扩展敏捷组织的安全由英国石油公司的数据分析

——欢迎大家。谢谢你今天加入谈话,云和COVID和安全转变,他们的思想对很多我们在安全社区。如今,随着组织越来越多的移动到云计算和安全团队有更多的要求,我们必须保持混合的基础设施,我们必须保持多重云基础设施。我的客人今天是安全行业有20年经验的老兵。他所做的一切,从被审计作为一个首席信息安全官。他看到多个安全行业的拐点和社区在过去20年左右。今天,他会和我们谈谈新的转折点,他看到周围的安全团队如何使组织或业务本身,而不是。所以,没有进一步ado,丹尼斯,欢迎来到谈话。你过得如何?

——太棒了。我在做伟大的Monzy,谢谢你邀请我,给我这个机会与你们分享我们的旅程和观众。

——所以丹尼斯,我们就直接进去。给我们一点介绍BP和为什么这安全对话是非常重要的。

-是的。我的意思是,有趣的是,在整个能源产业大规模破坏,对吧?特别是,在石油和天然气工业。我认为有很多,如你所说,COVID,数字转换的流行和发生无处不在但特别是在能源行业,有这个巨大的向低碳能源转变的必要性,对吧?和英国石油公司已经宣布自己是一个有意识的决定在他们的雄心零到2050年或更早。所以,未来十年将是一个巨大的旅程把自身从一个国际石油公司BP综合能源公司,对吗?和使用数字创新的驱动程序。真的是重新思考整个能量范式为我们的人民,我们的星球,对吧?这意味着我们真的需要重塑自己作为一个公司和安全不是不同的,对吧?所以,我们还需要形式改造的一部分。

——这是惊人的。所以,你真的是驾驶安全从业务驱动的努力和真正的角度敏感业务。所以,如何转换为你的团队发生吗?你是安全工程主管,有什么大项目对你的介意吗?

——是的,我认为这意味着相当多的安全。我总是发现角度安全如何提供价值。我认为关键是,我会看到,哦,伯内特鲁尼,它说,“我们不能独自做到这一点。“对吧?这是非常真实的,这些困难的问题,对吧?我们要与大量的合作我们…,合作伙伴,合作。bob体育外网下载会有比以往更多的数据共享。所以,能够促进整个创新周期来寻找新技术,将拯救地球的能源挑战或新的电池技术,将使我们任何的低碳技术,或更有效率的操作,我们需要帮助,对吗?我们需要以一种安全的方式来促进。所以,我认为安全发挥了巨大的作用。我总是谈论这种二分法,错误的二分法和真正的二分法。 A false dichotomy is this, “We need to compromise privacy for security,” “or security for privacy.” And then, you’ve got this true dichotomy which is, “How can we set the data free, securely?” And that’s a challenge that we have. So, we need to enable the business in that side. So, that’s one piece, how can we enable the business, the people building, the digital builders building things, that’s our first thing. And the second thing is to facilitate transition through innovation, how can security ourselves use technology more? How can we use AI? How can you use ML? How can we use big data? How can we use the cloud, you know, sort of technologies more natively. So, in other words, we’ve got a legacy in large scale data. We stream today over 5 billion events per day, right? And that’s growing, that’s growing. So, how can… We can’t do that with the old way of doing things, we need to think about different things. So, I think we have a very exciting role to play in this value chain.

——非常酷。所以,你真的看安全作为一个推动者加速业务前进。和你也采取这种方式思考这个真正的二分法,你相信,这不仅仅是关于如何保护信息,说“是的”,“号”,但实际上我们如何接受这样的未来,因为它是必需的。负责任地安全负责共享,共享正确和真正使用大数据技术和ML和人工智能类型的技术到混合物。所以,当你思考,跟我们一点,我的意思是,这听起来像是有味道的规模,这将是必需的,因为现在你分享很多很多的信息。可能有很多自动化的元素。如何进入你的思想吗?

