It’s time to talk about mapping–planning and building an architecture that makes logical sense. Of course, this is a pretty big topic–that’s why the D3FEND framework has broken it up into multiple parts. But we need to think about why mapping is done: what is the logic behind all this paperwork? Discovering and identifying dependencies, [reason two], and [reason three].
In the interest of brevity, we’ve chosen to put them back together. So, this week, the _secpro team brings you:
Let’s get started!
What is mapping?
Mapping is creating a diagram that shows how all the parts of a system fit together. It’s like making a treasure map, but instead of finding gold, we’re looking for ways hackers might attack the system. The map helps us see where the weak spots are and figure out how to protect them.
Let’s imagine we’re building a fort to protect our precious digital wares. Mapping is like drawing a blueprint of the fort. We draw lines to show where the walls, doors, and windows are, and how they connect. We also mark the secret passages and the places where threat actors might try to sneak in. This blueprint helps us understand the fort better and plan where to put guards, traps, and other defences to keep our stuff safe from hackers.
Hopefully, that’s obvious to you all. But how does D3FEND suggest we use System Dependency Mapping and Service Dependency Mapping?
What is System Dependency Mapping?
System Dependency Mapping, also known as Dependency Mapping or Dependency Analysis, is a process used in cybersecurity to identify and understand the relationships and dependencies between various components within a computer system or network. It focuses on mapping the connections and interactions between different elements to gain a comprehensive understanding of how they rely on one another.
Imagine you have a complex puzzle with many pieces, and each piece represents a different part of a computer system. System Dependency Mapping is like figuring out how all those puzzle pieces fit together. It helps us see how one piece depends on another to function properly.
How can I implement System Dependency Mapping?
In cybersecurity, this mapping process involves examining software applications, hardware devices, network connections, and configurations to identify how they interact and rely on each other. It helps security professionals understand the flow of data, communication protocols, access controls, and trust relationships between different components.
What tools can I use for System Dependency Mapping?
Here’s a top ten tools that you can use, collated by our friends at dnsstuff.
- SolarWinds Server & Application Monitor
- Dynatrace
- Device42
- Retrace
- ManageEngine Applications Manager
- Datadog
- Extrahop
- AppDynamics
- Prometheus
- Pinpoint
Test them out and tell us what you think!
What is Service Dependency Mapping?
Here’s where we need to be careful – we don’t want to mix system mapping and service mapping up!
Service Dependency Mapping, also known as Service Dependency Analysis, is a process used to identify and understand the dependencies between different services within a computer system or network. It focuses on mapping the relationships and interactions between services to gain insights into their interdependencies and ensure their proper functioning.
To explain this concept, let’s think of a service as a helpful team member who performs a specific task within a larger project. Service Dependency Mapping is like figuring out which team members rely on one another to get their jobs done effectively.
How can I implement Service Dependency Mapping?
Getting started with Service Dependency Mapping involves analyzing the services or software components that make up a system or network. This includes understanding the dependencies in terms of data flow, communication protocols, and service interactions. By mapping the dependencies between services, security professionals can gain a clearer understanding of how a system functions as a whole. This helps in assessing the impact of any changes or disruptions to a particular service and determining potential risks.
What tools can I use for Service Dependency Mapping?
Here are another ten tools that we’ve been playing with over the past week. Note: there is some overlap between this list and the System Dependency Mapping one above. Many providers create products for both functions.
