DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Where Does Observability Stand Today, and Where is it Going Next?
  • Five Great DevOps Job Opportunities
  • A Freelancer's Workflow
  • Azure Migration Strategy: Tools, Costs and Best Practices
  • Blameless Integrates Incident Management Platform With Opsgenie

Home » Blogs » DevSecOps » Swim in the DevOps pool or drown in security problems

Swim in the DevOps pool or drown in security problems

Avatar photoBy: Tony Bradley on May 15, 2015 3 Comments

There has been a significant shift recently in security. Most security vendors and organizations recognize that the traditional model of keeping the bad guys out by detecting malicious exploits is flawed at best. The reality is that the bad guys are already inside the network using authorized credentials to bypass security controls and exfiltrate sensitive data. That sounds ominous but the silver lining is that DevOps changes the game and shifts the advantage back to the good guys.

Recent Posts By Tony Bradley
  • The Best Approach to Help Developers Build Security into the Pipeline
  • Better Apps and Better Security When You Shift Left
  • The Road Ahead for Security, DevOps Transformation
Avatar photo More from Tony Bradley
Related Posts
  • Swim in the DevOps pool or drown in security problems
  • How DevOps Teams Can Defend Against API Attacks
  • Are You Embedding Security for a Rugged DevOps Experience?
    Related Categories
  • Blogs
  • DevSecOps
    Related Topics
  • continuous monitoring
  • devops
  • Lancope
  • OODA loop
  • TK Keanini
Show more
Show less

There was a time when the traditional model made sense. The attack techniques used and the motivations behind the attacks were different. In recent years, however, the line between inside and outside attacks has been blurred beyond recognition. There have been some high-profile insider attacks like Bradley Manning and Edward Snowden, but the reality is that most of the “outside” attacks were perpetrated using stolen or compromised credentials. In other words there is no difference between an inside and an outside threat at the actual point of attack.

TechStrong Con 2023Sponsorships Available

Organizations have to guard against both inside and outside attacks. In almost all cases, though, the root problem is credential abuse. Whether it’s an authorized employee accessing systems or data in an unusual way or an outside attacker moving laterally through the network and exfiltrating data using compromised credentials the crucial part for an organization is to have detection methodology in place capable of performing anomaly analysis to identify concerning behavior and activity.

Improving security through DevOps

That’s where DevOps comes in. Organizations need to have continuous monitoring in place. Anomalous activity isn’t something you can just conduct a daily or weekly scan for. If you don’t detect the activity in real-time and do something to stop it immediately the damage will already be done by the time you retroactively review log data and discover the breach.

Things are heading in that direction—but slowly. The good news is that DevOps seems to be picking up steam as more security vendors and organizations face the reality that the traditional security model can’t effectively protect against attacks.

“The DevOps movement is really gaining momentum but unfortunately still small,” agreed TK Keanini, CTO of Lancope. “It is a small but passionate community that can do nothing else but grow and help fill a void as we move from traditional enterprise IT to Internet IT. The tempo of DevOps is its major security feature and—with the principals of John Boyd’s OODA loop—has a winning formula to make it too expensive for adversaries to attack.”

DevOps isn’t just a trendy way of providing or delivering security. The security vendors themselves are also starting to embrace DevOps internally as a means of keeping up with attackers and working to develop new tools and techniques more effectively and efficiently.

Keanini explained that everyone will be moving to DevOps over the next 3 years—just not all at the same time. “Where IT was infrastructure and development was applications, suddenly infrastructure is the application or you could say that applications have become infrastructure but in either case, the business is forced to redraw the org charts and redo the processes.”

Jump in! The water is great

Attacks are relentless and attackers are nothing if not innovative. If you’re using yesterday’s security tools and techniques to defend against last week’s attacks and attackers you’ve already lost. Organizations need to move faster to stay ahead of attacks, and the most effective way to accomplish that goal is to incorporate DevOps tools and principles into the security model.

Keanini summed up with, “It is exciting and I encourage folks to start jumping off the diving board as they are filling up the pool.”

Filed Under: Blogs, DevSecOps Tagged With: continuous monitoring, devops, Lancope, OODA loop, TK Keanini

« Survey: Fed gov cloud success hinges on DevOps
Why I Dislike The Term ‘DevOps Culture’ »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Automating Day 2 Operations: Best Practices and Outcomes
Tuesday, February 7, 2023 - 3:00 pm EST
Shipping Applications Faster With Kubernetes: Myth or Reality?
Wednesday, February 8, 2023 - 1:00 pm EST
Why Current Approaches To "Shift-Left" Are A DevOps Antipattern
Thursday, February 9, 2023 - 1:00 pm EST

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

Where Does Observability Stand Today, and Where is it Going Next?
February 6, 2023 | Tomer Levy
Five Great DevOps Job Opportunities
February 6, 2023 | Mike Vizard
Azure Migration Strategy: Tools, Costs and Best Practices
February 3, 2023 | Gilad David Maayan
Blameless Integrates Incident Management Platform With Opsgenie
February 3, 2023 | Mike Vizard
OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
February 2, 2023 | Richi Jennings

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
February 2, 2023 | Richi Jennings
Automation Challenges Holding DevOps Back
February 1, 2023 | Mike Vizard
New Relic Bolsters Observability Platform
January 30, 2023 | Mike Vizard
Jellyfish Adds Tool to Visualize Software Development Workflows
January 31, 2023 | Mike Vizard
Cisco AppDynamics Survey Surfaces DevSecOps Challenges
January 31, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.