-是的。规模很有趣,因为我认为这就是问题所在。我想我们真的不规模。特别是过程等等,那么我们需要共享信息。我的意思是说,有一件事是前面和中心,正确的,数字的信任。所以,我们需要确保相信消费者和客户放在我们总是保持。所以,我只是想确保的。但我的意思是,规模是最大的问题。我们需要规模从技术的角度来看,我们需要规模从过程的角度,从人的角度来看。从技术的角度来看,很明显,现在朝着云本机技术但真的拥抱这些架构,正如我之前说的。 I think the second thing is process wise, if I go back to the agile manifesto, individuals and interactions over process, as much a process as we need, how can we orchestrate and automate some of those processes? So, that’s a key thing. And then, people wise, there’s a massive shortage, in the industry. And you don’t find those unicorns in the security industry. We talked about always how many people or how many people you have versus people well security people, you know, even have less of, right? So, I think those are true so how can we build the knowledge we have into the platforms, codifying it so we can scale from that perspective. So, that’s really, I think, what we have ahead of us. When we moved to the cloud we made a conscious decision that we were not gonna take the legacy with us. And we’re going to use this as an opportunity to transform how we architect security and how we architect things, how we architect teams, is actually, has a direct impact on what the result is or what comes out. I think that that was… It’s not only the technology but it’s also a team architecture of how we think about things. So, that’s key. We do have a dual cloud strategy and, you know, like many other companies you’d be working with two or three types of clouds. So, I think it’s key there that we have some core components that always data, identity, protection, security, using platforms like Databricks to make sure we have a harmonized layer across everything and we can keep that visibility which the cloud sometimes is a challenge because of the scale. So, I think those are fundamental elements that we can do. And that’s fundamentally, at the core of it is, when we talk about scale, we talk about data permits us to automate, which permits us to scale. And if you follow that through, it always plays true. That permits us to have frictionless and pace, right? So, I think that that’s at the core of our philosophy of how were we gonna scale.

——我真的很喜欢你只是用表达式,该数据允许您创建自动化,允许您创建规模。因为通常我们认为的规模而言,我们将如何规模我们获得数据或存储数据的能力。你几乎会进一步下降,杀伤链,可以这么说,说,这不仅关乎收集大规模,但它是关于你如何分析,如何创建自动化技术的扩展能力。现在,我想通常人们谈论自动化和我谈过你几次。你有一个非常特殊的自动化和意味着什么。所以,与观众分享你的观点有点。

——所以,是的,这是个好问题。我的意思是,我真的觉得很有意思,这是只是在过去几年已经到了我的头但是自动化总是联系在一起的,你知道,做事做事更快和更便宜。但实际上我认为自动化带给我们,它让我们以不同的方式思考。当你东西就像行为工程自动化。你把一个开发者,你把一个问题,你得到一个解决方案。但是它让我们认为比declaritively,它迫使我们去思考,我们的流程是如何工作的以及如何设计。所以,这是它的巨大价值,显然,把事情更快、成本更低。更声明性是很好的,因为当我们与我们的客户交互,开发商的建筑商,组装的人创新的解决方案,在传统安全交互不是…是很主观的,它不是很客观。更声明在这个关系,期望是什么。你可以回到你知道,当有人激励理论有清晰的目标和目标和期望是清晰的,它只是一个更好的关系。 It’ll be a happier relationship in general. And I think that helps us you know, to codify what expectations are with the other parties, with the developers. That’s what I think automation really brings us. And in the end, I think it’s about, you know, making sure that the CSOs, future CSOs will be judged on their ability to enable those digital innovation teams, those digital builders. You know, there is simply less of an appetite for control, that is a reality but I think we can still keep that control if we change the way we think about things through automation and be much more declarative around our policies. So, I mean, I’m really excited for that challenge, orchestration around automation is fundamental. We’ve automated many things, right? I think we’ve done things with data and automation around self servicing, our vulnerability management processes. We’re able to collect information around our usage of all our dashboards so we can remove access early. And basically nudging users when something is of risk. So, nudging theory but using data behind it for security purposes. So, it’s just the beginning really. I mean, all that data was there latent and platforms like big data platforms, like Databricks accelerates that journey, especially for the developers. Get running very quickly. We don’t have to worry about the infrastructure. If more clusters are scaling properly. We could just get straight to it. So, I think that’s really useful in our automation journey.

——所以,砖是担任这一层,允许您在规模和弹性,是去使您可以做的事情很多,真正创造价值就像你说的,这些数据在那里,这是潜在的但现在可以使用它。的另一个东西,你过去和我分享,我认为是一个非常激动人心的故事常常当大数据是讨论在安全上下文中,我们谈论在检测的背景下坏事或…无论是用户行为的检测还是威胁检测和异常检测等,特别是在机器学习上下文。但你和我分享的故事,我认为很有趣是围绕这些脆弱性管理高峰和团队创造了这些,我认为你晴雨表,呼吁个人。和观众讨论数据的挑战,以及可能的结果,也许从文化方面,以及从技术的角度来看。

