1 / 22

Runtime Intelligence

Runtime Intelligence. A new generation of application security and performance controls. Sebastian Holst sebastian@preemptive.com PreEmptive Solutions. It’s 2:45 PM. Do you know where your applications are?. The telling you what I’m going to tell you slide. Runtime Intelligence:

tokala
Download Presentation

Runtime Intelligence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Runtime Intelligence A new generation of application security and performance controls Sebastian Holst sebastian@preemptive.com PreEmptive Solutions

  2. It’s 2:45 PM Do you know where your applications are?

  3. The telling you what I’m going to tell you slide • Runtime Intelligence: • what it is and why you might care • Implications & requirements • What’s possible, what’s missing and what you can expect • Runtime Intelligence applications and their value propositions • From software suppliers to enterprise consumers; security, compliance and business performance • Early commercialization • Tamper notification and application usage

  4. Information People Information Systems Process What is the point of work?

  5. What is the point of work? The Application Information People Information Systems Process

  6. The weakest link? Legally Blind to Usage context Deployment scope Operational materiality Stakeholder orientation Supplier interests Applications Monitor Audit Log

  7. Information People Information Systems Process What is the point of work? Investors Partners Supply chain Finance Development Manufacturing Suppliers Field Sales Consumers Users CRM IT Channels Service providers service Regulators

  8. Pressing issues for Runtime Intelligence • Senior software executives want insight into channel performance, product and platform usage, quality of service and adoption • Senior enterprise executives want IT security reassurance but lack necessary understanding • Development managers want to align resources with security risks and platform requirements • IT Security managers want credibility • Product managers want insight into usage and behavior • Businesses (and BUs) want, but are reluctant to provide, comparisons or guidance. • Customer support needs reliable environmental data to provide better individual support, benchmark across platforms and over time. • Information security and business executives often speak different languages • All assessments are difficult: Too much data, not enough time.

  9. What’s required • Usage context • Design and development coordination • Use case, materiality, coding and data conventions • Deployment scope • Aggregation beyond individual IT domains • SaaS or other managed service archipelago • Operational materiality • Near-time integration with business metrics • Activity monitoring & trend analysis incorporating site-specific business information, thresholds and tolerances • Stakeholder orientation • Role-specific dashboards and reports • Security, privacy, compliance, performance, financial, sales… • Additional requirements • Best practices, security, privacy and liability

  10. The development process • Develop • Embed attributes: Entry & Exit points – tamper check methods • Utilize SDK: Attack, suspicious use case, positive use case • Application is enhanced at same stage as obfuscation • Deploy • No boundaries • Enterprise and supply chain • ISV customer base • Collect • Data is sent via Web Service (SOAP) to a managed service • Collect, burst, fire and forget • Opt-in and default is that no identifiable information is sent • Enrich • Business information is periodically uploaded and integrated into a signal repository • Connect supplier and supply chain to individual user, their “identify” and the business interests they serve • Analyze and test through managed dashboards • Benchmarking, threshold monitoring, trending and visualization • Application security, usage, compliance and business performance • Distribute • Access to Runtime Intelligence can be delegated to constituent communities • Increase opt-in and extend the value • Act • Detective controls can lead to faster and more effective responses • Environmental hostility, misuse, adoption best practices, etc…

  11. Obfuscation Development Process Map file External Dependencies Obfuscation Attributes External Configuration Dotfuscator Compiler • Obfuscates • Compacts • Links - s Attributes Source Code Input Assemblies Output Assemblies

  12. Runtime Intelligence (SO-s) Development Process SO-s Runtime Assembly Via Attributes Via SDK Map file External Dependencies Obfuscation Attributes External Configuration Dotfuscator Compiler With SO - s SO-s Attributes Attributes Source Code Input Assemblies Output Assemblies ( Including SO - s runtime )

  13. Runtime SO-s DLL SO-s Deployment Application Signals • Dotfuscator • Instrumentation • Obfuscation • Pruning & Consolidation application Message Buffer • SSL option • Identifiable information is hashed • Buffer is Tunable at development and runtime • Messages optimized for performance

  14. “Internally developed applications and independent software vendors should provide log data that supports centralized application security information and event management.” Define Application Security Log Output Standards, Amrit T. Williams, Gartner Inc. 4 May 2006 SO-signal • What’s in a signal? • Anything that can be logged, monitored or audited • Events • Application/Process/Service events • Start/stop, tamper, exception, … • Suspicious, novel, best practice • Account access and management events • Environmental data • Runtime stack, application family, application ID • License key, identity • Application data • Relevant to signal to provide context • How are signals organized? • Consistent structures and conventions are required to enable security, performance and other aggregation and analysis

  15. Processing for OLAP and source-specific access Business information sources Internet Business Information Data Validation & insertion into staging tables Secure WebDAV Msg queue (MSMQ) SO-s SaaS Facilities Internet Data Validation & insertion into staging tables Signal Validation Processing for OLAP and source-specific access Runtime Intelligence Virtual Repository Application Signals Dozens of servers, load balanced with fully redundant architecture and clean separation of tiers, supporting terabytes of extensible storage and security best practices that include regular threat modeling, 3rd party evaluation, SAS70 Type II certified facilities, etc.

  16. Software vendor monitoring field adoption and behavior Commercial product family Adoption, platform utilization & stability Relative stability of beta Tamper Pipeline activity and stability

  17. View into active evaluations Pipeline dependencies Most active Having problems?

  18. Availability • SO-signal: first generation of SO-s family distributed as a component of the Dotfuscator family • Available now for evaluation • Q4: Tamper notification • 35% of the packaged software installed on personal computers (PC) worldwide in 2005 was illegal and circumvention of license controls is an increasingly common practice – Source: BSA • Amounting to $34 billion is lost revenue • Posing material security and liability risk to consumers • Q1: Usage, stability and environmental controls • Offering usage, stability and adoption dashboards in near-time • Runtime Intelligence is offered on a subscription basis • Software included in existing Dotfuscator license agreements

  19. Sebastian Holst sebastian@preemptive.com PreEmptive Solutions Questions?

More Related