The need for security policy automation.
So what’s the solution? Wouldn’t it be logical to use an automated tool to bridge the gap between human-manageable, intuitive policies and the matching detailed technical rules and configurations. This would allow security administrators to author policies in very generic terms. The tool should then automatically fill in the technical details, and enforce the policy. For example, administrators should be able to author policies such as:
“only allow a selection of the detected information flows and block everything else”
“all analysts can access all data about any suspect they are tasked to investigate, and about all other suspects that are
within 3 hops social proximity of that suspect”.
Such a “security policy automation” solution needs to automatically bridge the gap between such human-understandable, intuitive policies and the matching detailed technical rules and configurations. It should automatically generate technically enforceable technical rules and configurations (esp. for access control policies). It should also automatically test policies, produce documentation, and monitor security activity. How would such a tool achieve security policy automation? By importing existing information sources, and using them to fill in the technical details. For example, it could import information about users, roles, applications, systems, networks, network traffic, and much more.