Organizing for Resilient Operational Response Click to edit Master text styles ƒ

advertisement
Organizing for Resilient
Operational Response
ƒ Click to edit Master text styles
– Second level
ƒ Third level
– Fourth level
ƒ Fifth level
Jerry Cochran, CISSP, CISM
Director
jerry.cochran@microsoft.com
Global Security Strategy and Diplomacy
Trustworthy Computing
Security Ecosystem Trends
Horizontal Integration
ƒ Click to edit Master text styles
– Second level
ƒ Third level
– Fourth level
ƒ Fifth level
Global Security Strategy and Diplomacy
Trustworthy Computing
Security Response Interactions
Reverse
Engineer
ƒ Click to edit Master text styles
– Second level
Actors
¾Understand
decision
making process
ƒ Third
level
¾Engage all segments
– Fourth level
¾Follow the “herds”
ƒ Fifth level
Technology
¾Identify attack & research trends
¾Extinguish classes of issues
Bug
Miner
POC
Coder
IDS/AV
Expert
Software
Vendor
Botnet
Herder
Economics
¾Promote legitimate business models
¾Change the Equation:
9Increase the cost of malicious activities
9Reduce malicious actor ROI
Malware
Coder
Exploit
Writer
Payload
Coder
Global Security Strategy and Diplomacy
Trustworthy Computing
Diverse Response Ecosystem
Security
ƒ Click to edit Master
text
Vendors
– Second
Securitylevel
Researchers
ƒ Third level
– Fourth level
ƒ Fifth level
CERTs
Microsoft
styles Customers
Microsoft
Partners
Microsoft
Security
Response
Government
Agencies
Law
Enforcement
Press &
Analysts
Microsoft
Product
Groups
Microsoft
Field
Global Security Strategy and Diplomacy
Trustworthy Computing
Responding to a Security Incident
Microsoft Software Security Incident Response Plan
ƒ Click to edit Master
Alerttext styles
and
Watch
– Second level
Mobilize
ƒ Third level
– Fourth level
Observe
Convene
and
ƒ Fifth
level
environment to
detect any potential
issues
Leverage existing
relationships with:
Partners
Security
researchers
and finders
Monitor customer
requests and press
inquiries
evaluate severity
Mobilize security
response teams and
support groups into
two main groups:
Emergency
Engineering Team
Emergency
Communications
Team
Start monitoring
WW press interest
and customer support
lines for this issue
Assess
and
Stabilize
Assess the
situation and the
technical
information
available
Start working
on solution
Communicate
initial guidance and
workarounds to
customers, partners
and press
Notify and inform
Microsoft sales and
support field
Resolve
Provide information
and tools to restore
normal operations
Appropriate solution
is provided to
customers, such as a
security update, tool
or fix
Conduct internal
process reviews
and gather
lessons learned
Global Security Strategy and Diplomacy
Trustworthy Computing
Microsoft Response Program
Areas
ƒ Click toCommunity‐based defense –
edit Master text stylesMicrosoft Active Protection Program – Second level
ƒ Third level
Rapid response communications –
SCPCert
– Fourth
level
ƒ Fifth level
Defensive security knowledge – Exploitability Index
Isolate malicious software – MS Vulnerability Research
Support of worldwide law enforcement and legislatures
Global Security Strategy and Diplomacy
Trustworthy Computing
Coordinating Multi-vendor
response
ƒƒ Click
to edit Master
text styles
International
Consortium
for Advancement of Security
– Second
level (ICASI)
on
the Internet
ƒ Thirdexcellence
level
ƒ Drive
and innovation in security response
– Fourth
level
practices;
and
ƒ Fifth level
ƒ Enable ICASI collaboration to proactively analyze,
mitigate, and resolve multi-vendor, global security
challenges
ƒ Five Industry Members: Cisco, IBM, Intel, Juniper, Microsoft
ƒ Operational Response Coordination
ƒ Unified Security Incident Response Plan
www.icasi.org
Global Security Strategy and Diplomacy
Trustworthy Computing
A Security and Resiliency
Continuum
ƒ Click to edit Master text styles
– Second level
ƒ Third level
– Fourth level
ƒ Fifth level
Global Security Strategy and Diplomacy
Trustworthy Computing
Resilient Operational Framework
ƒ Click to edit Master text styles
– Second level
ƒ Third level
– Fourth level
ƒ Fifth level
Global Security Strategy and Diplomacy
Trustworthy Computing
ƒ Click to edit Master text styles
– Second level
ƒ Third level
– Fourth level
ƒ Fifth level
Global Security Strategy and Diplomacy
Trustworthy Computing
Download