Cisco Systems, Inc. - Special Call - SEHK:4333
SEHK:4333
Natalie Timms [Executives] 💬
Natalie Timms presented a webinar on the "Blueprint for Threat Detection and Response," focusing on preparing organizations for implementing an Extended Detection and Response (XDR) system. Here’s a detailed summary of her presentation:
Introduction
- Natalie begins by thanking attendees for joining the session.
- She mentions that the session will focus on readiness for XDR systems, emphasizing the importance of understanding the organization's environment and expectations.
Key Points
Blueprint Concept
-
Blueprints and Foundational Knowledge:
- Importance of gathering foundational knowledge to define an organization's business and associated IT requirements.
- Forms the basis of a security policy and serves as a baseline for security posture.
- Enables gap analysis and is integral for compliance frameworks and mandates.
-
Components of Blueprint:
- Organizational Knowledge: Identification of roles and responsibilities, processes, and resiliency.
- Security Policy Elements Knowledge Base: Representation of organizational goals and objectives through flows and context.
- Technological Capabilities: Protecting the organization and enforcing the security policy.
Importance of Planning
- Benjamin Franklin Quote: "If you fail to plan, you are planning to fail!"
- Baseline for Comparison: Necessary for measuring success and tuning threat detection systems.
- Evolution and Enhancement: Requires detail and accuracy to adapt and improve security policies.
- Compliance Enforcement: Enforces roles and responsibilities.
Organizational Knowledge
- Business Functions and Structure: Understanding the organization's functions, users, and interactions.
- Specific Requirements: Related to industry or government, such as PCI compliance or residency requirements.
- Operational Goals, Metrics, and Processes: Documented processes for various operations.
- Service-Level Agreements (SLAs): Importance for service providers and consumers.
- Operational and Planning Requirements: Data handling, critical assets, audit logging, etc.
- Goals: Engaging stakeholders, fostering a security-aware environment, and defining baselines for planning and response.
Security Policy Elements
- Policy Elements: Rules based on foundational knowledge, defining user groups, assets, and flows.
- Network Topology: Designing topology based on organizational needs and placing critical infrastructure.
- User Groups: Metrics for communication and interactions.
- Assets and Devices: Software versions, vulnerabilities, and security needs.
- Goals: Based on least privilege principle, baseline for threat detection, and identifying gaps.
Technological Capabilities
- Evaluation of Assets: Vulnerability standpoint, operating systems, and patching.
- Logical and Physical Network Design: Best practices for security.
- Technology Evaluation: Capabilities perspective, redundancy, and security features.
- Routing and Forwarding: Performance and resiliency planning.
- Goals: Deployment of security policy, budgeting, and planning.
XDR Readiness
- Visibility and Context: Blueprints provide visibility and context around security policy, similar to XDR.
- Policy Validation: XDR validates security policy through assessment of telemetry quality.
- Telemetry Consumption: Normalization of log information from enforcement points.
- Analytics and Detections: Attributes used for detection and analytics.
- Visibility Across Components: Correlating alerts and observables across the network.
- Critical Assets and Responses: Assigning asset values and automated responses based on frameworks.
Validating Security Policy
- Zero Trust Architecture: Using XDR to validate zero trust tenets.
- All data sources and computing services as resources.
- Access granted on a per-session basis.
- Measuring security posture of owned and associated assets.
- Dynamic policy enforcement.
- Authentication and authorization mechanisms.
Closing Remarks
- Natalie emphasizes the importance of planning and understanding requirements before deploying XDR systems.
- She highlights Cisco XDR as a tool that facilitates this process and encourages attendees to explore it further.
- Natalie stresses the value of human expertise in building security policies and recommends partnering with trusted advisors for guidance.
Conclusion
- Mark Watts thanks Natalie and attendees for participating in the webinar.
- He reminds attendees to complete the survey for feedback.
Natalie’s presentation provides a comprehensive guide on preparing organizations for XDR implementation, emphasizing the importance of planning, foundational knowledge, and technology capabilities.