Using Security Chaos Engineering to Build Protected, Resilient Systems
The speed and scale of complex system operations within cloud-driven architectures make them extremely difficult for humans to mentally model their behavior. This often results in unpredictable and catastrophic outcomes that become costly when unexpected security incidents occur. There is a need to realign the actual state of operational security measures in order to maintain an acceptable level of confidence that our security actually works when we need it to. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further understand and nurture accidents as opportunities to proactively strengthen system resilience. Chaos engineering allows us to proactively expose the failures, build resilient systems, and develop an applied security model to minimize the impact of failures. Security teams can proactively experiment and derive new information about underlying factors that were previously unknown by developing live-fire exercises that can be measured, managed, and automated. Contrary to red/purple team exercises, chaos engineering does not use threat actors or adversarial tactics, techniques, and procedures. We intentionally introduce turbulent conditions, faults, and failures into our systems to determine the conditions in which our security will fail before it actually does. Aaron Rinehart will introduce a new concept, security chaos engineering, and explain how it can be applied to create highly secure, performant, and resilient distributed systems. Learn to proactively detect availability and security incidents before they happen.