Looking at the assumptions underlying threat analysis tools in general, this session will examine how network virtualization, micro-segmentation and automation of policies are improving fundamental security properties such as context, visibility and threat containment, improving significantly the efficiency of these tools
We will first look at the assumptions underlying threat modeling in general, the biggest one being that by collecting more information from diversified sources, we should be able to zoom in on compromised systems and attacks that currently go unnoticed before a data breach or companywide lockdown is required.
By quickly reviewing the anatomy of an attack, we are going to show that while visibility is improved with additional logging, threat prevention solutions do not provide for better context and containment because our security architectures are not implementing a least privileges approach.
Enter virtualization in general and network virtualization more specifically. Perimeters are now dissociated from the physical infrastructure and can relate to a compliance scope, an application, etc. with tools in which you can “drop” your application and get a finger print of it, enabling a least privileges model. SDN provides also a “security control plane” in which policies can now be expressed in a declarative fashion and enforced for each virtual service.
By moving to such a model, we improve visibility and context, allowing the threat modeling tools to do their job in a significantly more effective manner. Furthermore, a least privileges approach provides better containment by design, thus providing more time for the threat analysis tools to do their job.