With the continued challenge of detecting attacks and the increasing focus on detection and response, it’s time to take a step back and make sure that the efforts (and investments) are done with an eye towards a more strategic means of making decisions about how to allocate scarce security resources and which alerts need which priority. In this paper, we present our ideas around achieving true enterprise visibility, what role analytics plays in the decision making process, and finally how to Evolve to Security Decision Support.
Our newest paper, A Complete Guide to Enterprise Container Security, is a full update of our previous research on container security. A lot has happened over the last 18 months, which prompted a significant rewrite of our original content. As more organizations accept that containers are now the common media for applications, the platform focus is shifting to containers, with steps taken at each stage of the container lifecycle to ensure what actually goes into production is fully tested.
The velocity of technology infrastructure change continues to accelerate, putting serious stress on Security Operations (SecOps). This has forced security folks to face the fact that operations has never really been their forte. That’s a bit harsh, but denial never helps address problems. The answer is not to give up or run away, but we do have to think differently. In this paper, we present an approach based on building security into the technology stacks which run our infrastructure, documenting operational in clear runbooks, and implementing those runbooks via orchestration and automation within infrastructure without manual intervention.
