Many organizations struggle with the conflict between software developers who want to use new technology and security teams who want to prevent deployments that contain security vulnerabilities. Security teams blocking new technology risk hurting the company financially or being bypassed altogether. Based on the number and magnitude of recent security breaches, organizations that choose to bypass security recommendations face substantial risk. This paper presents an alternative approach to manual security review and overcomes bypassed security review, using security automation to respond to events in the environment. Amazon Web Services (AWS) cloud infrastructure and security tools are particularly well suited for event driven security automation and will be used to provide examples, but the concepts apply to any environment. A working framework demonstrates automated intrusion detection and response on AWS.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program