‘enhanced cyber situational awareness with continuous monitoring’
DESCRIPTION
‘Enhanced Cyber Situational Awareness with Continuous Monitoring’. www.jackbe.com. John Crupi, CTO Rick Smith, Cyber Consultant . About JackBe. Leading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses - PowerPoint PPT PresentationTRANSCRIPT
Presto 3.2
Enhanced Cyber Situational Awareness with Continuous Monitoring
www.jackbe.comJohn Crupi, CTORick Smith, Cyber Consultant
About JackBeLeading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses
Small Business Headquartered in DC area with Global Reach
DoD Accredited Software
Broad Access to Contract Vehicles and Procurement Methods for all Federal Customers
Named to Top 10 Enterprise Products in 2010
2Todays Special Guests
John Crupi, Chief Technology Officer
Formerly, CTO of Suns SOA Practice & Sun Distinguished EngineerCo-Author of Core J2EE PatternsRick Smith CISSP, CISMCyber Security SME at Blue CanopyOver 16 years experience in government and private sector. Recognized speaker for ISACA and a Cyber Security SME Focusing on Enhance Situational Awareness, Improving Continuous Monitoring, Cyber Analytics, and Cyber Active Threat Management.
3Todays Agenda Why Cant Secretary of Defense Leon Panetta Sleep at Night?
Todays Federal Cyber Security Best Practices
What are the Concerns with Todays Continuous Monitoring Programs?
The Old Way, the New Way, and the Future of Continuous Monitoring
How Real-Time Operational Intelligence Enables Enhanced Cyber Situational Awareness
Demo Scenario: The Operational View, The Tactical View, The Strategic View of Cyber Situational Awareness 4LOUISVILLE, Ky., March 1, 2012 - What keeps Secretary of Defense Leon Panetta, awake at night, he didn't hesitate: A MAJOR CYBER ATTACK!
We are literally getting HUNDREDS OF THOUSANDS OF ATTACKS EVERYDAY that try to exploit information in various [U.S.] agencies or department. There are plenty of targets beyond government too, he added.
The country needs to defend against that kind of attack, but also DEVELOP THE INTELLIGENCE RESOURCES TO UNDERSTAND WHEN THOSE POSSIBLE ATTACKS ARE COMING, the secretary said.
A Major Cyber Attack!Hundreds of thousands of attacks every day!Develop the intelligence resources to understand when those possible attacks are coming!What Keeps Secretary of Defense Leon Panetta Up At Night? By Jim Garamone, American Forces Press Service
5Federal Cyber Security Best Practices
National Institute of Standards and Technology (NIST) created the Risk Management Framework (RMF) as a risk-based paradigm to help guide their FISMA implementation work. INFORMATION SECURITY CONTINUOUS MONITORINGBruce Levinson, Center for Regulatory Effectiveness Oct, 2011
Information Security Continuous Monitoring Best Practices:
Principle 1: Aggregate Diverse DataPrinciple 2: Analyze Multi-Source DataPrinciple 3: Create Real-Time Data QueriesPrinciple 4: Transform Data Into Actionable IntelligencePrinciple 5: Maintain Real-Time Actionable Awareness
6Information Security Continuous Monitoring
7ISCM Ongoing Awareness RequirementsMaintainSituational Awareness of all systems across the organizationAn understanding of threats and threat activitiesAssessCollect, Correlate & AnalyzeAll security controlsSecurity-related informationRisk by organizational officialsSecurity status across all tiers of an organization
ProvideActively Manage8Domains that Continuous Monitoring Can Support1) Vulnerability Management2) Patch Management3) Event Management4) Incident Management5) Malware Detection6) Asset Management7) Configuration Management8) Network Management9) License Management10) Information Management11) Software Assurance12) Digital Policy Management13) Advanced Persistent9Todays Continuous Monitoring ProgramsPortable Risk Score Manager (PRSM) designed to reduce the number of cyber risks by increasing the compliance with IA policies and network security standards to improve IA posture by adopting the iPost Risk Scoring methodology.
iPost is a custom application designed to continuously monitor and report risk on the IT infrastructure in an effort to identify weaknesses.Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS) designed to enable Federal agencies to implement Continuous Monitoring more rapidly through federal standards that leverage federal buying power to reduce the cost of implementing Continuous Monitoring.
