cmaas technology stack overview - usalearning · continuous monitoring as a service (cmaas)...
TRANSCRIPT
![Page 1: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/1.jpg)
Continuous Monitoring as a Service (CMaaS)Technology Stack Overview
This lesson describes the CMaaS technology stacks that will be deployed in CDM Phase 1.
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
![Page 2: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/2.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
. ePOS t a c k
RetinaS t a c k
CounterACTS t a c k
SplunkS t a c k
IaaSDHS Data Center
ComponentNetworks . .
Endpoints .
![Page 3: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/3.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
Data is collected by McAfee ePolicyOrchestrator (ePO), BeyondTrust Retina, andForeScout CounterACT.
Data collected throughout the environmentwill be indexed by Splunk, which willnormalize the data and prepare it forconsumption by the CDM D/A dashboard.
![Page 4: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/4.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
The CMaaS ePO stack is comprised oftools in IaaS, Component networks,and endpoints.
![Page 5: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/5.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
Each Component ManagementEnclave McAfee ePO server managesall of ePO’s various extensionsincluding Policy Auditor andApplication Control.
Additionally, Policy Auditor andApplication Control plugins will beinstalled as part of the McAfee Agentdeployment.
![Page 6: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/6.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
This technology stack allowsComponents to host their existing ePOextensions within the new CMaaS ePOinfrastructure, maximizing value frominvestments that are already widelydeployed across the DHS today.
![Page 7: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/7.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
Agent Handlers help balance trafficcoming into the IaaS Componentenclaves, reducing the network loadto the primary servers.
![Page 8: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/8.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
Additionally, updates may be sent outthrough Agent Handlers configured asePO repositories. This approachminimizes network impact byleveraging Agent Handlers to distributeupdates, rather than directly from theIaaS servers.
![Page 9: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/9.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
The Retina stack is comprised of the Beyond Insight Management Console in IaaS, hardware sensors in Component networks, as well as software sensors on individual endpoints.
Beyond Insight manages RetinaNetwork Security Scanners and theirscan configurations.
![Page 10: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/10.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
To maximize scan volume while minimizing bandwidth requirements, Retina Network Security Scanners may be deployed in various locations throughout component networks.
![Page 11: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/11.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
The Retina Protection Agent (or RPA) isa software-based version of the RetinaNetwork Security Scanner.
A key advantage of the Retina stack isthat network-based hardware sensorshave an option to NOT scan deviceswith RPA installed, further minimizingnetwork bandwidth impacts.
![Page 12: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/12.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
The CounterACT stack is comprised of ForeScout Enterprise Manager in IaaS, hardware sensors in Component networks, as well as CounterACT Secure Connector on endpoints.
The Enterprise Manager is the soleconfiguration and managementportal for all CounterACT devices.
![Page 13: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/13.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
To maximize visibility of the network, CounterACT may be deployed in various locations throughout component networks.
![Page 14: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/14.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
SecureConnector continually checkshost properties, and sends updatesonly when it detects a change. Thisevent-driven reporting eliminateslatency in detecting changes on theendpoint, and minimizes bandwidthutilization.
![Page 15: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/15.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
Finally, the Splunk stack consists of toolslocated exclusively within IaaS, ormore specifically the EnterpriseManagement Enclave andComponent Management Enclaves.
![Page 16: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/16.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
The Splunk deployment within eachComponent enclave includes one ormore indexers and one or morededicated search heads, based onvolume requirements.
Component enclave Splunk indexersaggregate data from theComponent’s ePO, BeyondInsight, andCounterACT tools.
![Page 17: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/17.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
One or more Splunk Search Heads inthe Enterprise enclave query SplunkIndexers from all Components. TheseSearch Heads are the peering pointsfor the Department-level CDMDashboard Solution.
![Page 18: CMaaS Technology Stack Overview - USALearning · Continuous Monitoring as a Service (CMaaS) Technology Stack Overview This lesson describes the CMaaS technology stacks that will be](https://reader034.vdocument.in/reader034/viewer/2022051800/5ad4e18b7f8b9aff228c69f9/html5/thumbnails/18.jpg)
UNCLASSIFIED / FOR OFFICIAL USE ONLY
CMaaS Technology Stack Overview
One of the search heads alsofunctions as a Splunk DeploymentServer that manages configuration ofall Splunk indexers and search headsfrom each Component.