Role of Trust in Intelligence Sharing and Automated Operations I
Facebook Twitter LinkedIn

Role of Trust in Intelligence Sharing and Automated Operations I

Combined Session
Thursday, October 10, 2019 13:00—14:00
Location: Murrow-White-Lisagor

Insights for Secure API Usage in Conjunction with Security Automation and Orchestration

Organizations are expanding the use of automation and orchestration in their security operations. An indication of this is the sharp rise in the adoption of Security Orchestration Automation and Response (SOAR) platforms. The security of these platforms is a key concern, and in particular the security of Application Programming Interface (API) keys used by both the SOAR platform and Security Operations Center personnel. The exposure of APIs from security tools is crucial to permitting automation and orchestration, however it is also important to secure the usage of these capabilities. This presentation highlights methods for securing API usage and ways to remediate compromised API keys.

Security Orchestration Automation and Response (SOAR) adoption is predicted to rise from 1% to 15% from 2018-2020. This rapid growth is currently being realized by the explosion of options available within the SOAR marketplace. Organizations are adopting SOAR in order to adapt to the speed and scale of threats in the current cyber landscape. SOAR platforms are becoming a hub within the stack of security tools employed by an organization. This adoption is also driving the increased exposure of features from security tools via Application Programming Interfaces (APIs). These APIs are crucial to permitting the automation and orchestration of security operations, however the exposure of these capabilities provides a new attack surface with which attackers can exploit. To help address this concern, the Integrated Adaptive Cyber Defense (IACD) program has conducted research to help identify best practices for API security. As automation takes on an increasingly larger role in cyber defense, it is important for organizations to secure these new capabilities to ensure they are not abused.

Through our initiatives and pilots in various critical infrastructure sectors, IACD has found that most SOAR platforms provide basic mechanisms to protect API keys. However, IACD believes that the usage and security of these APIs is often overlooked, and more should be done to secure them. Recent findings have found that many of these keys are issued and utilized with more access features than needed for specific tasks and are occasionally distributed widely throughout an enterprise's infrastructure. There have also been instances where API keys have also been compromised by attacks and used by cyber attackers to access sensitive data. 

This talk will provide a summary of recent research and current industry best practices to protect API usage through gaining visibility to all API requests, rapid banning and re-issue of compromised API keys, controlling which requests an API may issue based on the asset making the request, and controlling which assets are allowed to use which API key for specific requests. A Q&A session with the audience will be held at the end to discuss current concerns with API security.

This talk will be provided by the IACD integration team, which has hands-on experience with a large variety of SOAR solutions and has been developing capabilities for security orchestration and cyber information sharing since 2014. IACD has continuously provided impartial technical guidance for all enterprises and has been instrumental in the creation of a large community throughout academia, industry, and critical infrastructure to further the use and development of the IACD framework.

Attendees will learn techniques to address the risks associated with the rising convenience of automation, proactive vs. reactive automation practices, and will help mitigate current security gaps faced by organizations with and without security automation.

Key take-aways:
Attendees will learn best practices for managing API usage through the use of an API gateway. Additionally, remediation methods will be explored to address compromised access of security tools via stolen API keys.

 

Insights for Secure API Usage in Conjunction with Security Automation and Orchestration
Presentation deck
Insights for Secure API Usage in Conjunction with Security Automation and Orchestration
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Cody Bramlette
Cody Bramlette
JHUAPL
Nam Le
Nam Le
Johns Hopkins University APL

Signed Control System Firmware, Parts, and Documents—Opportunity or Pain?

Several years ago, aviation OEMs began creating crypto graphically signed parts (called Loadable Software Aircraft Parts-LSAP) to be installed onboard an aircraft; this was true not only for the latest e-Enabled aircraft such as the Boeing 737MAX/787 Dreamliners, or Airbus A220s, but also older aircraft such as the Airbus 319s, and includes software updates, configurations, and carrier-specific data such as thrust control, and navigation data.

While understanding that maintaining the integrity of onboard components and assuring that aircraft are safe to operate, or that changes came only from a valid and authorized source, LSAPs introduced several potential issues for aircraft operators. You might even ask how does one compare aviation to ICS? Well...

To contrast aviation against the ICS/SCADA and critical infrastructure world, aircraft share many commonalities such as uptime, safety, reliability, third-party vendors and more. And, in fact, there are hundreds of embedded parts onboard each aircraft, and might even be akin to roaming "sites" that require the utmost rigor when managing, operating, and maintaining.  Therefore, it might be fair to assume - aviation may have arrived at signed firmware before the ICS/critical infrastructure world.

Unfortunately, the advent of new secure industrial devices are upon us with standards such as ISA-62443, and so many of the short falls/challenges that are present when dealing with large scale Public Key Infrastructure (PKI), certificates, signing, part/firmware/project stores and skills/resources will likely rear their heads in the near future for asset owners.  And it is here that, we as a community need to create solutions that automate, minimize solution overhead, and properly enable critical infrastructure operators to employ adequate security when managing cryptographic primitives, lists, and secure files.

This session is dedicated to:

Ronald Brash
Ronald Brash
Verve Industrial

Tickets

CyberNext Summit & Borderless Cyber
€700
€1000
 
All days: Oct
Two day ticket
€550
€750
 
Day 1 + Day 2
€550
€750
 
Day 2 + Day 3
€550
€750
 
Day 1 + Day 3
€550
€750
 
One day ticket
€300
€500
 
Day 1
€300
€500
 
Oct
Day 2
€300
€500
 
Oct
Day 3
€300
€500
 
Oct
CyberNext Summit & Borderless Cyber - Gov. rate
€360
 
Government rate, All days: Oct
Two day ticket - Gov. rate
€295
 
Day 1 + Day 2
€295
 
Day 2 + Day 3
€295
 
Day 1 + Day 3
€295
 
One day ticket - Gov. rate
€230
 
Day 1
€230
 
Oct
Day 2
€230
 
Oct
Day 3
€230
 
Oct
Have you participated in our events?
Contact us to get a special discount
Subscribe for updates
Please provide your email address