from static and dynamic scanning tools, threat modeling, and manual penetration
tests as well as alert logs and vulnerability details from IDS, IPS, and WAF
products. ThreadFix has also been labeled as a "Provider" because of it's
abilities to normalize the data consumed and pass it along to IDS, IPS, and WAF
for action as well as to your bug tracking system for remediation tracking.
Because it can serve both a consumer and provider role, we designate it as a
"Symbiotic" tool, thus indicating that it can provide the utmost value to it's
users. We recognize that like any new concept it can take some time to embrace, but
we feel certain that labeling tools according to their abilities as "Consumers"
and "Providers" can help to facilitate a much needed turn towards openness in
our industry. Vendors will get the message that consumers want to select tools
that work together in order to achieve their maximum effectiveness. Consumers
will get the added value of having tools that work outside of their silos to
make their jobs more effecient and maximize their ROI. Please join us in
embracing this bold new concept.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast