may 26th 2010 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Automation PowerPoint Presentation
Download Presentation
Security Automation

Loading in 2 Seconds...

play fullscreen
1 / 18

Security Automation - PowerPoint PPT Presentation


  • 118 Views
  • Uploaded on

May 26th, 2010. Security Automation. Security Automation: the challenge. Guidance Documents. Alerts & Advisories. Web Sites. Assessment Tools. Reporting Tools. Management Tools. “Tower of Babel” Too much proprietary, incompatible information Costly Error prone Difficult to scale

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Automation' - saburo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security automation the challenge
Security Automation: the challenge

Guidance Documents

Alerts & Advisories

Web Sites

Assessment Tools

Reporting Tools

Management Tools

  • “Tower of Babel”
    • Too much proprietary, incompatible information
    • Costly
    • Error prone
    • Difficult to scale
  • Inefficient
    • Resources spent on “security hygiene”
      • Vulnerability management
      • Configuration management
      • Patch management
      • Compliance management

2

security automation the solution
Security Automation: the solution

Guidance Documents

Alerts & Advisories

Web Sites

Assessment Tools

Reporting Tools

Management Tools

  • Standardization:
    • Same Object, Same Name
    • Reporting
  • Automation:
    • Efficiency
    • Accuracy
    • Resources re-tasked to harder problems:
      • Incident response
      • Infrastructure enhancement

3

what are we achieving with security automation
What are we achieving with Security Automation?
  • Minimize Effort
  • Reducing the time and effort of manual assessment and remediation
  • Providing a more comprehensive assessment of system state
  • Increase Standardization and Interoperability
  • Enabling fast and accurate correlation within the enterprise and across organizations/agencies; Reporting
  • Shortening decision cycles by rapidly communicating:
    • Requirements (What/How to check)
    • Results (What was found)
  • Allowing diverse tool suites and repositories to share data
  • Fostering shared situational awareness by enabling and facilitating data sharing, analysis, and aggregation
what are we achieving with security automation and standardization
What are we achieving with Security Automation and Standardization?
  • Standard data, economy of scale, and reuse
  • Standardized security content can be developed once and used by many
  • Common definitions for vulnerabilities, software, and policy statements
  • Speed
  • Rapidly identify vulnerabilities and improperly configured systems and communicate the degree of associated risk
    • Zero day malware detection
security content automation protocol scap
Security Content Automation Protocol (SCAP)
  • SCAP is a suite of specifications that together enable standardization and automation of vulnerability management, measurement, and technical policy compliance checking along with enhanced product and database integration capabilities with machine readable reporting.
  • In other words, “the plumbing”
security content automation protocol scap1
Security Content Automation Protocol (SCAP)

Community developed

Machine readable XML

Reporting

Representing security checklists

Detecting machine state

Community developed

Product names

Vulnerabilities

Configuration settings

Languages

Means of providing

instructions

Metrics

Risk scoring

framework

Enumerations

Convention for

identifying and naming

  • Community developed
  • Transparent
  • Metrics
    • Base
    • Temporal
    • Environmental
slide8

Notional Security Data Model

Situational

Awareness

Continuous

Monitoring

Automated

Compliance

Mgmt

Reporting Layer and Data Interface

Controls

Policy

Bulletins and Advisories

Standard Names & Reference Conventions

Technical Alerts & Signatures

Lessons Learned

Attack

Patterns

Sharable Policy

System Characteristics

Weaknesses

Threats

Vulnerability

Checks

Fixes

Assets

Event Language

Patterns

Business Systems

Infrastructure

slide9

Specifications-Based Security Automation

Situational

Awareness

Continuous

Monitoring

Automated

Compliance

Mgmt

Reporting Layer and Data Interface (TBD, e.g. XBRL, etc)

Bulletins and Advisories

Policy

Controls

CCI

CCSS

CPE

TBD

Technical Bulletins

CCE

CVE

CRE

TBD

CRE

CEE

CERE

CAPEC

XCCDF

System Characteristics

TBD

TBD

Signatures

OVAL

OCIL

OVRL

Assets

EventLanguage

Patterns

Reportable IT Systems

Inventoried, Trusted Connections

partners
Partners
  • US Government
    • National Institute of Standards and Technology (NIST)
    • National Security Agency (NSA)
    • Department of Homeland Security (DHS)
    • Defense Information Systems Agency (DISA)
  • Foreign Government
    • Japan - JVN/IPA - Japan Vulnerability Notes / Information Technology Promotion Agency
    • Spain – INTECO - Instituto Nacional de Tecnologías de la Comunicación
  • Private Sector
    • Apple, Microsoft, Red Hat, Sun Microsystems
    • Security product vendors
national vulnerability database
National Vulnerability Database
  • NVD is the U.S. government repository of public vulnerability management information.
  • Provides standardized reference for software vulnerabilities.
  • Over 39,000 CVE entries with the NVD Analysis Team evaluating over 6,000 vulnerabilities a year
  • Product dictionary containing 18,000 unique product names
  • Used by government, industry and academia
  • Machine-readable data feeds
  • Spanish and Japanese language translation
  • http://nvd.nist.gov
national checklist program
National Checklist Program
  • U.S. Government repository of publicly available security checklists
    • Eases compliance management
    • Checklists cover 178 products
      • SCAP content
    • Checklist contributors include
      • Government organizations
      • Vendors
      • Non-profit organizations
    • Part 39 of the Federal Acquisition Regulation (FAR)
    • http://checklists.nist.gov
content tools

eSCAPe

    • Creation of new and/or customized configuration policies
      • Puts the power of SCAP into the hands of existing staff; reduces cost/barrier of entry
      • Government wide, department level, or agency specific
      • Quickly generate specific assessment criteria for vulnerabilities or presence of malware
      • Pushed out to SCAP enabled products
  • Content Validation
    • Ensures all content published to NCP is formatted correctly

Content Tools

scap validation program
SCAP Validation Program
  • Provides product conformance testing for Security Content Automation Protocol (SCAP)
  • National Voluntary Laboratory Accreditation Program
    • Independent testing laboratories
    • Reports validated by NIST
  • http://scap.nist.gov/validation.cfm (Validation Program)
  • http://scap.nist.gov/scapproducts.cfm (Validated Products)
nist scap product validation program http nvd nist gov scapproducts cfm
NIST SCAP Product Validation Programhttp://nvd.nist.gov/scapproducts.cfm
looking ahead
Looking Ahead
  • Remediation capabilities
    • Rapidly deploy corrective action
      • Shutting down services, locking out accounts, etc…
  • Network Event Management
    • Event Management Automation Protocol (EMAP)
conclusion
Conclusion
  • Security Automation:
    • Improves efficiency
    • Promotes interoperability of data and security tools
    • Enables standardized reporting across multiple views
    • Provides enhanced situational awareness