People should not only look down and walk, but also look up and see the sky. My own understanding is that no matter what a person does, he should not only consider his own situation, analyze the problems to be solved and his absolute and comparative advantages, but also consider external factors, consider the next trend, market, competition and industry competitiveness, and then find out his own decision Position and development planning, that is, strategy and tactics

Since the recent degree courses in economics have been completed, I have been thinking about how to use OKR to improve the team's execution and communication efficiency this year, and what are my motivations and reasons for making sandbox in the past five years. Therefore, by chance, I have paid attention to many abstract concepts and threat models, and coincidentally, the thinking points of security and economic analysis Many of the foundations are common, so I want to sort them out according to my own understanding

What are the problems that security architecture solves?

Security is a confrontation between people, a contest between attack and defense. To be honest, this false concept is not lacking in any industry. However, you can't argue that they are wrong. This is where our people and hieroglyphs are smart and brilliant

Because of the asymmetry of information and the wide range of concerns, the defenders have no advantage over the attackers. This should be the origin of threatening intelligence and data-driven security in recent years. From the perspective of attack, the threats faced by the defenders are complex and diversified, and the traditional defensive means cannot resist the emerging threats, and cannot effectively deal with the external risks. Therefore, here, we assume the threat The problem that modeling solves is that with the development of Internet of things and information technology, how should an enterprise build a reasonable security system so as to reduce the risks faced by its assets and businesses and make the world a better and safer (who, when, what, how)

The starting point of threat model thinking

1. From the perspective of assets and risks

2. From the perspective of system and software

3. From the point of view of the purpose and tactics of attacking the opponent

4. Others (hehe to himself)

Scenarios of threat model application:

If it is vulnerability management, it is recommended to consider from the perspective of assets and risks, systems and software, refer to cissp.sdl

In case of threat hunting, it is recommended to start from Stix, IACD, soap, ATT & CK

If it is to do traceability and intrusion analysis, it is suggested to start from the diamond model, consider the mutual influence factors and mobile relations among victims, opponents, opponent capabilities, infrastructure, capability segmentation and event modeling and correlation analysis in each killchain stage

Of course, I am still thinking about whether there are some common things in this recently. I can integrate the relevant models and concepts, and form some theories that can be used as a thinking tool when the business needs innovation! This can be seen from the architecture diagram of Kabbah and Microsoft. If EDR and XDR can figure out the architecture and implementation details in the diagram, you need to understand and master the integration of the problems solved by the above various threat models and the starting point of thinking

As for the product and architecture, let's take a look at the chart shared by the following companies. If there's anything wrong with it, don't rush to spray on me. You can really understand the communication, or really practice data-driven, attack based defense, killchain, and behavior anomaly detection in security products, not just to get B, under a bunch of meaningless assumptions Play logic to deduce that in order to cheat people's hard-earned money, a copy of RSA's ppt or just translate other people's documents, or only see the Magic Quadrant issued by the consulting company as the leader of benchmarking products, so be merciful

Kaspersky kata

Microsoft ATP

Finally, two more figures are shown:

Microbial viruses and human cells

Under the positive and negative forces, the pursuit is not perfection, but a kind of balance

Workplace people are faced with nothing more than people and things, doing things with people, using people to do things, misunderstanding, complaining, self-protection, mountaintop doctrine, negative response, or trying to understand, be positive, develop cooperation, team awareness, curiosity and passion, keep learning and empty cup attitude, you need to slow down, weigh the pros and cons, make choices, come out from the misunderstanding can find the reason People who understand, get growth and nirvana, without empathy and empathy, or with the Kendo of Miyamoto Musashi, once people think too much about their own gains and losses instead of focusing on their own cultivation, it is impossible to be complete, because you transform the world's sword, it is slow. After all, a gentleman has the beauty of becoming a man, and he must learn to be an adult before he grows up

Finally, put two pictures:

Democratic liberalism of slave owners

Einstein's Thoughts on time and space

Maslow's demand level, the important thing is to see the level proportion

Safety guard

What man seeks is only the meaning of life, the order of the universe, the spiritual confusion of man and the desire to describe the vast universe