because security gives us freedom - chapters site · nist security controls (nist special...

www.onShore.com PANOPTIC CYBERDEFENSE™

Because Security Gives Us Freedom


PANOPTIC CYBERDEFENSE

CYBERSECURITYLEADERSHIP

Panoptic Cyberdefense is a monitoring and detection service in three levels:● Security Management and Reporting● Managed Detection and Response● Security Orchestration

Cybersecurity Leadership is a professional service, custom-tailored to the needs andgoals of your organization, designed to augment the leadership necessary to build amature cybersecurity operation, from the ground up. The service assists your organization with Assessment, Governance and Compliance, Security Readiness, and CISO Services.

Managed Security Systems for the enterprise, inclusing our own SIEM and NIDS platforms.


SECURITY IS A PROCESS NOT

A PRODUCT


CONFUSIONCONFUSION


SHELFWARE

MOST LIKELY

SIEMIDS

MAIN REASONS

LACK OF STAFFLACK OF CLARITYCOMPLIANCE ONLY

Source: 451 Research


LACKINGCLARITY

POINT OF ACTIVITY

SCOPE


SOLUTIONFRAGMENTATION


INCONSISTENTTERMS


UNCLEARSCOPE


SCOPEFRAGMENTATION


SOLUTIONFRAGMENTATION


POINTGAPS


SCOPEGAPS


LACKINGINTEGRATION


SCOPEGAPS


UNCLEARCLAIMS


PARTIAL ORCOMPLETE?


NEEDCOMPLIANCE

INFO


LITTLESTANDARDIZATION

OF TERMS

MAGNIFICENT 7

ENCRYPTIONSIEMVULNERABILITY MANAGEMENTIDS/IPSAVFIREWALLS/NGFWSMONITORING (GENERAL)

Source: 451 Research


NO AUTHORITYINDUSTRY DOESN’T HAVEINCENTIVE

STANDARDS DON’T HAVEAUTHORITY


USE A MODEL

NIST Special Publication 800-53 (Rev. 4)Security Controls and AssessmentProcedures for Federal Information Systems and Organizations

NOT

NIST Framework for ImprovingCritical Infrastructure Cybersecurity


THE SOLUTION:MAPPING

PRODUCT

PROCESS

SERVICE

AC-1 ACCESS CONTROL POLICY- PROCEDURESAC-2 ACCOUNT MANAGEMENTAC-3 ACCESS ENFORCEMENTAC-4 INFORMATION FLOW ENFORCEMENTAC-5 SEPARATION OF DUTIESAC-6 LEAST PRIVILEGEAC-7 UNSUCCESSFUL LOGON ATTEMPTSAC-8 SYSTEM USE NOTIFICATIONAC-9 PREVIOUS LOGON NOTIFICATIONAC-10 CONCURRENT SESSION CONTROLAC-11 SESSION LOCKAC-12 SESSION TERMINATIONAC-13 SUPERVISION AND REVIEW - ACCESSAC-14 PERMITTED ACTIONS WITHOUT IDAC-15 AUTOMATED MARKINGAC-16 SECURITY ATTRIBUTESAC-17 REMOTE ACCESSAC-18 WIRELESS ACCESSAC-19 ACCESS CONTROL FOR MOBILE DEVICESAC-20 USE OF EXTERNAL INFORMATION SYSTEMAC-21 INFORMATION SHARINGAC-22 PUBLICLY ACCESSIBLE CONTENTAC-23 DATA MINING PROTECTIONAC-24 ACCESS CONTROL DECISIONSAC-25 REFERENCE MONITOR


A TINY BITABOUT

NIST

NIST Security Controls(NIST Special Publication 800-53 (Rev. 4))

Control FamiliesAC - Access ControlAU - Audit and AccountabilityAT - Awareness and TrainingCM - Confguration ManagementCP - Contingency PlanningIA - Identifcation and AuthenticationIR - Incident ResponseMA - MaintenanceMP - Media ProtectionPS - Personnel SecurityPE - Physical and Environmental ProtectionPL - PlanningPM - Program ManagementRA - Risk AssessmentCA - Security Assessment and AuthorizationSC - System and Communications ProtectionSI - System and Information IntegritySA - System and Services Acquisition


NIST ISCOMPREHENSIVE

SC-5 DENIAL OF SERVICE PROTECTION

Control DescriptionThe information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].

