Security Architecture Series Guide

Security Architecture Series Guide: Navigating Security Architecture Strategy & Roadmap

The primary purpose of creating an enterprise security architecture is to ensure that business strategy and IT security are aligned. As such, enterprise security architecture allows traceability from the business strategy down to the underlying technology.

Security Architecture Series Guide

Business Value Proposition

A security architecture is a design document describing the security components that will protect the enterprise, and the ways they relate and interact with each other. It represents a strategic planning horizon and guide that defines the desired state of an organization’s infrastructure.

The architecture sets the context for planning, design, and implementation. It enables a company to evolve and to become agile, multi-functional, and competitive, allowing the seamless adoption of new capabilities and applications into a common infrastructure. Security architecture also facilitates budgeting for security solutions and personnel.

In summary, the security architecture provides:

  • A way to evaluate applicability of new technologies, products, and services
  • A framework for technology decision-making
  • A macro view of IT systems and components, from the security perspective
  • A statement of direction for IT
  • A way to reduce and manage risk in the most cost-effective manner
  • A way to facilitate compatibility and easier administration of systems
  • A blueprint for future network growth
  • A way to create and document consensus
  • A methodology to force consideration of all design factors
  • A guide for the creation of an enabling infrastructure for unforeseen new applications

This Security Architecture Series Guide blog provides an overview of the series to enable readers to facilitate navigation. The series includes the following detailed topics:

Security Architecture Series Guide

Think You’re Secure? Think Again.

Today, with the advent of APTs attackers are laser-focused on multi-pronged exploits that steal data or wreak havoc.  Security is horizontal … it covers all IT infrastructure. The result is that security infrastructure becomes much more complex and fragmented. Attackers don’t discriminate and will take advantage of any gap in protection to reach their end goal. The bad guys continually evolve and innovate. All potential threat vectors need to be examined and addressed.

pc_vs_network_vs_mobile

The secret to success in security is typically simplicity, to have a well designed and organized infrastructure that provides the appropriate layer of controls while enabling users a consistent ‘policy managed’ experience regardless of location, transport or device. The challenge is in achieving that goal. Stay tuned for more information on lessons learned and experience from the field, success stories and, practical case studies.

Think You’re Secure? Think Again.

Security Architecture Primer

The primary purpose of creating an enterprise security architecture is to ensure that business strategy and IT security are aligned. As such, enterprise security architecture allows traceability from the business strategy down to the underlying technology.

Technology Foundation

However, many IT organizations have moved away from formal security architecture governance in favor of rapid deployment cycles and tactical changes which over time risk diverging into complexity and fragmentation – with unresolved security exceptions. Complexity not only leads to insecurity and the increasing potential for human error but also increased cost of operations.

Security Architecture Primer

Security Architecture Baseline

Once distributed roles and responsibilities are identified and established for the security architecture project team, the next important step is to add to that foundation with a security architecture project baseline.

This blog in the series will enable organizations to create that baseline by defining and reviewing applicable regulations, security policy and standards, identifying and classifying information assets and resources, and conducting a risk and threat analysis.

Security Architecture Baseline

Risk-Aware Security Architecture

We continue the series to develop an on-going threat analysis and risk management process – as key requirements to guide architectural direction and also design/implementation to support mitigation of risks/threats via compensating controls and/or countermeasures or, enable the transfer of risk to other parties, acceptance as a business risk (exception process) or, seek avoidance.

Risk ManagementProcess

Risk-Aware Security Architecture

Develop Security Architecture

The next step is to build the security architecture and migration strategy. This strategy lays the foundation for a successful deployment and the ongoing integration of additional applications and services. We cannot emphasize enough that the quality of up-front planning is one of the biggest factors determining the success and degree of payoff from a security project.

Security Services

This section enables organizations to assemble and align the pieces necessary to develop, update, or validate a modular and flexible security architecture.