-是的。我想谈文化,你知道的,在正常的技术安全社区是一种…感觉很尴尬的逃离,但真正的底部,你可以看到人们在谈论它越来越多的因为它是真正的是你如何改变?你如何创建一个不同的文化在安全吗?安全的选择,对吧?如何实现呢?我有几个例子。我的意思是,一个是我们的网络指标,对吧?和我研究,商业和行为经济学和行为科学,是我们如何应用网络吗?基本上是一个晴雨表仪表板,我们表面的人。这是我最成功的产品之一,安全产品在我们的数字安全实践在英国石油公司。 And it’s great because it creates lots of conversations, typical things. Why am I a 65 and not a 75? And why am I, you know, yellow and not green? The important thing is it drives the conversation. And especially around a topic like security, which is a normal topic to discuss about. But definitely, what it makes us think about, we’ve built that whole platform on again, on components that data breaks together with visualization layers like BI and on the Azure infrastructure. But it’s a great success from my perspective around “are you driving the right outcomes?” The typical conversation is some people are interested, why the scores are high and what they can do about it. Others are like, “If I do this, will my score go up?” And that’s not the behavior we want to drive. So, it’s in “are we building products “that are driving the right outcomes “to our consumers and our users?” “Are we making them choose the safest path, “transparently?” So, that’s one culture we wanna drive. The other culture’s in the development building community. So, we do threat modeling, we try and drive a different culture there, making them think about things, what could go wrong very early in the process in the life cycle, around the application development. And we’ve had great results on that, which you are measuring again through data. We’re taking all that data and we’re surfacing all that data to the developers in a dashboard, using platforms like Databricks. Again, to give them, very early insight into what’s going on. There’s this rapid feedback loops which are so important in agile. Again, there’s a different culture to shift. And then, finally, I mean, how do we drive, that the greatest things to drive is a culture change within the security teams is to give something back to the community. We take so much from the community and it’d be great to give back to the open source community. So, on that topic, I mean, it’s great to announce in the week of the 2nd of November week we have released a spot based safe reader, which is… we’ve developed within the security group that permits people to go and do normal SQL queries without any programming anything directly against SEF format, SEF is common event format. So, everywhere within the security, tooling has been knit together from many different sources. And I think that permits people to go directly into the note box and basically you don’t have to transform any information, you just can use this reader and you can go and do a query directly against SEF, wherever it is stored, in S3 or Azure Blob, wherever you have it. And we feel very proud that we are able to give a little bit back of so much that we take back from the community. So, again, all those things combined, all those things combined.

——所以,你叫几个不同的东西。第一我要再次强调点海基会读者,它允许任何人把数据和火花的小子读者吗?

——是的。

——因此,它允许任何人拿数据,能对这小子格式化数据的SQL查询,不管数据从何而来。所以,这是关键。第二个关键点是英国石油公司的公共GitHub上可用。

-是的。所以,如果去GitHub削减VP和他们可以贡献。如果我们可以改善它,但是你可以在砖平台上运行,你可以得到今天的好处。bob体育客户端下载

——非常酷。然后第二块回去从文化的角度来看,你谈论的是真正安全的概念变得更加的谈话,但在战术方面,它不是某种你知道,天上掉下的馅饼,一个随机的想法或只是很高兴谈论的是你的弱点,我几乎说你脆弱性管理通过创建这个激动人心的晴雨表,这样人们可以,对不起,人们可以有一个讨论。他们可以看到他们在哪里。他们可以测量自己的行为,他们可以看到他们采用的改进和修改,修改他们的行为。,这不仅仅是在为个人用户,我们称之为业务用户的角度看,而且你的开发人员使用,作为一个功能,这样所有的开发生命周期插入。所以,他们不是,例如,等待代码发布漏洞检查,例如,好几天,他们现在可以很快。所以,这是其他重要的事情。去做吧。

-是的。我的意思是,我们开始我们的旅程与终端用户和我们的晴雨表的开始。现在,我们尝试,我们基本上推断到邻近的用例不同社区的兴趣,开发人员。和开发人员创建的建筑,这就是风险。你怎么能帮助他们尽可能成功?我们怎么能把安全工具和他们来找我们。和现实只是工作在他们的工具集。是的,那里的晴雨表已经开始和我们绝对开发者社区给那些很快反馈循环。还有其他感兴趣的社区,将带来的风险,我们需要确保我们支持他们所以他们成功。和我们做的所有数据。 So yeah, really excited about that.

