1 / 18

Security Automation

May 26th, 2010. Security Automation. Security Automation: the challenge. Guidance Documents. Alerts & Advisories. Web Sites. Assessment Tools. Reporting Tools. Management Tools. “Tower of Babel” Too much proprietary, incompatible information Costly Error prone Difficult to scale

saburo
Download Presentation

Security Automation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. May 26th, 2010 Security Automation

  2. Security Automation: the challenge Guidance Documents Alerts & Advisories Web Sites Assessment Tools Reporting Tools Management Tools • “Tower of Babel” • Too much proprietary, incompatible information • Costly • Error prone • Difficult to scale • Inefficient • Resources spent on “security hygiene” • Vulnerability management • Configuration management • Patch management • Compliance management 2

  3. Security Automation: the solution Guidance Documents Alerts & Advisories Web Sites Assessment Tools Reporting Tools Management Tools • Standardization: • Same Object, Same Name • Reporting • Automation: • Efficiency • Accuracy • Resources re-tasked to harder problems: • Incident response • Infrastructure enhancement 3

  4. What are we achieving with Security Automation? • Minimize Effort • Reducing the time and effort of manual assessment and remediation • Providing a more comprehensive assessment of system state • Increase Standardization and Interoperability • Enabling fast and accurate correlation within the enterprise and across organizations/agencies; Reporting • Shortening decision cycles by rapidly communicating: • Requirements (What/How to check) • Results (What was found) • Allowing diverse tool suites and repositories to share data • Fostering shared situational awareness by enabling and facilitating data sharing, analysis, and aggregation

  5. What are we achieving with Security Automation and Standardization? • Standard data, economy of scale, and reuse • Standardized security content can be developed once and used by many • Common definitions for vulnerabilities, software, and policy statements • Speed • Rapidly identify vulnerabilities and improperly configured systems and communicate the degree of associated risk • Zero day malware detection

  6. Security Content Automation Protocol (SCAP) • SCAP is a suite of specifications that together enable standardization and automation of vulnerability management, measurement, and technical policy compliance checking along with enhanced product and database integration capabilities with machine readable reporting. • In other words, “the plumbing”

  7. Security Content Automation Protocol (SCAP) Community developed Machine readable XML Reporting Representing security checklists Detecting machine state Community developed Product names Vulnerabilities Configuration settings Languages Means of providing instructions Metrics Risk scoring framework Enumerations Convention for identifying and naming • Community developed • Transparent • Metrics • Base • Temporal • Environmental

  8. Notional Security Data Model Situational Awareness Continuous Monitoring Automated Compliance Mgmt Reporting Layer and Data Interface Controls Policy Bulletins and Advisories Standard Names & Reference Conventions Technical Alerts & Signatures Lessons Learned Attack Patterns Sharable Policy System Characteristics Weaknesses Threats Vulnerability Checks Fixes Assets Event Language Patterns Business Systems Infrastructure

  9. Specifications-Based Security Automation Situational Awareness Continuous Monitoring Automated Compliance Mgmt Reporting Layer and Data Interface (TBD, e.g. XBRL, etc) Bulletins and Advisories Policy Controls CCI CCSS CPE TBD Technical Bulletins CCE CVE CRE TBD CRE CEE CERE CAPEC XCCDF System Characteristics TBD TBD Signatures OVAL OCIL OVRL Assets EventLanguage Patterns Reportable IT Systems Inventoried, Trusted Connections

  10. Security Automation Partners and Resources

  11. Partners • US Government • National Institute of Standards and Technology (NIST) • National Security Agency (NSA) • Department of Homeland Security (DHS) • Defense Information Systems Agency (DISA) • Foreign Government • Japan - JVN/IPA - Japan Vulnerability Notes / Information Technology Promotion Agency • Spain – INTECO - Instituto Nacional de Tecnologías de la Comunicación • Private Sector • Apple, Microsoft, Red Hat, Sun Microsystems • Security product vendors

  12. National Vulnerability Database • NVD is the U.S. government repository of public vulnerability management information. • Provides standardized reference for software vulnerabilities. • Over 39,000 CVE entries with the NVD Analysis Team evaluating over 6,000 vulnerabilities a year • Product dictionary containing 18,000 unique product names • Used by government, industry and academia • Machine-readable data feeds • Spanish and Japanese language translation • http://nvd.nist.gov

  13. National Checklist Program • U.S. Government repository of publicly available security checklists • Eases compliance management • Checklists cover 178 products • SCAP content • Checklist contributors include • Government organizations • Vendors • Non-profit organizations • Part 39 of the Federal Acquisition Regulation (FAR) • http://checklists.nist.gov

  14. eSCAPe • Creation of new and/or customized configuration policies • Puts the power of SCAP into the hands of existing staff; reduces cost/barrier of entry • Government wide, department level, or agency specific • Quickly generate specific assessment criteria for vulnerabilities or presence of malware • Pushed out to SCAP enabled products • Content Validation • Ensures all content published to NCP is formatted correctly Content Tools

  15. SCAP Validation Program • Provides product conformance testing for Security Content Automation Protocol (SCAP) • National Voluntary Laboratory Accreditation Program • Independent testing laboratories • Reports validated by NIST • http://scap.nist.gov/validation.cfm (Validation Program) • http://scap.nist.gov/scapproducts.cfm (Validated Products)

  16. NIST SCAP Product Validation Programhttp://nvd.nist.gov/scapproducts.cfm

  17. Looking Ahead • Remediation capabilities • Rapidly deploy corrective action • Shutting down services, locking out accounts, etc… • Network Event Management • Event Management Automation Protocol (EMAP)

  18. Conclusion • Security Automation: • Improves efficiency • Promotes interoperability of data and security tools • Enables standardized reporting across multiple views • Provides enhanced situational awareness

More Related