100 likes | 267 Vues
Enterprise Security Assessment Sharing: An appetizer. Yuri Gurevich Research in Software Engineering Microsoft, Redmond, WA, USA. 1. Section: Motivation. The problem of interest to us belongs to a natural class of problems. We describe the class by examples. Tower of Babel.
 
                
                E N D
Enterprise SecurityAssessment Sharing:An appetizer Yuri Gurevich Research in Software Engineering Microsoft, Redmond, WA, USA 1
Section: Motivation The problem of interest to us belongs to a natural class of problems. We describe the class by examples.
Tower of Babel • All men had the same language and vocabulary. • As they migrated from the east, they came upon a valley in the land of Shinar and settled there. • They said: “Let’s make bricks and burn them hard.” Brick served them as stone, and bitumen as mortar. • They said: “Let’s build a city and a tower with its top in the sky to glorify ourselves; otherwise we’ll be scattered over the world.” • The Lord came down to look at the city and tower that man built. • And the Lord said: “If, as one people with one language, this is how they began to act, then nothing that they may propose to do is out of their reach. • Let’s then go down and confound their speech, so that they shall not understand one another.” • Thus the Lord scattered them over the face of the earth, and they stopped building the city. • That’s why it’s called Babel, because there the Lord confounded the speech of the earth, and from there the Lord scattered them over the face of the earth.
Solutions • Choose a particular language and use it as lingua franca • A super linguist that knows all the languages • An army of translators • A mystery solution
Healthcare • Problem • Different expertise (rather than different languages) • The skiing example • Solutions • Particular language as lingua franca • Super physician • An army of translators • A mystery solution
Automated security experts • Edge experts (related to network security) • firewalls • routers, gateways • network intrusion detection, network protection systems • data loss (or leak) protection, aka network extrusion detection • Host experts (monitoring individual hosts) • monitoring registry changes • monitoring applications • anti-malware, anti-spyware • host fire walls • host intrusion protection systems • host extrusion protection • health (or operation) management
Automated security experts (cont) • Identity experts • identity management • monitoring (suspicious) password changes • monitoring elevation of privileges • Active Directory • Email experts related to • spam • viruses • data leakage • Application and DB experts
Solutions • Super expert • Security Event Management (SEM) • Security Information Management (SIM) • A mystery solution
Distributed databases • The problem • Object info may be spread over a large number of local databases. • Checking for consistency, infection, etc. may be involved and require expensive transactions. • View local databases as experts observing different features of an object in question. • Solutions • A local super database • A mystery solution