Presto 3.2

Enhanced Cyber Situational Awareness with Continuous Monitoring

www.jackbe.comJohn Crupi, CTORick Smith, Cyber Consultant

About JackBeLeading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses

Small Business Headquartered in DC area with Global Reach

DoD Accredited Software

Broad Access to Contract Vehicles and Procurement Methods for all Federal Customers

Named to Top 10 Enterprise Products in 2010

2Todays Special Guests

John Crupi, Chief Technology Officer

Formerly, CTO of Suns SOA Practice & Sun Distinguished EngineerCo-Author of Core J2EE PatternsRick Smith CISSP, CISMCyber Security SME at Blue CanopyOver 16 years experience in government and private sector. Recognized speaker for ISACA and a Cyber Security SME Focusing on Enhance Situational Awareness, Improving Continuous Monitoring, Cyber Analytics, and Cyber Active Threat Management.

3Todays Agenda Why Cant Secretary of Defense Leon Panetta Sleep at Night?

Todays Federal Cyber Security Best Practices

What are the Concerns with Todays Continuous Monitoring Programs?

The Old Way, the New Way, and the Future of Continuous Monitoring

How Real-Time Operational Intelligence Enables Enhanced Cyber Situational Awareness

Demo Scenario: The Operational View, The Tactical View, The Strategic View of Cyber Situational Awareness 4LOUISVILLE, Ky., March 1, 2012 - What keeps Secretary of Defense Leon Panetta, awake at night, he didn't hesitate: A MAJOR CYBER ATTACK!

We are literally getting HUNDREDS OF THOUSANDS OF ATTACKS EVERYDAY that try to exploit information in various [U.S.] agencies or department. There are plenty of targets beyond government too, he added.

The country needs to defend against that kind of attack, but also DEVELOP THE INTELLIGENCE RESOURCES TO UNDERSTAND WHEN THOSE POSSIBLE ATTACKS ARE COMING, the secretary said.

A Major Cyber Attack!Hundreds of thousands of attacks every day!Develop the intelligence resources to understand when those possible attacks are coming!What Keeps Secretary of Defense Leon Panetta Up At Night? By Jim Garamone, American Forces Press Service

5Federal Cyber Security Best Practices

National Institute of Standards and Technology (NIST) created the Risk Management Framework (RMF) as a risk-based paradigm to help guide their FISMA implementation work. INFORMATION SECURITY CONTINUOUS MONITORINGBruce Levinson, Center for Regulatory Effectiveness Oct, 2011

Information Security Continuous Monitoring Best Practices:

Principle 1: Aggregate Diverse DataPrinciple 2: Analyze Multi-Source DataPrinciple 3: Create Real-Time Data QueriesPrinciple 4: Transform Data Into Actionable IntelligencePrinciple 5: Maintain Real-Time Actionable Awareness

6Information Security Continuous Monitoring

7ISCM Ongoing Awareness RequirementsMaintainSituational Awareness of all systems across the organizationAn understanding of threats and threat activitiesAssessCollect, Correlate & AnalyzeAll security controlsSecurity-related informationRisk by organizational officialsSecurity status across all tiers of an organization

ProvideActively Manage8Domains that Continuous Monitoring Can Support1) Vulnerability Management2) Patch Management3) Event Management4) Incident Management5) Malware Detection6) Asset Management7) Configuration Management8) Network Management9) License Management10) Information Management11) Software Assurance12) Digital Policy Management13) Advanced Persistent9Todays Continuous Monitoring ProgramsPortable Risk Score Manager (PRSM) designed to reduce the number of cyber risks by increasing the compliance with IA policies and network security standards to improve IA posture by adopting the iPost Risk Scoring methodology.

iPost is a custom application designed to continuously monitor and report risk on the IT infrastructure in an effort to identify weaknesses.Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS) designed to enable Federal agencies to implement Continuous Monitoring more rapidly through federal standards that leverage federal buying power to reduce the cost of implementing Continuous Monitoring.