10The Concerns with Todays Current Cyber Programs Workforce Supply And Demand Maintaining good skill-sets and building continuityAttracting experienced cyber security pros for government workEnsuring the security clearance process doesnt become a hurdleSkills DevelopmentProvide on-going skill building programsProvide a collaborative approach to improving skills and data sharingOversight And ComplianceCompliance Automation Reporting meeting zero day attacksCollaboration and data sharingTrusted Supply ChainAcquisition Trusted equipment free of malware and vulnerabilitiesTracking, remediating and reducing vulnerabilities once it is in the network
11The Old Way: Periodic SnapshotsRepetitive12
The New Way Continuous MonitoringVulnerability ManagementAdded Process to VerifyVulnerability Management
Current13The Future: Continuous Monitoring Feeding Risk Score Cards
VulnerabilityAnd Threat ManagementCapabilitiesVulnerabilityAssessmentRisk ManagementCompliance CheckingEnterpriseSecurityEnhance Situational Awareness
14Whats Coming Next?How Real-Time Operational Intelligence Enables Cyber Situational Awareness15Continuous Monitoring for Cyber Awareness(A Real-Time Approach to Continuous Monitoring, SANS Analyst Program)Vulnerability ManagementNetwork ManagementIncident management Vulnerability, configuration and asset managementSystem and network log collection, correlation and reportingAdvanced network monitoringusing real-time network forensicsThreat intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis
Enhanced Situational Awareness Dashboard Data Points News Feeds, TwitterOther disparate data, external data
16Whats the Global Business Impact?
Tie to:Business SystemsGlobal ThreatSecurity RiskProgram ImpactVulnerability ScoreOperation Systems
17
VulnerabilitiesAssets Health, status, security, vulnerability, and mission dependency dataPresto for Cyber Situational Awareness
Real-Time Mashing
18Whats Coming Next?Explaining the Demo Scenario:
The Operational View
The Tactical View
The Strategic View 19Demo Scenario Walk-Thru Operational ViewHardware ViewSoftware ViewPatches appliedAsset ManagementCompliance ManagementResource AllocationActionable Remediation
VulnerabilitiesCategorization of VulnerabilitiesEnhance Situational AwarenessTactical ViewCost for RemediationImpact AnalysisStrategic ViewRemediation recommendationsPOA&M Tracking
20Asset Management
HW & SW CountsPatches Applied
21Compliance Management
Vulnerabilities Foundfrom ScansVulnerabilities that match to Cyber Command listVulnerabilities By Machine TypeTier 3 Vulnerabilities
22Resource Allocation
Data correlation from disparate business unitsSummarization
Portfolio Management23Resource Allocation
Consolidated Impact AnalysisImpact Analysis & cost of impact to remediate
24Actionable Remediation
Leadership is provided with a way forward on remediation approach
25Todays Architecture of Sharing Data
Tier 1Tier 2Tier 3Tier 3
Tier 2Tier 3Tier 3Takes up a lot of resourceFTPEmailFile Sharing26Real Time Data Sharing
Tier 1Tier 2Tier 3Tier 3
Tier 2Tier 3Tier 3
More EfficientShare ViewsNo Re-Homing DataSharing AppsConfederated ProcessRoll up Data27The Benefits of the Cyber Use CaseIntegrating Disparate DataOperational, Tactical and Strategic views are sharedProviding a workflow process that is inclusiveBringing disparate data together for a common causeImproving Collaboration/AnalyticsFull disclosure of data points for discussions at any timeImprove the cyber security posture for an organizationCreate trackable, accountable, and actionable processEnhance Situational AwarenessEnable Verification and Validation Provide data that is beyond traditional alerting mechanisms
28How JackBe Can Help You?
Read About JackBe Presto Solutions in Government Today To get additional information about how we can help your agency achieve Enhanced Situational Awareness, contact us at http://www.jackbe.com/about/contact_form.php.
http://www.jackbe.com/solutions/federal.php 29Enhanced Cyber Situational Awareness with Continuous Monitoring
www.jackbe.comJohn Crupi, CTORick Smith, Cyber Consultant