1 / 30

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’. www.jackbe.com. John Crupi, CTO Rick Smith, Cyber Consultant . About JackBe. Leading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses

meriel
Download Presentation

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ www.jackbe.com John Crupi, CTO Rick Smith, Cyber Consultant

  2. About JackBe Leading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses Small Business Headquartered in DC area with Global Reach DoDAccredited Software Broad Access to Contract Vehicles and Procurement Methods for all Federal Customers Named to ‘Top 10 Enterprise Products’ in 2010

  3. Today’s Special Guests Rick Smith CISSP, CISM Cyber Security SME at Blue Canopy Over 16 years experience in government and private sector. Recognized speaker for ISACA and a Cyber Security SME Focusing on Enhance Situational Awareness, Improving Continuous Monitoring, Cyber Analytics, and Cyber Active Threat Management. John Crupi, Chief Technology Officer Formerly, CTO of Sun’s SOA Practice & Sun Distinguished Engineer Co-Author of Core J2EE Patterns

  4. Today’s Agenda • Why Can’t Secretary of Defense Leon Panetta Sleep at Night? • Today’s Federal Cyber Security Best Practices • What are the Concerns with Today’s Continuous Monitoring Programs? • The Old Way, the New Way, and the Future of Continuous Monitoring • How Real-Time Operational Intelligence Enables Enhanced Cyber Situational Awareness • Demo Scenario: The Operational View, The Tactical View, The Strategic View of Cyber Situational Awareness

  5. What Keeps Secretary of Defense Leon Panetta Up At Night? A Major Cyber Attack! LOUISVILLE, Ky., March 1, 2012 - What keeps Secretary of Defense Leon Panetta, awake at night, he didn't hesitate: “A MAJOR CYBER ATTACK!” “We are literally getting HUNDREDS OF THOUSANDS OF ATTACKS EVERYDAY that try to exploit information in various [U.S.] agencies or department. There are plenty of targets beyond government too,” he added. “The country needs to defend against that kind of attack, but also DEVELOP THE INTELLIGENCE RESOURCES TO UNDERSTAND WHEN THOSE POSSIBLE ATTACKS ARE COMING,” the secretary said. Hundreds of thousands of attacks every day! Develop the intelligence resources to understand when those possible attacks are coming! By Jim Garamone, American Forces Press Service

  6. Federal Cyber Security Best Practices National Institute of Standards and Technology (NIST) created the Risk Management Framework (RMF) as a risk-based paradigm to help guide their FISMA implementation work. Information Security Continuous Monitoring Best Practices: Principle 1: Aggregate Diverse Data Principle 2: Analyze Multi-Source Data Principle 3: Create Real-Time Data Queries Principle 4: Transform Data Into Actionable Intelligence Principle 5: Maintain Real-Time Actionable Awareness INFORMATION SECURITY CONTINUOUS MONITORING Bruce Levinson, Center for Regulatory Effectiveness Oct, 2011

  7. Information Security Continuous Monitoring

  8. ISCM Ongoing Awareness Requirements Maintain Situational Awareness of all systems across the organization An understanding of threats and threat activities Provide Security status across all tiers of an organization Actively Manage Risk by organizational officials Collect, Correlate & Analyze Security-related information Assess All security controls

  9. Domains that Continuous Monitoring Can Support 1) Vulnerability Management 2) Patch Management 3) Event Management 4) Incident Management 5) Malware Detection 6) Asset Management 7) Configuration Management 8) Network Management 9) License Management 10) Information Management 11) Software Assurance 12) Digital Policy Management 13) Advanced Persistent

  10. Today’s ‘Continuous Monitoring’ Programs Portable Risk Score Manager (PRSM) designed to reduce the number of cyber risks by increasing the compliance with IA policies and network security standards to improve IA posture by adopting the iPost Risk Scoring methodology. iPost is a custom application designed to continuously monitor and report risk on the IT infrastructure in an effort to identify weaknesses. Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS) designed to enable Federal agencies to implement Continuous Monitoring more rapidly through federal standards that leverage federal buying power to reduce the cost of implementing Continuous Monitoring.

