Breaking out of the silo: the need for broad security automation

No ratings

Presented at bsidesboston 2016 by

Julian Defronzo

Justin Pagano

Information Security teams are trying to manage increasingly complex IT and cloud environments at their organizations while also keeping pace with an ever-changing threat landscape. At the same time, there's a well-documented issue of unfilled security positions around the world. For many teams this has inevitably led to security control gaps, operational failures, and, overall, insufficient security across virtually all industries. A critical and necessary part of the solution to this problem for any organization is broad automation of disparate technologies and processes across the entire InfoSec lifecycle (protect > detect > remediate). There are a number of potential benefits of automating to this extent: more maintainable, auditable, maturable, predictable, and effective security programs. In this presentation and the Q&A, the speakers will cover: 1. InfoSec programs' current state of affairs with fragmented, siloed automation 2. Strategy for approaching broad security automation 3. Examples of broad automation, including some at Rapid7 (current and future state)