Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. www.modeldrivensecurity.org - www.policyautomation.org - www.objectsecurity.com

Tuesday 31 August 2010

"Automating configuration and security management is the best way forward" (DEFCON 18)

An interesting article states that a survey at the DEFCON 18 conference concluded that misconfigured networks main cause of breaches, and that "... automating configuration and security management is the best way forward to solving this problem....". 73% came across a misconfigured network more than three quarters of the time – which, according to 76% of the sample, was the easiest IT resource to exploit. If you add to this the studies indicating that 70%-80% of all attacks are targeted at the application layer, and that application platforms and applications themselves are at least as hard if not harder to configure and manage properly, it becomes clear that "... automating configuration and security management is the best way forward ...." also for application security. This blog has advocated security policy automation and model-driven security for years, and it is great to see this survey underscore the absolute need for it.

No comments: