Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
From DevOps to DevSecOps: Structuring Communication for Better Security
Threaded  |  Newest First  |  Oldest First
GeoffZ290
50%
50%
GeoffZ290,
User Rank: Apprentice
2/15/2018 | 11:02:01 AM
SIEM as Hub
If change management is central, why are you focusing on the SIEM as central? The SIEM focuses on threats, not context. Your CMDB provides risk context including for change management. If you don't know clearly what you are protecting you will focus on threats for which you have no underlying exposure. DevSecOps should bring together all IT operational teams, not merely orchestrate silo'd security tools.
roberthawk
50%
50%
roberthawk,
User Rank: Author
2/19/2018 | 6:46:34 PM
Re: SIEM as Hub
In regard to "If change management is central, why are you focusing on the SIEM as central?".  Though the SEIM traditionally has been used as a 'security' device or system, it is evolving into the organizations information systems nerve processing center.  Shipping logs to the SIEM from internal and external systems can be used to detect issues within the network.  The same is true for change management logs.  In effect connecting change management to the SEIM is useful in regard to detecting possible outages that may result due to bad or incorrect changes implemented.  in regard to "DevSecOps should bring together all IT operational teams, not merely orchestrate silo'd security tools."  It is easy to dictate to people the necessity to collaborate and they may try to.  Creating technology bridges across silos may be a great way to start tearing down the silo walls.
tom.gillis
50%
50%
tom.gillis,
User Rank: Author
2/21/2018 | 5:45:09 PM
Is DevSecOps the right answer?
No doubt it makes sense to build apps in a way that a single SEIM can provide a holistic view.  But that's not the entire security story - that's really just consolidatiing the forensics.  As we move into a world with cloud native applications, it is risky to rely on developers to also think about operations AND security.  Is it possible that one person can optimize all three?  Organizations have utilized the seperation of duties model for years for the simple reason that focus and accountability brings results.  Increasing developer awareness of security is of course a good thing and likely to yield some results. But maintaining a strong, independant security team just seems to make sense.  Beyond the org structure, the security tools need to evolve to bring the seperation of duties model to the self service cloud.  Amazon took a big step forward with recent enhancements to their IAM capabilites, segmenting some security functions from day to day dev and ops functions.  But there's still a long way to go for the tools to enforce true seperation of duties.  DevOps yes.  DevSecOps and security is all taken care of?  Doubtful.


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27734
PUBLISHED: 2021-05-17
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.
CVE-2021-27342
PUBLISHED: 2021-05-17
An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack
CVE-2021-31727
PUBLISHED: 2021-05-17
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to \.\ZemanaAntiMalware, register with the driver using IOCTL 0x8000201...
CVE-2021-31728
PUBLISHED: 2021-05-17
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to \.\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook wit...
CVE-2021-32402
PUBLISHED: 2021-05-17
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.