1 / 10

Enterprise Security Assessment Sharing: An appetizer

Enterprise Security Assessment Sharing: An appetizer. Yuri Gurevich Research in Software Engineering Microsoft, Redmond, WA, USA. 1. Section: Motivation. The problem of interest to us belongs to a natural class of problems. We describe the class by examples. Tower of Babel.

uttara
Download Presentation

Enterprise Security Assessment Sharing: An appetizer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise SecurityAssessment Sharing:An appetizer Yuri Gurevich Research in Software Engineering Microsoft, Redmond, WA, USA 1

  2. Section: Motivation The problem of interest to us belongs to a natural class of problems. We describe the class by examples.

  3. Tower of Babel • All men had the same language and vocabulary. • As they migrated from the east, they came upon a valley in the land of Shinar and settled there. • They said: “Let’s make bricks and burn them hard.” Brick served them as stone, and bitumen as mortar. • They said: “Let’s build a city and a tower with its top in the sky to glorify ourselves; otherwise we’ll be scattered over the world.” • The Lord came down to look at the city and tower that man built. • And the Lord said: “If, as one people with one language, this is how they began to act, then nothing that they may propose to do is out of their reach. • Let’s then go down and confound their speech, so that they shall not understand one another.” • Thus the Lord scattered them over the face of the earth, and they stopped building the city. • That’s why it’s called Babel, because there the Lord confounded the speech of the earth, and from there the Lord scattered them over the face of the earth.

  4. Solutions • Choose a particular language and use it as lingua franca • A super linguist that knows all the languages • An army of translators • A mystery solution

  5. Healthcare • Problem • Different expertise (rather than different languages) • The skiing example • Solutions • Particular language as lingua franca • Super physician • An army of translators • A mystery solution

  6. Automated security experts • Edge experts (related to network security) • firewalls • routers, gateways • network intrusion detection, network protection systems • data loss (or leak) protection, aka network extrusion detection • Host experts (monitoring individual hosts) • monitoring registry changes • monitoring applications • anti-malware, anti-spyware • host fire walls • host intrusion protection systems • host extrusion protection • health (or operation) management

  7. Automated security experts (cont) • Identity experts • identity management • monitoring (suspicious) password changes • monitoring elevation of privileges • Active Directory • Email experts related to • spam • viruses • data leakage • Application and DB experts

  8. Solutions • Super expert • Security Event Management (SEM) • Security Information Management (SIM) • A mystery solution

  9. Distributed databases • The problem • Object info may be spread over a large number of local databases. • Checking for consistency, infection, etc. may be involved and require expensive transactions. • View local databases as experts observing different features of an object in question. • Solutions • A local super database • A mystery solution

  10. Section: Mystery solution

More Related