Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Transforming IT
cancel
Showing results for 
Search instead for 
Did you mean: 

Is Software-Defined Security “SDSec” Just Another Layer of Tinfoil?

TSchreider

Tin_foil_hat_2.jpgTinfoil hats were first introduced in the 1927 fiction short story, “The Tissue-Culture King.” The story describes how hats of metal foil could be used to block the effects of telepathy.  The goal of the tinfoil hat was to block information transmission without physical interaction.  Similarly, today’s threat vectors no longer need physical interaction as they can be and are increasingly virtual. So with that said, can’t we all just put hats of foil on and be done with it?

 

Well not really. Although SDSec can and will grow to be an effective approach to virtualized and automated security, it cannot operate as an island.  In order for SDSec to be effective, it must be part of a holistic protective ecosystem.  The ecosystem requires people, policies/procedures, processes, products and proof.  At HP, we call this, the P5 Model.  By following this model, one can ensure that all aspects of security within the Software-defined Data Center (SDDC) are open and programmatically accessible. A tinfoil hat (solely) will just not do.

 

I see SDSec occurring in two waves. The first wave will be the automation of the basic blocking and tackling security tasks (e.g., next-generation Firewalls, IPS’, SIEM, etc.). This automation will be closed loop and eliminate as much human interaction as possible.  Subsequently, IT security staff will be available to perform high-value security analytics and activities. Wave two, will incorporate business logic to drive security behavior as well as advanced threat forecasting to drive predictive models of protection toward unknown attacks. The automation of security tasks will remove the need to orientate our security organizations toward protecting against known threats. After all, if we know it is coming, shouldn’t we put into place automated measures to thwart the threat?

 

Therefore, my point is, SDSec’s time has come. It will not come over night and it will not be a singular solution solving all security woes. It will however, advance your security program to a level of functionality and effectiveness far superior to the classic tinfoil hat approach.   

 

I would love to hear how many layers of tinfoil your data center has protecting it, so either drop me a line or just telepathically let me know.  

0 Kudos
About the Author

TSchreider

Tari is a Distinguished Technologist with 30 years of IT and cyber security experience. He is dual board certified in information security/business continuity and is responsible for a wide range of management and technology consulting services encompassing information security, disaster recovery, privacy, and risk management. His problem-solving skills, knowledge of various technology platforms, compliance statutes, industries, as well as his experience in deploying defense-in-depth and InfoSec Program solution architectures is commonly applied when advising CIOs/CISOs as well as leveraged in numerous HP client engagements throughout the world. Tari has designed, built, and managed some of the world’s largest InfoSec programs allowing them to defend against even the most aggressive attackers.

Labels
Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all