Develop Security Architecture

Product and Solution Selection

The security architecture and migration strategy (which now embodies your approved and prioritized requirements) may recommend specific products, or it may recommend going through a competitive process to select products. In either case, partner selection isn’t final until costs and schedules are nailed down, funding approved, and contracts signed.

Vendor ComparisonThe architecture is an important foundation for selecting the right vendors, partners, and approaches. However, additional tools are required during product evaluation and procurement. Relatively informal Requests for Information (RFIs) can bring the team up to speed on the advantages and disadvantages of various products. Formal requests for proposals (RFPs) should form the final basis for vendor selection and tasking.

Product and Solution Selection

Security Architecture Implementation

The security architecture defines and justifies a number of solution implementation, integration and/or improvement projects each year, based on budget, resources and, priority. As such, a master project plan should be created that takes into account identified dependencies, integration points and any parallel tasks.

Security Plan

To plan implementation of a security solution, you must identify where project execution resources will come from, develop an implementation plan, obtain buy-in for the implementation plan, and create a detailed design for the configuration and deployment of the security infrastructure.

Security Architecture Implementation

Adaptive Security Lifecycle

Infrastructure and the environments in which they operate are dynamic and continually evolving over time, especially in our rapid deployment world. Many fast-tracked organizations start out with a well-designed, orchestrated and secure architecture but organically, like Firewall rules it devolves and diverges into increasing levels of complexity and fragmentation.

Adaptive Lifecycle

Applications and systems grow exponentially creating increasingly complex connectivity and relationships that result in a spiders web of interfaces across domains. Complexity leads to insecurity, increased risk of human error and, a substantial increase in the cost of operations and maintenance. The result dramatically impacts the organizations ability to deploy rapidly and efficiently and move forward with agility.

Security done right is a business enabler that dramatically reduces total cost of ownership (TCO)
providing a tangible Return on Security Investment (ROSI).

IT complexity and fragmentation replaced by an adaptive modular and flexible architecture enables agility and
improves your competitive edge — so the business can refocus quickly as new opportunities emerge.

Security is a process, not just a product or technology issue.”

Nigel P. Willson

Adaptive Security Lifecycle

Architecture Case Study – Part 1 & 2

In the Security Architecture Series of blogs we have shared all of the steps involved in requirements gathering, baseline, product and solution selection and, through to realizing the architecture. This blog presents an Architecture Case Study that uses those principles and recommendations as a practical example. The illustration provides a conceptual simplified view of the program use case.

Defense in Depth Part 1 takes the reader from Architecture development through to the Technical Recommendation then Part 2 takes the reader from Design to Deployment strategy with Implementation and Migration.

Architecture Case Study – Part 1

Architecture Case Study – Part 2

Thanks for your interest!

Nige the Security Guy.

Advertisements

vCISO Smart Practices – Part 1

vCISO Smart Practices – Part 1: Enabling Success via Collaboration Infrastructure

The Internet of Things offers a tremendous opportunity for businesses to truly transform themselves by realizing the potential of data that is sitting, untapped, in existing infrastructures. The challenge to unlocking that data is the evolution towards a Secure Collaboration Infrastructure.

vCISO Smart Practices

This blog introduces our vCISO Smart Practices series which kickoff with a fundamental discussion on the importance and value of human collaboration and teamwork as a foundational cross-discipline cross-functional ‘Architecture Team’. We also offer an introduction to the blog author, Nige the Security Guy (@NigeSecurityGuy).

This blog series will later address a truly distributed security architecture that supports the Collaboration Infrastructure and applies Smart Practices to that as we evolve rapidly towards the new and exciting yet challenging IOT.

“Training often gives people solutions to problems already solved.
Collaboration addresses challenges no one has overcome before.” Marcia Conner

Sharing and Reciprocity

Collaboration and sharing is a sophisticated skill that asks people who work together to look beyond personal interests towards outcomes benefiting the whole. Collaboration and sharing is a great way to address complex challenges, since it has the potential to tap communal creativity and unleash true innovation and earn genuine buy-in.

