Comments
From DevOps to DevSecOps: Structuring Communication for Better Security
Newest First  |  Oldest First  |  Threaded View
tom.gillis
50%
50%
tom.gillis,
User Rank: Author
2/21/2018 | 5:45:09 PM
Is DevSecOps the right answer?
No doubt it makes sense to build apps in a way that a single SEIM can provide a holistic view.  But that's not the entire security story - that's really just consolidatiing the forensics.  As we move into a world with cloud native applications, it is risky to rely on developers to also think about operations AND security.  Is it possible that one person can optimize all three?  Organizations have utilized the seperation of duties model for years for the simple reason that focus and accountability brings results.  Increasing developer awareness of security is of course a good thing and likely to yield some results. But maintaining a strong, independant security team just seems to make sense.  Beyond the org structure, the security tools need to evolve to bring the seperation of duties model to the self service cloud.  Amazon took a big step forward with recent enhancements to their IAM capabilites, segmenting some security functions from day to day dev and ops functions.  But there's still a long way to go for the tools to enforce true seperation of duties.  DevOps yes.  DevSecOps and security is all taken care of?  Doubtful.
roberthawk
50%
50%
roberthawk,
User Rank: Author
2/19/2018 | 6:46:34 PM
Re: SIEM as Hub
In regard to "If change management is central, why are you focusing on the SIEM as central?".  Though the SEIM traditionally has been used as a 'security' device or system, it is evolving into the organizations information systems nerve processing center.  Shipping logs to the SIEM from internal and external systems can be used to detect issues within the network.  The same is true for change management logs.  In effect connecting change management to the SEIM is useful in regard to detecting possible outages that may result due to bad or incorrect changes implemented.  in regard to "DevSecOps should bring together all IT operational teams, not merely orchestrate silo'd security tools."  It is easy to dictate to people the necessity to collaborate and they may try to.  Creating technology bridges across silos may be a great way to start tearing down the silo walls.
GeoffZ290
50%
50%
GeoffZ290,
User Rank: Apprentice
2/15/2018 | 11:02:01 AM
SIEM as Hub
If change management is central, why are you focusing on the SIEM as central? The SIEM focuses on threats, not context. Your CMDB provides risk context including for change management. If you don't know clearly what you are protecting you will focus on threats for which you have no underlying exposure. DevSecOps should bring together all IT operational teams, not merely orchestrate silo'd security tools.


'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.