enhanced cyber situational awareness with continuous monitoring n.
Skip this Video
Loading SlideShow in 5 Seconds..
‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ PowerPoint Presentation
Download Presentation
‘Enhanced Cyber Situational Awareness with Continuous Monitoring’

Loading in 2 Seconds...

play fullscreen
1 / 30

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ - PowerPoint PPT Presentation

  • Uploaded on

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’. www.jackbe.com. John Crupi, CTO Rick Smith, Cyber Consultant . About JackBe. Leading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '‘Enhanced Cyber Situational Awareness with Continuous Monitoring’' - meriel

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
enhanced cyber situational awareness with continuous monitoring

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’


John Crupi, CTO

Rick Smith, Cyber Consultant

about jackbe
About JackBe

Leading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses

Small Business Headquartered in DC area with Global Reach

DoDAccredited Software

Broad Access to Contract Vehicles and Procurement Methods for all Federal Customers

Named to ‘Top 10 Enterprise Products’ in 2010

today s special guests
Today’s Special Guests

Rick Smith CISSP, CISM

Cyber Security SME at Blue Canopy

Over 16 years experience in government and private sector. Recognized speaker for ISACA and a Cyber Security SME Focusing on Enhance Situational Awareness, Improving Continuous Monitoring, Cyber Analytics, and Cyber Active Threat Management.

John Crupi, Chief Technology Officer

Formerly, CTO of Sun’s SOA Practice

& Sun Distinguished Engineer

Co-Author of Core J2EE Patterns

today s agenda
Today’s Agenda
  • Why Can’t Secretary of Defense Leon Panetta Sleep at Night?
  • Today’s Federal Cyber Security Best Practices
  • What are the Concerns with Today’s Continuous Monitoring Programs?
  • The Old Way, the New Way, and the Future of Continuous Monitoring
  • How Real-Time Operational Intelligence Enables Enhanced Cyber Situational Awareness
  • Demo Scenario: The Operational View, The Tactical View, The Strategic View of Cyber Situational Awareness
what keeps secretary of defense leon panetta up at night
What Keeps Secretary of Defense Leon Panetta Up At Night?

A Major Cyber Attack!

LOUISVILLE, Ky., March 1, 2012 - What keeps Secretary of Defense Leon Panetta, awake at night, he didn't hesitate: “A MAJOR CYBER ATTACK!”

“We are literally getting HUNDREDS OF THOUSANDS OF ATTACKS EVERYDAY that try to exploit information in various [U.S.] agencies or department. There are plenty of targets beyond government too,” he added.

“The country needs to defend against that kind of attack, but also DEVELOP THE INTELLIGENCE RESOURCES TO UNDERSTAND WHEN THOSE POSSIBLE ATTACKS ARE COMING,” the secretary said.

Hundreds of thousands of attacks every day!

Develop the intelligence resources to understand when those possible attacks are coming!

By Jim Garamone, American Forces Press Service

federal cyber security best practices
Federal Cyber Security Best Practices

National Institute of Standards and Technology (NIST) created the Risk Management Framework (RMF) as a risk-based paradigm to help guide their FISMA implementation work.

Information Security Continuous Monitoring Best Practices:

Principle 1: Aggregate Diverse Data

Principle 2: Analyze Multi-Source Data

Principle 3: Create Real-Time Data Queries

Principle 4: Transform Data Into Actionable Intelligence

Principle 5: Maintain Real-Time Actionable Awareness


Bruce Levinson, Center for Regulatory Effectiveness Oct, 2011

iscm ongoing awareness requirements
ISCM Ongoing Awareness Requirements


Situational Awareness of all systems across the organization

An understanding of threats and threat activities


Security status across all tiers of an organization

Actively Manage

Risk by organizational officials

Collect, Correlate & Analyze

Security-related information


All security controls

domains that continuous monitoring can support
Domains that Continuous Monitoring Can Support

1) Vulnerability Management

2) Patch Management

3) Event Management

4) Incident Management

5) Malware Detection

6) Asset Management

7) Configuration Management

8) Network Management

9) License Management

10) Information Management

11) Software Assurance

12) Digital Policy Management

13) Advanced Persistent

today s continuous monitoring programs
Today’s ‘Continuous Monitoring’ Programs

Portable Risk Score Manager (PRSM) designed to reduce the number of cyber risks by increasing the compliance with IA policies and network security standards to improve IA posture by adopting the iPost Risk Scoring methodology.

iPost is a custom application designed to continuously monitor and report risk on the IT infrastructure in an effort to identify weaknesses.

Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS) designed to enable Federal agencies to implement Continuous Monitoring more rapidly through federal standards that leverage federal buying power to reduce the cost of implementing Continuous Monitoring.

the concerns with today s current cyber programs
The ‘Concerns’ with Today’s Current Cyber Programs
  • Workforce Supply And Demand
    • Maintaining good skill-sets and building continuity
    • Attracting experienced cyber security pros for government work
    • Ensuring the security clearance process doesn’t become a hurdle
  • Skills Development
    • Provide on-going skill building programs
    • Provide a collaborative approach to improving skills and data sharing
  • Oversight And Compliance
    • Compliance Automation Reporting meeting zero day attacks
    • Collaboration and data sharing
  • Trusted Supply Chain
    • Acquisition Trusted equipment free of malware and vulnerabilities
    • Tracking, remediating and reducing vulnerabilities once it is in the network
the new way continuous monitoring
The New Way – Continuous Monitoring





Added Process to Verify

the future continuous monitoring feeding risk score cards
The Future: Continuous Monitoring Feeding Risk Score Cards

Enhance Situational Awareness






And Threat





Compliance Checking

what s coming next
What’s Coming Next?

How Real-Time Operational Intelligence Enables Cyber Situational Awareness

Continuous Monitoring for Cyber Awareness(A Real-Time Approach to Continuous Monitoring, SANS Analyst Program)

Data Points

Incident management

Advanced network monitoring

using real-time network forensics

Network Management

System and network log collection,

correlation and reporting

Vulnerability Management

Enhanced Situational Awareness Dashboard

Vulnerability, configuration

and asset management

Threat intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis

News Feeds, Twitter

Other disparate data, external data

what s the global business impact
What’s the Global Business Impact?

Vulnerability Score

Security Risk

Program Impact

Global Threat



Tie to:




Presto for Cyber Situational Awareness

Real-Time Mashing



Health, status, security, vulnerability, and mission dependency data

what s coming next1
What’s Coming Next?
  • Explaining the Demo Scenario:
  • The Operational View
  • The Tactical View
  • The Strategic View
demo scenario walk thru
Demo Scenario Walk-Thru

Asset Management

Compliance Management

  • Operational View
  • Hardware View
  • Software View
  • Patches applied
  • Vulnerabilities
  • Categorization of Vulnerabilities
  • Enhance Situational Awareness

Resource Allocation

Actionable Remediation

  • Tactical View
  • Cost for Remediation
  • Impact Analysis
  • Strategic View
  • Remediation recommendations
  • POA&M Tracking
asset management
Asset Management

Patches Applied

HW & SW Counts

compliance management
Compliance Management

Vulnerabilities that match to Cyber Command list

Tier 3 Vulnerabilities

Vulnerabilities Found

from Scans

Vulnerabilities By Machine Type

resource allocation
Resource Allocation

Data correlation from disparate business units


Portfolio Management

resource allocation1
Resource Allocation

Consolidated Impact Analysis

Impact Analysis & cost of impact to remediate

actionable remediation
Actionable Remediation

Leadership is provided with a way forward on remediation approach

today s architecture of sharing data
Today’s Architecture of Sharing Data
  • Takes up a lot of resource
  • FTP
  • Email
  • File Sharing

Tier 1

Tier 2

Tier 2

Tier 3

Tier 3

Tier 3

Tier 3

real time data sharing
Real Time Data Sharing
  • More Efficient
  • Share Views
  • No Re-Homing Data
  • Sharing Apps
  • Confederated Process

Tier 1

Tier 2

Tier 2

Roll up Data

Tier 3

Tier 3

Tier 3

Tier 3

the benefits of the cyber use case
The Benefits of the Cyber Use Case
  • Integrating Disparate Data
    • Operational, Tactical and Strategic views are shared
    • Providing a workflow process that is inclusive
    • Bringing disparate data together for a common cause
  • Improving Collaboration/Analytics
    • Full disclosure of data points for discussions at any time
    • Improve the cyber security posture for an organization
    • Create trackable, accountable, and actionable process
  • Enhance Situational Awareness
    • Enable Verification and Validation
    • Provide data that is beyond traditional alerting mechanisms
how jackbe can help you
How JackBe Can Help You?

To get additional information about how we can help your agency achieve Enhanced Situational Awareness, contact us at http://www.jackbe.com/about/contact_form.php.

Read About JackBe Presto Solutions in Government Today


enhanced cyber situational awareness with continuous monitoring1

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’


John Crupi, CTO

Rick Smith, Cyber Consultant