Collaboration

Collaboration, at the conceptual level, involves:

  • Awareness – We become part of a working entity with a shared purpose
  • Motivation – We drive to gain consensus in problem solving or development
  • Participation – We participate in collaboration and we expect others to participate
  • Mediation – We negotiate and we collaborate together and find a middle point
  • Reciprocity – We share and we expect sharing in return through reciprocity
  • Reflection – We think and we consider alternatives
  • Engagement – We proactively engage rather than wait and see

Together we can build a safe and increasingly more secure environment …

 “Security done right is a business enabler that dramatically reduces total cost of ownership (TCO) providing a tangible Return on Security Investment (ROSI).

IT complexity and fragmentation replaced by an adaptive modular and flexible architecture enables agility and improves your competitive edge — so the business can refocus quickly as new opportunities emerge.” Nigel P. Willson

People Process Policy Technology

A critical success factor towards successfully deploying a collaboration infrastructure is orchestrated policy, focused resources and, well-defined process that fully leverages and unlocks technology. As a creative solutions-focused, charismatic, and passionate security evangelist Nigel Willson is available to consult as a Trusted Security Services Partner to collaboratively assist organizations to iteratively improve and optimize their security as a virtual team member in the role of vCISO, IT Security Strategist and, Architect.

Nige the Security Guy: Professional Profile

Architect Blueprint

Nigel P. Willson
Principal Security Architect
AT&T Security Solutions

Nigel Willson is a Principal Security Architect at AT&T with 30 years of experience in Security Operations, Management, Research, Development and Security Services providing thought leadership, architecture/design and practical strategy.

Nigel has responsibilities as Security SME for AT&T complex cyber security solutions across the portfolio of security consulting, managed security services and mobile security solutions.

He specializes in collaboration as both a Trusted Advisor and Virtual Chief Information Security Officer (vCISO) helping companies to evolve and improve their security capability maturity and posture in the following areas:

  • IT Security Governance, Strategy, Roadmap
  • Security Architecture & Design (including adaptive security architecture lifecycle)
  • Security Operations (including advanced threats, detection frameworks, defensible posture)
  • Threat Intelligence & Risk Management (focused on business processes)
  • Security Research & Analyst
  • Regulatory Compliance

AT&T Security Solutions is the AT&T Advanced Enterprise Solutions customer facing security opportunity team. His participation is consistently solicited by AT&T teams and AT&T customers as both a Trusted Advisor and Security SME in both the private and public sectors. Nigel joined AT&T as a Practice Director, Security via the acquisition of Callisma (AT&T Consulting Solutions) in 2005.

Prior to joining AT&T, Nigel worked as a Practice Director, Security for Avaya Converged Security as well as TCS America responsible for the development of discrete security consulting services and leading teams of security consultants. He previously worked as the Director, Security for The Walt Disney Company focused on global Internet Security for 27 business units including ABC, Disney On-Line, and ESPN.

Nigel is a former assembler programmer and reverse engineer (ethical hacker) with a diverse international background. He has worked on U.S. DoD projects developing security products and technology for the World-Wide Military Command and Control System (WWMCCS) and Military Airlift Command Deployment Flow (MACDF).

Magazine2

He is a published author of many security guides, books, magazine articles and currently operates a security-focused NigeSecurityGuy blog providing impartial practical advice and methodology on security architecture, assessments and, advanced persistent threats (APTs). Nigel also operates the ‘Solving the APT Defense Puzzle’ group on Linked-In, a reference library of useful research and topics.

Nigel was recently selected as a finalist in the InfoSec Europe 2014 Security Bloggers awards and was invited to publish an article on Leveraging Security as a Business Enabler.