Control EnhancementsSC-5(1) DENIAL OF SERVICE PROTECTION | RESTRICT INTERNAL USERSThe information system restricts the ability of individuals to launch [Assignment: organization-defined denial of service attacks] against other information systems.SC-5(2) DENIAL OF SERVICE PROTECTION | EXCESS CAPACITY / BANDWIDTH / REDUNDANCYThe information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding denial of service attacks.SC-5(3) DENIAL OF SERVICE PROTECTION | DETECTION / MONITORINGThe organization:SC-5 (3)(a) Employs [Assignment: organization-defined monitoring tools] to detect indicators of denial of service attacks against the information system; andSC-5 (3)(b) Monitors [Assignment: organization-defined information system resources] to determine if sufficient resources exist to prevent effective denial of service attacks.


AC-5 SEPARATION OF DUTIES

Control DescriptionThe organization:a. Separates [Assignment: organization-defined duties of individuals];

b. Documents separation of duties of individuals; and

c. Defines information system access authorizations to support separation of duties.

MANY AREPURELY POLICY


Access ControlAC-4 INFORMATION FLOW ENFORCEMENTAC-5 SEPARATION OF DUTIESAC-20 USE OF EXTERNAL INFORMATION SYSTEMSAC-21 INFORMATION SHARING

Incident ResponseIR-4 INCIDENT HANDLINGIR-5 INCIDENT MONITORINGIR-6 INCIDENT REPORTINGIR-7 INCIDENT RESPONSE ASSISTANCEIR-9 INFORMATION SPILLAGE RESPONSEIR-10 INTEGRATED INFORMATION SECURITY

ANALYSIS TEAM

ONSHOREMDR


Access ControlAC-3 ACCESS ENFORCEMENTAC-5 SEPARATION OF DUTIESAC-7 UNSUCCESSFUL LOGON ATTEMPTSAC-8 SYSTEM USE NOTIFICATIONAC-9 PREVIOUS LOGON (ACCESS) NOTIFICATIONAC-10 CONCURRENT SESSION CONTROLAC-11 SESSION LOCKAC-12 SESSION TERMINATIONAC-13 SUPERVISION AND REVIEW - ACCESS CONTROLAC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION

OR AUTHENTICATIONAC-20 USE OF EXTERNAL INFORMATION SYSTEMSAC-21 INFORMATION SHARINGAC-24 ACCESS CONTROL DECISIONSAC-25 REFERENCE MONITOR

Incident ResponseIR-4 INCIDENT HANDLINGIR-5 INCIDENT MONITORINGIR-6 INCIDENT REPORTINGIR-7 INCIDENT RESPONSE ASSISTANCEIR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM

ONSHORESIEM


QUALIFIERS

SUPPORTS

COMPLETE

PARTIAL


CONSIDERATIONS

IN-SOURCEVS. OUT-SOURCE

POINT OF ACTIVITY


REVIEW

● It can be difficult to understand cybersecurity offerings and gaps that may remain because of the lack of a way to compare functions against a complete stack model and because of the lack of standardized terminology.

● NIST can be used as a model of completeness and mapping solutions to NIST controls both provides clarity and identifcation of gaps.

● Using the model involves determining which NIST controls the solution satisfes and to what degree. This can be done by simply posing the question to the vendor.

● Additional factors to consider involve in-sourcing versus out-sourcing in the context of risk.

● Point of activity should also be determined to understand gaps in scope not refected in the NIST controls.

●


CREDITS

Jim BurnhamSix Nines IT

Steve KentonShore’s CTO

Chris JohnsononShore’s Security Compliance Strategist


QUESTIONS

Stel ValavanisCEOonShore [email protected]@onShore.com

mailto:[email protected]