This presentation teaches DevOps practitioners how to standardize the most effective CIS processes for identifying and responding to threats quickly and effectively.
OODA = observe, orient, decide, act.
Observe = Track security bulletins/advisories and use continuous monitoring for your own infrastructure [Detection via security monitoring dashboards]
Orient = Research applicability of known threats to your environments [Threat detection security monitoring and analytics dashboards]
Decide = Determine remediation strategy [Response dashboard in the platform + Sumo alert and quarantine host response, Response via SOAR playbook]
Act = Rollout, monitor, and manage deployments [Rollout equates to collection, Monitor via continuous intelligence platform, manage via automation cloudformation templates]
Taking a templated approach when dealing with app deployments frees development teams up to focus on the issues that automation can’t address. By building and automating an “OODA” cycle, security analysts and engineers are able to speedily pinpoint issues, determine available options, decide on a remediation strategy, and implement it. This frees up the team to work on more interesting projects and less monotonous tasks.