  11. The ‘Concerns’ with Today’s Current Cyber Programs • Workforce Supply And Demand • Maintaining good skill-sets and building continuity • Attracting experienced cyber security pros for government work • Ensuring the security clearance process doesn’t become a hurdle • Skills Development • Provide on-going skill building programs • Provide a collaborative approach to improving skills and data sharing • Oversight And Compliance • Compliance Automation Reporting meeting zero day attacks • Collaboration and data sharing • Trusted Supply Chain • Acquisition Trusted equipment free of malware and vulnerabilities • Tracking, remediating and reducing vulnerabilities once it is in the network

  12. The Old Way: ‘Periodic Snapshots’ Repetitive

  13. The New Way – Continuous Monitoring Vulnerability Management Vulnerability Management Added Process to Verify

  14. The Future: Continuous Monitoring Feeding Risk Score Cards Enhance Situational Awareness Vulnerability Assessment Enterprise Security Vulnerability And Threat Management Capabilities Risk Management Compliance Checking

  15. What’s Coming Next? How Real-Time Operational Intelligence Enables Cyber Situational Awareness

  16. Continuous Monitoring for Cyber Awareness(A Real-Time Approach to Continuous Monitoring, SANS Analyst Program) Data Points Incident management Advanced network monitoring using real-time network forensics Network Management System and network log collection, correlation and reporting Vulnerability Management Enhanced Situational Awareness Dashboard Vulnerability, configuration and asset management Threat intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis News Feeds, Twitter Other disparate data, external data

  17. What’s the Global Business Impact? Vulnerability Score Security Risk Program Impact Global Threat Business Systems Tie to: Operation Systems

  18. Presto for Cyber Situational Awareness Real-Time Mashing Vulnerabilities Assets Health, status, security, vulnerability, and mission dependency data

  19. What’s Coming Next? • Explaining the Demo Scenario: • The Operational View • The Tactical View • The Strategic View

  20. Demo Scenario Walk-Thru Asset Management Compliance Management • Operational View • Hardware View • Software View • Patches applied • Vulnerabilities • Categorization of Vulnerabilities • Enhance Situational Awareness Resource Allocation Actionable Remediation • Tactical View • Cost for Remediation • Impact Analysis • Strategic View • Remediation recommendations • POA&M Tracking

  21. Asset Management Patches Applied HW & SW Counts

  22. Compliance Management Vulnerabilities that match to Cyber Command list Tier 3 Vulnerabilities Vulnerabilities Found from Scans Vulnerabilities By Machine Type

  23. Resource Allocation Data correlation from disparate business units Summarization Portfolio Management

  24. Resource Allocation Consolidated Impact Analysis Impact Analysis & cost of impact to remediate

  25. Actionable Remediation Leadership is provided with a way forward on remediation approach

  26. Today’s Architecture of Sharing Data • Takes up a lot of resource • FTP • Email • File Sharing Tier 1 Tier 2 Tier 2 Tier 3 Tier 3 Tier 3 Tier 3

  27. Real Time Data Sharing • More Efficient • Share Views • No Re-Homing Data • Sharing Apps • Confederated Process Tier 1 Tier 2 Tier 2 Roll up Data Tier 3 Tier 3 Tier 3 Tier 3

  28. The Benefits of the Cyber Use Case • Integrating Disparate Data • Operational, Tactical and Strategic views are shared • Providing a workflow process that is inclusive • Bringing disparate data together for a common cause • Improving Collaboration/Analytics • Full disclosure of data points for discussions at any time • Improve the cyber security posture for an organization • Create trackable, accountable, and actionable process • Enhance Situational Awareness • Enable Verification and Validation • Provide data that is beyond traditional alerting mechanisms

  29. How JackBe Can Help You? To get additional information about how we can help your agency achieve Enhanced Situational Awareness, contact us at http://www.jackbe.com/about/contact_form.php. Read About JackBe Presto Solutions in Government Today http://www.jackbe.com/solutions/federal.php

  30. ‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ www.jackbe.com John Crupi, CTO Rick Smith, Cyber Consultant

More Related