Analyst & Research Reports

O'Reilly Modern Defense in Depth

Issue link:

Contents of this Issue


Page 41 of 53

service (SECaaS) are integrating their security technologies through integrated UIs as well as by human expertise. They're integrating the aforementioned lines of defense with multiple security operation centers, operating 24/7 and fully staffed with highly competent secu‐ rity and networking experts. These experts are tasked with operating like a Central Command in the Military, integrating the lines of defense by way of proficiently utilizing automation, scripting, and API techniques. An Approach Similar to the Modern Military Figure 4-1 presents a comparison that highlights how similar an integrated DiD approach to better web application security is to an actual modern military, which operates under the same precepts, especially concerning integration. Figure 4-1. Lines of integrated defenses in the cloud The figure highlights the integration needed to gain better web application security. Reading from left to right, the lines of defense near the bottom are very apparent. At the top, the SOC, acting like a military Central Command, receives logging and alert information from the various technologies and then uses this information to dis‐ seminate the adjustments needed in an automated fashion to the appropriate lines of defense via automation, scripting, and APIs. This demonstrates the true power of integration, as all lines of defense begin to act as one cohesive defensive force, similar to a modern military approach. 32 | Chapter 4: How to Achieve the Integrated Approach

Articles in this issue

view archives of Analyst & Research Reports - O'Reilly Modern Defense in Depth