🔔 New Blog Post - Leveraging Security Chaos Engineering for Cloud Cyber Resilience - Part II 🔴
89 views
Skip to first unread message
run2o...@gmail.com
Aug 1, 2023, 11:39:31 AM8/1/23
to Chaos Community
Hi everyone,
🔔 New Blog Post Alert 🔔
🔴 Leveraging Security Chaos Engineering for Cloud Cyber Resilience - Part II
💥 In this blog post, I continue the discussion about cloud cyber resilience. See the link to part one here. Here are some highlights of this follow-up blog post:
📍 What is the state-of-the-art in cloud cyber resilience? Short answer, we still have a long way to go. Three indicators can provide insights
1️⃣ Cloud services - what services provided by the leading cloud service providers (#aws, #azure , #gcp ) facilitate cyber resilience?
2️⃣ Cloud Architectural Blueprints - The leading cloud service providers' most common architectural blueprints are the Well-Architected Framework. None of these support cyber resilience!
3️⃣ Cloud Reference Implementations - to help cloud users with automatic cloud orchestration and management, CSPs provide control tower and landing zones. None of these can help cyber resilience folks and #cisos out-of-the-box.
📍 Cyber Resilience Engineering - Engineering-driven approaches are critical requirements for adopting cyber resilience. When we consider the fact that technology-driven companies have a disruptive advantage and software has eaten the world, it becomes clear that defining and enabling engineering-driven cyber resilience approaches would have unprecedented advantages. This is the core of the MITRE Cyber Resiliency Engineering Framework (CREF).
📍 CREF provides a comprehensive set of constructs around cyber resilience, including goals, objectives, techniques, and design principles. These constructs provide clarity on the relationship between cyber resilience and system resilience and risk management. At the core of these constructs is the need for verification based on adversarial testing.
📍 How best can you test cyber resilience -> you leverage Security chaos engineering, a discipline forged in resilience and based on adversarial approaches. SCE can be leveraged to verify the effectiveness of cyber resilience systems throughout their lifecycle.
👉 Happy to hear your thoughts about cyber resilience in cloud infrastructure. Are the cloud services enabling your cyber resilience goals? Do you have alternative approaches to breach the gap of CSPs not really providing support?
💥 Mitigant's SCE platform enables several adversarial approaches, including cloud threat emulation, mapped to the MITRE ATT&CK framework. The attacks analysis, documentation, recommendation, clean up, etc are all handled. Give us a trial today - https://lnkd.in/erjUQXpv
🔴 Leveraging Security Chaos Engineering for Cloud Cyber Resilience - Part II
💥 In this blog post, I continue the discussion about cloud cyber resilience. See the link to part one here. Here are some highlights of this follow-up blog post:
📍 What is the state-of-the-art in cloud cyber resilience? Short answer, we still have a long way to go. Three indicators can provide insights
1️⃣ Cloud services - what services provided by the leading cloud service providers (#aws, #azure , #gcp ) facilitate cyber resilience?
2️⃣ Cloud Architectural Blueprints - The leading cloud service providers' most common architectural blueprints are the Well-Architected Framework. None of these support cyber resilience!
3️⃣ Cloud Reference Implementations - to help cloud users with automatic cloud orchestration and management, CSPs provide control tower and landing zones. None of these can help cyber resilience folks and #cisos out-of-the-box.
📍 Cyber Resilience Engineering - Engineering-driven approaches are critical requirements for adopting cyber resilience. When we consider the fact that technology-driven companies have a disruptive advantage and software has eaten the world, it becomes clear that defining and enabling engineering-driven cyber resilience approaches would have unprecedented advantages. This is the core of the MITRE Cyber Resiliency Engineering Framework (CREF).
📍 CREF provides a comprehensive set of constructs around cyber resilience, including goals, objectives, techniques, and design principles. These constructs provide clarity on the relationship between cyber resilience and system resilience and risk management. At the core of these constructs is the need for verification based on adversarial testing.
📍 How best can you test cyber resilience -> you leverage Security chaos engineering, a discipline forged in resilience and based on adversarial approaches. SCE can be leveraged to verify the effectiveness of cyber resilience systems throughout their lifecycle.
👉 Happy to hear your thoughts about cyber resilience in cloud infrastructure. Are the cloud services enabling your cyber resilience goals? Do you have alternative approaches to breach the gap of CSPs not really providing support?
💥 Mitigant's SCE platform enables several adversarial approaches, including cloud threat emulation, mapped to the MITRE ATT&CK framework. The attacks analysis, documentation, recommendation, clean up, etc are all handled. Give us a trial today - https://lnkd.in/erjUQXpv
Best regards,
Kennedy
Reply all
Reply to author
Forward
0 new messages