Last updated at Tue, 05 Sep 2017 18:45:16 GMT
If you’ve read the news at all lately, you know that we're having some struggles with information security. Everything from elections to hospitals to Westeros is considered a target, and adversaries continue to learn and innovate—often faster than the defense can respond. It’s not that they have better tools or work harder than the defense, so what gives? If you're struggling with these issues and happen to be coming Rapid7's annual United Summit, swing by the Detection and Response track on Wednesday, September 13 and hear Justin Pagano and I talk about how we are working on solving these problems!
Turns out, the status quo is kind of the worst. Defenders are trying to work against the clock, to go back in time to deal with issues we thought were resolved decades ago...and on top of that, there aren’t nearly enough defenders out there (yet!). So what can we do against these types of odds? The key is automation—but not just any old kind of automation. Limited, silo-ed approaches to automation have helped put us where we are now. To move forward, we need broad security automation based on our understanding of the adversaries: how they operate, how they've targeted us in the past, and how they're likely to target us in the future. And that brings us to why I'm involved in this talk in the first place—the combination of broad security automation and threat intelligence!
We need to automate what we should, not just what we can. This won’t look the same for every organization because organizations are protecting different types of information, defending against different types of adversaries, have different resources and constraints. What our talk will offer isn't a magical, one-size-fits-all solution, but instead a new approach to security automation. We will cover broad automation’s dependencies (e.g., scripting/programming skills, APIs, time, money, motivation, and prioritization), as well as what it takes to have worthwhile threat intelligence (sources, timely analysis, and expertise). We'll wrap it up with how to combine the two and develop a program that focuses on real threats, helps prioritize non-automated responses, and frees up the time needed to innovate and learn as defenders.
We hope to see you there! If you haven't registered yet, do so here.
