These are the meeting notes from 8/19. Please feel free to comment or make corrections.
Actor: Agreed to change from “IaaS orchestrator” to any API consumer. Similar to OpenStack dashboard.
Further development of our three use cases:
– defined posture as a collection of (security) state information
– identity management, who (or what) is accessing the network and what are they doing?
– SIEM-like functionality, connection attempts/failed connection attempts
– *BUT* need to define the difference between what network security analytics provides vs. a SIEM –
potentially the difference lies in correlation network topo/perf information
– understand the network security level – a security health score?
– what if analysis of security events
– Inventory management + how its all connected together
– physical (links/errors/hashing) + logical topology – state of how each relates to the other (network
segmentation/network functions) – in layers built up from physical
– hot points due to traffic conditions, etc.
– maintenance, device failure (what-if analysis)
– based on workload (# of things to be deployed, data volumes, etc)
– when to scale out, more firewalls, for instance