——所以有…我相信你工作还有其他的东西要流血。有先睹为快,你,你知道,你小子读者宣布11月2日的一周,太棒了,是一个大的一部分社区能够做什么。其他任何你想象接下来要发生的事情与砖或当你思考时,世界是在不断变化发展的。

——好吧,正如我所说的,一切都不断的变化,所以我们要,不管我们今天构建明天我们可能需要拆卸。我认为我们需要方法从情感的角度看问题。我认为我们总是谈论,在开发者社区,但与其说在安全社区。安全社区更静态在某种程度上。所以,我们需要一些经验的开发者社区。什么站,所以技术方法也改变很多,但我们使用的情况下,我们只需要做好准备,不断。但我的意思是,在最后,我们想讨论的术语集中能够分散。或者我们会联合控制。再一次,回到它的规模,安全团队规模不会,对吧?我们需要建立安全平台,开发人员可以bob体育客户端下载做的事情。 Build great things, innovate things, find the next sort of a low carbon energy. And I think that’s what our journey is there, how can we create security as a service where people by choice can come and say, “Hey, I wanna secure it.” And it really is frictionless. There’s the API, there’s the data, there’s a common way of doing. This is how I manage secrets. So, I think it’s about doing that. And if you build something great that’s frictionless, then the adoption will come. And that’s our KPI. How can we move to mass adoption? How can we reduce the time from when we detect something to when we resolve things? And data really is at the core of that. And actually has been there for awhile, it’s just now the big data technology that is at our disposal had a good, you know, sort of entry point, I mean, amidst that to be possible. So I’m really excited about, I think we are only starting really right now.

——所以,你讲这些事情,有具体的事情,你已经开始像个婴儿步骤可以帮助你或你相信已经帮助你的团队在这个方向上走吗?

-是的。我的意思是,我认为我们已经建立了我们的数据云计算在一个湖上的云。再次,我认为,使用砖技术基本上是将所有这些数据集在一起,开始基本上说明他们对业务流程。因此,我们可以从任何形式的资产或数字资产,支持业务流程我们可以集体,很快你知道一些关于所有信息。所以,我们知道它承载我们知道业务流程做,我们知道它有漏洞,我们知道谁访问它,我们知道当他们访问它。我们知道,最近如果有代码提交,如果有任何漏洞的代码。你开始考虑这个,因为完整的堆栈,从身份到应用程序,向基础设施数据,因为真正的脆弱性堆栈跨越它不是…我们总是传统治疗这些元素作为秘密口袋。实际上,是一回事,这是杀伤链如果你可以叫它,它不是一个真正的杀死链,但它真的是,我们需要考虑保护,确保一切都兼容,确保荣誉漏洞在所有这些层是一回事。这是不可能的,现在我们可以一起缝数据。

——非常酷,非常酷。好了,最后一件事在我们搬到观众的问题,我真的很想看看也许你想强调一点的是你经常谈论一些我与技术合理化,有很多的安全工具在任何组织和你使用一些技术来试图找出什么是有用的,什么不是,不是有用的,怎么做。所以,你想分享一点评论与观众。

-是的。我的意思是,我觉得我们有很多技术处理。所以,我们还有很多收敛在安全社区和安全工具环境。所以,我认为这些新技术允许我们合理一些,这很好,但是我花了很多时间在我的生命中缝合在一起的安全工具。这么多时间。所以没有时间获得的利益的安全工具。真…我有点后悔,但是你不能回到过去。所以,前进是唯一能得到那些开发人员,安全工程师启动并运行。网络数据科学家我称之为猎人的天堂,在数据湖泊,我们怎样才能让他们在那里快速、不需要担心其他的东西?我们谈业务的抽象的东西,从业务安全社区的但我们也应该这样做,对吗? Because the value is not in stitching those things together doing platform engineering or network engineering, the value’s in actually getting the value out of that stuff. So, I think, again, we’re only at the beginning of that journey and I think we can just cut that time very quickly and get productive much faster.

——小子读者就真的你大步不仅仅是为自己,你本周宣布11月2日,但它也是一个大步的社区,社区也可以促进剂,而不是做了很多这数据工程平台的东西。bob体育客户端下载现在少了一个东西,人们不得不担心自己滚。所以,这真的很酷。因此丹尼斯,感谢你加入这个对话。几大外卖从我,最大的一个我认为在使用数据,使自己更加声明信息共享。第二个是在自动化。我真的很喜欢你的方式说明了自动化的概念,使您能够获得规模。我还听到了很多你的味道和自动化分析自动化,不仅传统的滑轮组的自动化方式。最后一个是我要包在启用的范畴,使人们在英国石油公司和组织,然后也使社区安全社区走到一起,因为我们是真的,云是一个新领域,它需要一个新的心态。我想也许对我来说,最大的外卖的那三个是你说了什么,你这个机会的影响作为一个心态去云的好处你学过的东西但不是你给你带着行李加速度能够做得更好。 So, Dennis thank you so much for joining this conversation. Thank you for being a Databricks customer and let’s take some questions.

——是的,我的荣幸。谢谢你！