Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Paper
Bit9
+
Carbon
Black
Can
Empower
An
Integrated
Cybersecurity
Architecture
for
Automation
and
Orchestration
By
Jon
Oltsik,
Senior
Principal
Analyst
July
2015
This
ESG
White
Paper
was
commissioned
by
Bit9
and
is
distributed
under
license
from
ESG.
2015
by
The
Enterprise
Strategy
Group,
Inc.
All
Rights
Reserved.
White
Paper:
Bit9
+
Carbon
BlackIntegrated
Cybersecurity
Architecture
2
Contents
Overview
.....................................................................................................................................................
3
How
Does
An
Integrated
Cybersecurity
Architecture
Work?
..................................................................................
5
Customer
Use
Case
for
ICOP
Integration
with
Bit9
+
Carbon
Black
............................................................
6
The
Bigger
Truth
.........................................................................................................................................
7
All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The
Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are
subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of
this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the
express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and,
if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188.
Overview
Enterprise
security
professionals
claim
that
all
aspects
of
cybersecurity
have
become
more
difficult
over
the
past
few
years.
Why?
ESG
research
points
to
a
few
overriding
factors,
including:
The
dangerous
threat
landscape.
Ominous
cyber-threats
are
top
of
mind
within
the
infosec
community.
For
example,
38%
of
security
professionals
say
that
network
security
has
grown
more
difficult
as
a
result
of
an
increase
in
sophisticated
malware,
32%
point
to
an
increase
in
targeted
attacks,
and
25%
equate
malware
volume
with
security
issues.1
Increasing
and
sophisticated
cyber-threats
have
a
negative
impact
on
security
tasks,
controls,
and
oversight.
Whats
the
problem?
We
have
IT
complexity.
Security
professionals
are
addressing
the
too
many
alerts,
too
many
treacherous
threat
landscape
as
the
IT
infrastructure
evolves,
incident
detection
technologies,
expanding
the
global
attack
surface.
For
example,
36%
of
organizations
say
they
have
increased
the
number
of
devices
and
not
enough
security
people!
with
access
to
the
network,
making
security
tasks
more
--Media
Company
difficult,
while
21%
claim
that
increasing
use
of
cloud
computing
is
making
security
more
difficult.2
As
every
security
professional
knows,
complexity
is
the
enemy
of
security.
Clearly,
IT
adoption
of
cloud
computing
and
mobile
applications
is
making
security
more
complex
and
difficult.
Existing
security
processes
and
technologies.
Enterprise
security
often
depends
upon
an
army
of
point
tools
and
complex
manual
processes.
This
forces
cybersecurity
professionals
to
mitigate
risk
and
investigate
security
incidents
on
a
tool-by-tool
basis
which
can
be
extremely
time-consuming
and
error-prone.
This
situation
is
especially
troubling
in
light
of
the
global
cybersecurity
skills
shortageESG
research
indicates
that
28%
of
organizations
have
a
problematic
shortage
of
IT
security
skills.3
In
summary,
cyber-adversaries
are
rapidly
advancing
their
tactics,
techniques,
and
procedures
(TTPs)
while
enterprise
security
defenses
improve
incrementally.
This
imbalance
is
creating
a
growing
IT
risk
gap
(see
Figure
2)
an
ominous
situation
that
is
getting
more
and
more
attention
in
the
boardroom.
1
Source:
ESG
Research
Report,
Network
Security
Trends
in
the
Era
of
Cloud
and
Mobile
Computing,
August
2014.
2
Source:
Ibid.
3
Source:
ESG
Research
Report,
2015
IT
Spending
Intentions
Survey,
February
2015.
Source:
Enterprise
Strategy
Group,
2015.
Recognizing
the
problems
described
above,
CISOs
are
actively
creating
cybersecurity
strategies
that
bridge
the
IT
risk
gap.
In
fact,
ESG
research
indicates
that
52%
of
cybersecurity
professionals
say
that
prevention
and
detection
of
cybersecurity
incidents
are
the
most
important
strategic
priorities
at
their
organizations.
To
accomplish
this,
48%
say
that
they
need
to
build
an
integrated
cybersecurity
architecture
featuring
central
command-and-control
(i.e.,
policy
management,
configuration
management,
reporting,
etc.)
and
distributed
enforcement.4
In
the
past,
this
meant
ripping
and
replacing
existing
security
tools
with
product
suites
from
a
single
vendor,
but
wholesale
cybersecurity
technology
replacement
is
difficult,
if
not
impossible,
as
it
can
be
resource-intensive,
time-
consuming,
and
cost-prohibitive.
Fortunately,
many
enterprises
are
pursuing
an
emerging
alternative
strategy.
