the future of it and ot converged orchestration ......automation vs orchestration today’s it...
TRANSCRIPT
New Context Services, Inc. | www.newcontext.com | @newcontext
The Future of IT and OT Converged OrchestrationGridSecCon 2018Andrew Storms
New Context Services, Inc. | www.newcontext.com | @newcontext
20+ years security & product experience.Advocacy on security appears in CNBC, Forbes, and NYT. Previously CloudPassage, nCircle, and Tripwire.
The last 4 years I’ve been blessed with the opportunity to work with a handful of utilities and national labs to research the viability of performing automated threat detection and response.
San Francisco
Andrew Storms
VP, Product at New Context
@St0rmz
New Context protects data and the movement of data in highly regulated industries
The Future of IT and OT Converged Orchestration | GridSecCon 2018 | Andrew Storms
New Context Services, Inc. | www.newcontext.com | @newcontext
AUTOMATION VS ORCHESTRATIONToday’s IT automation is not tomorrow’s orchestration
Today’s IT automation tools are a set of glorified incident response gadgets
Malware!
Investigate
VirusTotal
Open Ticket
Not Orchestration Orchestration
Design Installation Potential Failure Failure
Time
Cond
ition
PrecisionMaintenance
PreventativeMaintenance
• Reactive• Pre built playbooks• Triage
• Proactive• Entire system lifecycle• Automated governance
Orchestration
The Future of IT and OT Converged Orchestration | GridSecCon 2018 | Andrew Storms
New Context Services, Inc. | www.newcontext.com | @newcontext
3 KEY AREAS TO CONSIDER
If you are considering running IT automation in your OT environment
Deployment Considerations What OT can learn from IT What IT can learn from OT
The Future of IT and OT Converged Orchestration | GridSecCon 2018 | Andrew Storms
New Context Services, Inc. | www.newcontext.com | @newcontext
DEPLOYMENT CONSIDERATIONS
1. Level of access corresponds to level of action. Consider an analogy of permissions• Alert = Read• Assist = Write• Automate = Execute
2. Create a vendor DMZ• Segment within a segment
3. Perdue Model• Level 4
4. Bell–LaPadula model (BLP)• Read down, write up
3 Stages Of OrchestrationAc
cess
Leve
l Automate
Assist
Alert
Time / Maturity
Read
Write
Execute
The Future of IT and OT Converged Orchestration | GridSecCon 2018 | Andrew Storms
Suggested Guidance
New Context Services, Inc. | www.newcontext.com | @newcontext
WHAT OT CAN LEARN FROM IT
Ephemeral Designs
Measure Anything, Measure Everything
Plan for Isolation as a Response
“If Engineering at Etsy has a religion, it’s the Church of Graphs.” Etsy Code as Craft, 2011
"I surveyed the network, and found that two thousand computers were infected within fifteen hours.” Clifford Stoll on the famous 1988 Morris Worm
In order to support orchestration, OT may need to consider…
“If your application can't tolerate a system failure would you rather find out by being paged at 3am or after you are in the office having already had your morning coffee?”Netflix Chaos Monkey
The Future of IT and OT Converged Orchestration | GridSecCon 2018 | Andrew Storms
New Context Services, Inc. | www.newcontext.com | @newcontext
WHAT IT CAN LEARN FROM OT
OT Prioritizes Safety and Reliability
Make Use of Estimators & Analysis
Prefer Single Purpose Machines
“went into the server room and walked up to the server with its console perched on top. I logged in and, without checking, I entered the shutdown command.” BOFH, The Register
“Known as CoinHive, the JavaScript program is designed to reside on web sites and run in the browsers of visitors to crunch the calculations that mine a cryptocurrency” Fortune 2017
When it comes to orchestration, IT can learn a few things too..
“Due to an operator error, all us-east-1 API systems and customer instances were simultaneously rebooted at 2014-05-27T20:13Z (13:13PDT)” Joyent outage postmortem May 2014
The Future of IT and OT Converged Orchestration | GridSecCon 2018 | Andrew Storms
New Context Services, Inc. | www.newcontext.com | @newcontext
IN SUMMARYIf you are considering running IT automation (or orchestration) in your OT environment
Deployment Considerations
What OT can learn from IT
What IT can learn from OT
• Provide access only as needed
• Ephemeral Designs• Measure Anything, Measure Everything• Plan for Isolation as a Response
• Safety and Reliability• Make Use of Estimators & Analysis• Prefer Single Purpose Machines
Andrew Storms, [email protected], Product@St0rmz
The Future of IT and OT Converged Orchestration | GridSecCon 2018 | Andrew Storms