10The Concerns with Todays Current Cyber Programs Workforce Supply And Demand Maintaining good skill-sets and building continuityAttracting experienced cyber security pros for government workEnsuring the security clearance process doesnt become a hurdleSkills DevelopmentProvide on-going skill building programsProvide a collaborative approach to improving skills and data sharingOversight And ComplianceCompliance Automation Reporting meeting zero day attacksCollaboration and data sharingTrusted Supply ChainAcquisition Trusted equipment free of malware and vulnerabilitiesTracking, remediating and reducing vulnerabilities once it is in the network

11The Old Way: Periodic SnapshotsRepetitive12

The New Way Continuous MonitoringVulnerability ManagementAdded Process to VerifyVulnerability Management

Current13The Future: Continuous Monitoring Feeding Risk Score Cards

VulnerabilityAnd Threat ManagementCapabilitiesVulnerabilityAssessmentRisk ManagementCompliance CheckingEnterpriseSecurityEnhance Situational Awareness

14Whats Coming Next?How Real-Time Operational Intelligence Enables Cyber Situational Awareness15Continuous Monitoring for Cyber Awareness(A Real-Time Approach to Continuous Monitoring, SANS Analyst Program)Vulnerability ManagementNetwork ManagementIncident management Vulnerability, configuration and asset managementSystem and network log collection, correlation and reportingAdvanced network monitoringusing real-time network forensicsThreat intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis

Enhanced Situational Awareness Dashboard Data Points News Feeds, TwitterOther disparate data, external data

16Whats the Global Business Impact?

Tie to:Business SystemsGlobal ThreatSecurity RiskProgram ImpactVulnerability ScoreOperation Systems

17

VulnerabilitiesAssets Health, status, security, vulnerability, and mission dependency dataPresto for Cyber Situational Awareness

Real-Time Mashing

18Whats Coming Next?Explaining the Demo Scenario:

The Operational View

The Tactical View

The Strategic View 19Demo Scenario Walk-Thru Operational ViewHardware ViewSoftware ViewPatches appliedAsset ManagementCompliance ManagementResource AllocationActionable Remediation

VulnerabilitiesCategorization of VulnerabilitiesEnhance Situational AwarenessTactical ViewCost for RemediationImpact AnalysisStrategic ViewRemediation recommendationsPOA&M Tracking

20Asset Management

HW & SW CountsPatches Applied

21Compliance Management

Vulnerabilities Foundfrom ScansVulnerabilities that match to Cyber Command listVulnerabilities By Machine TypeTier 3 Vulnerabilities

22Resource Allocation

Data correlation from disparate business unitsSummarization

Portfolio Management23Resource Allocation

Consolidated Impact AnalysisImpact Analysis & cost of impact to remediate

24Actionable Remediation

Leadership is provided with a way forward on remediation approach

25Todays Architecture of Sharing Data

Tier 1Tier 2Tier 3Tier 3

Tier 2Tier 3Tier 3Takes up a lot of resourceFTPEmailFile Sharing26Real Time Data Sharing

Tier 1Tier 2Tier 3Tier 3

Tier 2Tier 3Tier 3

More EfficientShare ViewsNo Re-Homing DataSharing AppsConfederated ProcessRoll up Data27The Benefits of the Cyber Use CaseIntegrating Disparate DataOperational, Tactical and Strategic views are sharedProviding a workflow process that is inclusiveBringing disparate data together for a common causeImproving Collaboration/AnalyticsFull disclosure of data points for discussions at any timeImprove the cyber security posture for an organizationCreate trackable, accountable, and actionable processEnhance Situational AwarenessEnable Verification and Validation Provide data that is beyond traditional alerting mechanisms

28How JackBe Can Help You?

Read About JackBe Presto Solutions in Government Today To get additional information about how we can help your agency achieve Enhanced Situational Awareness, contact us at http://www.jackbe.com/about/contact_form.php.

http://www.jackbe.com/solutions/federal.php 29Enhanced Cyber Situational Awareness with Continuous Monitoring

www.jackbe.comJohn Crupi, CTORick Smith, Cyber Consultant