Organizations
are
actively
integrating
their
security
tools
into
a
common
cybersecurity
architecture
to
accelerate,
automate,
and
orchestrate
cybersecurity
processes
for
incident
prevention,
detection,
and
response.
In
fact,
multiple
types
of
integrated
cybersecurity
automation
and
orchestration
architectures
are
emerging,
including:
Open
source
software.
In
May
of
this
year,
media
darling
Netflix
announced
the
open
source
release
of
FIDO
(fully
integrated
defense
operation),
its
system
for
automatically
analyzing
security
events
and
responding
to
security
incidents.
FIDO
is
available
for
download
on
GitHub.
US
Federal
Government
initiatives.
Several
US
Government
agencies
are
engaged
in
projects
similar
to
FIDO.
For
example,
the
Department
of
Defense
(DoD)
is
working
on
an
ICOP
effort
called
the
Integrated
Active
Cyber
Defense
(IACD)
and
collaborating
with
the
Department
of
Homeland
Security
(DHS)
on
a
similar
project
dubbed
the
Enterprise
Automated
Security
Environment
(EASE).
4
Source:
ESG
Research
Report,
Network
Security
Trends
in
the
Era
of
Cloud
and
Mobile
Computing,
August
2014.
ISV
products.
Cybersecurity
startups
such
as
Hexidite,
Invotas,
Phantom
Cyber,
and
Resilient
Systems
are
developing
and
marketing
turnkey
ICO
architectures.
Source:
Enterprise
Strategy
Group,
2015.
With
the
ability
to
automate,
integrate,
and
orchestrate
cybersecurity
tools,
processes,
and
workflows,
an
integrated
cybersecurity
architecture
represents
a
potential
cybersecurity
game
changer.
In
fact,
ESG
believes
that
an
integrated
cybersecurity
architecture
can
be
valuable
for
all
three
CISO
priorities
represented
in
the
CISO
triad:
1. Security
efficacy.
By
aggregating,
enriching,
and
contextualizing
cybersecurity
telemetry,
CISOs
can
use
an
integrated
cybersecurity
architecture
to
fine-tune
security
controls
for
incident
prevention,
and
fast-track
incident
detection
and
response.
This
can
greatly
decrease
the
dwell
time
of
typical
malware
kill
chains
and
thus
lower
the
risk
associated
with
cyber-attacks.
2. Operational
efficiency.
An
integrated
cybersecurity
architecture
can
help
the
security
team
work
smarter
rather
than
harder
by
automating
manual
processes
and
workflows
as
part
of
security
investigations,
analysis,
and
remediation
activities.
3. Business
enablement.
Armed
with
the
automation,
integration,
and
orchestration
capabilities
of
an
integrated
cybersecurity
architecture,
CISOs
can
improve
incident
prevention,
detection,
and
response.
This
puts
organizations
in
a
better
position
to
capitalize
on
cloud-
and
mobile-based
business
processes
that
can
increase
IT
attack
surfaces.
Customer
Use
Case
for
ICOP
Integration
with
Bit9
+
Carbon
Black
ESG
is
extremely
bullish
on
the
rise
of
integrated
cybersecurity
architectures,
especially
since
the
technology
is
available
today
and
being
implemented
at
a
growing
number
of
organizations.
ESG
recently
spoke
with
several
enterprise
cybersecurity
professionals
whose
organizations
are
rolling
out
integrated
cybersecurity
architectures
using
Bit9
+
Carbon
Black
technologies
as
part
of
these
projects
in
the
following
ways:
Security
controls
and
remediation.
Security
professionals
really
liked
the
flexibility
of
using
Bit9
to
improve
prevention
and
Carbon
Black
for
response.
For
example,
one
organization
was
able
to
use
Carbon
Black
to
remediate
systems
without
requiring
a
full
system
reimaging
while
another
used
Bit9
to
blacklist
malicious
applications
and
files.
Security
professionals
were
also
quick
to
say
that
Bit9
+
Carbon
Black
tools
were
built
for
integration.
This
seems
to
be
the
case
as
the
products
feature
open
APIs
and
a
message
bus
that
are
easily
accessible
through
things
like
JavaScript
controls.
In
fact,
the
company
offers
a
version
of
its
RabbitMQ
message
bus
free
for
download
so
customers
can
experiment
with
integration
as
part
of
their
proof-of-concept
projects.
In
summary,
Bit9
+
Carbon
Black
is
focused
in
two
valuable
areas:
1)
creating
best-of-breed
endpoint
security
technologies,
and
2)
designing
its
endpoint
security
products
for
ICOP
integration.
Given
this,
CISOs
looking
to
modernize
endpoint
security
and
implement
an
integrated
cybersecurity
architecture
would
be
wise
to
contact
Bit9
+
Carbon
Black
to
explore
how
its
products
align
with
their
cybersecurity
strategies
and
objectives.