Nigel’s passion is taking blog readers Back to Basics to focus on key security principles to develop a strong architectural foundation (Security Architecture Series) and from that add advanced threat defense (APT Strategy Guide) as well as security operations optimization (NG-OPS Strategy Guide).

Never doubt that a small group of thoughtful, committed citizens can change the world. Indeed, it is the only thing that ever has.”

Background Summary

  • International Background — 30 years international experience gained as security expert across England, Australia, France and, the USA.
  • Strategic Architect – Cloud-Orientated Architecture, BYOD, Mobile, Security Operations, Risk, Intelligence, Analytics, Metrics, Visualization – Situational Awareness: Detect, Contain, Investigate, Eradicate, Recover
  • Director, Security @ Disney – Establish strategic architecture team, develop successful proactive security management program.
  • Published Author – Author and co-author of many security guides, books and, magazine articles.
  • Security Consultant — 15 years thought leadership and strategy experience consulting to Fortune 500 companies.
  • Security Engineer – Developed new security protocols and products for U.S. Department of Defense (DoD), e.g., MACDF and WWMCCS. Used in Gulf War. Worked on multi-level security and covert channel prevention.
  • Reverse Engineer – Original assembler programmer, ethical hacker and reverse engineer who could analyze code and manipulate any technology, protocol or system.
  • Awards Plaque: AT&T April 2008: In Recognition of Unwavering Commitment, Steadfast Leadership and Outstanding Performance on the California State University ITRP program.

Next Generation Operations

Thanks for your Interest!

Nige the Security Guy.

NG-OPS Strategy Guide

NG-OPS Strategy Guide: Navigating the Next Generation Security Operations Ecosystem

In today’s threat environment the only constant is change. In fact, everything is changing – the way our users work, the types of adversaries we face, and the techniques hackers use to infiltrate our networks. Such threats have become even more sophisticated than ever, bringing new risks and uncertainties that require more visibility in operations — thus a Next Generation Security Operations mindset.

NG-OPS Strategy Guide

This NG-OPS Strategy Guide introduces a new blog series on the Next Generation Security Operations Ecosystem to build upon and complement our prior blog series, they are as follows:

  • Security Architecture Series
  • Security Program Best-Practice Series
  • Security Assessment Series
  • APT Strategy Series

Disruptive Shifts and Converging Trends

The past few years have set the stage for some disruptive shifts in network security operations. These shifts are driven in part by the rise of BYOD, mobility, virtualization and the cloud, which have resulted in a new level of complexity and fragmentation with distributed systems.

Occurring in tandem, the proliferation of applications and infrastructure services inside the organization requires holistic organization into trust zones based upon risk and classification (see Adaptive Zone Defense) as well as greater policy orchestration, management and, visibility across access boundaries (inter-zone).

Next Generation Operations

The ability to translate complex business and organization goals into a set of automated data center workflows is critical to not slowing down the application delivery process. It is also an essential part of making compliance and security requirements a lot easier to manage in a very dynamic environment. Network security needs to transform into agile and adaptive end-to-end automated processes. This requires a systems approach when thinking about network security.

“The threat can be broken down into three components: intent, opportunity, and capability.
Organizations need to know, ‘What is the intent of adversaries? What are the opportunities available to them?
And what capabilities do they have to exploit the opportunities?”

Felix Mohan, Senior Vice President and
Chief Information Security Officer, Airtel

The delivery of an application can trigger a cascading series of actions to ensure that the application is delivered efficiently and in compliance with any regulatory requirements. Next-generation firewalls (NGFWs) now provide the ability to implement policies based on applications, users and content, and they can provide the appropriate hooks for automation and orchestration solutions.

These disruptive shifts and converging trends have fused application and network layer functions, causing a fundamental reset of the security operations function.

  • Organizations need to shift more security resources from preventing intrusion toward rapid detection and response
  • Improving detection and response requires an intelligence-driven context-aware security approach
  • Optimizing how security technologies, resources and process work together is pivotal to scaling security capabilities
  • Automation frees up analysts to focus more on higher priority risks affecting the most critical assets and data
  • SOCs need to build collaborative cross-disciplinary teams with highly specialized skill sets to combat advanced threats
  • Evolving security operations optimizes the interplay of people, processes and, technologies to enable rapid response
  • Orchestrated management of network infrastructure will be embraced as the next big thing
  • The rise of DevOps drives much needed convergence between security and IT operations to add security by design
  • Increases need to automate and optimize security operations to more effectively leverage resources/skills shortage

People Process Policy Technology

Reducing Operational Overhead

It’s a known fact that a lot of time is typically wasted on analyzing false positives generated by technology that is not correctly baselined, customized, tuned, optimized. Depending upon the environment, false positives can often be numerous and very difficult to verify, costing analysts valuable time determining whether or not something is an event the analyst should be worried about.

The tenets for this Next Generation Security Operations series are simple:

  • Increase visibility across the enterprise to identify active threats quickly
  • Understand the business impacts to better respond
  • Utilize resources to the fullest

“People in the SOC need ways to react faster and better — they need ways to improve the efficiency of what they do.
They need ways to reduce the amount of time between the onset of an attack and the time it’s stopped or remediated.”

Rich Mogull, founder of Securosis

NG-OPS Ecosystem

In order to help organizations reduce operational overhead the NG-OPS Strategy Series will currently include the following blog articles (although topics will be added as the theme develops and evolves):

  • NG-OPS SOC Version 2.0: Build a Next Generation Security Operations Center to protect critical assets
  • NG-OPS Evolving a SOC Team: Building, Nurturing and Evolving Security Operations Staff
  • NG-OPS Operational Maturity: Migrating from Reactive to Dynamic Defense and Cyber Resilience
  • NG-OPS Automation & Orchestration: The Next Big Thing: Automation and Orchestration
  • NG-OPS Threat Modeling: Manage complex systems using a structured methodical framework
  • NG-OPS Risk Management 2.0: Shifting focus from technical assets to critical business processes
  • NG-OPS Smart Telemetry: Leveraging 3 levels of telemetry: End-point, Gateway and, Infrastructure
  • NG-OPS Security DevOps: The critical convergence of security and IT operations with DevOps 

Please feel free to propose additional topics and/or vote for which topics should get published before the others.

This new NG-OPS Strategy Guide builds upon and enhances the current APT Strategy Guide introducing a whole new set of topics into the framework.

APT Strategy Maps

APT Strategy Guide Framework

Conclusion

The era of advanced threats calls for a new approach to information security. When dedicated cyber adversaries have the means and methods to elude commonly used defenses, such as signature based detection, it is clear that conventional approaches are no longer sufficient.

The need for a Next Generation Security Operations mindset is evident across the industry. Technologies will continue to improve but in parallel we do need to ensure that we also evolve and improve our security processes as well as invaluable resources and skills. Attackers are constantly evaluating their methods and improvising new techniques. Defenders must think in those same fluid terms to keep pace.

The value proposition for a Next Generation Security Operations program includes improved security, resource utilization and, cost-effectiveness. Together with increased visibility and vigilance defensive strategies can be precisely aimed at addressing the most significant threats and protecting the most critical assets and data. Leveraging automation and orchestration the security team will have the knowledge and the cycles it needs to make informed risk decisions and invest in the right security controls.

Thinking-Security

Orchestrating People and Process with Technology

Many enterprises are looking toward 3rd party security services to help them handle some elements of their defense. But that doesn’t mean the expertise of the SOC staff will become less important. In fact, most experts agree the next-generation security analyst will have to be smarter than ever. The security staff of the future is going to need expertise not only about the domain they’re defending, but also contextual expertise to determine what combinations of events might present a threat. On top of that, they’re going to need analytical expertise so that they can determine the source of the threat — and how to stop it

Thanks for your interest!

Nige the Security Guy.