operationalizing dynamic defensemo cashman director, security architecture global defense and...

Mo CashmanDirector, Security ArchitectureGlobal Defense and Central Governments

OPERATIONALIZINGDYNAMIC DEFENSE

Dynamic Defense is Operationalized Security

Cyber WarfareCyber Terrorism

Cyber Espionage

Cyber Crime

MATURITY

TH

RE

AT

EE

CC

DD

AABB

CAPABILITY

COST

• Intelligence• Readiness• Defense• Response

What builds dynamic defense capability?

• Consolidation• Integration• Automation

What drives down cost?

Why Operationalize?

Pre-Intrusion

� Intelligence – know the threat

� Readiness – preparation & status

� Defense – technology & training

Post-Intrusion� Intelligence – learn from threat

� Response – detect and react

Why Operationalize?

PREPAREPREPARE

RECOVERY COST

GetWorried

ATTACKER STAGES

INFECTINFECT

INTERACTINTERACT

Unauthorized Access

Loss of Trust

EXPLOITEXPLOIT Mission Compromise

ATTACKIMPACT

Minimal to None

Cleanup

Cleanup and Forensics

Rebuild Reputation

Most are from the outside

Getting started with Intelligence

Majority is low - moderate*

Exploit Time = minutesReaction Time = days to years

THREATACTORS

SOPHISTICATION

TIMELINES

VECTORS > 90% use the web

Operationalize Dynamic Defense

Where are the Fingerprints?

�System Changes

�Web Vector – In, Out & SSL

�Monitor databases

Defend the Right Vectors


Why?

� Defense is Multi-Technology

� Cost saver & Force Multiplier

� Add business capability easier

Endpoint Framework

Anti-MalwareIntrusion

Prevention

EventReporting Intelligence

Config Status Device Control

Base Capability

NAC Encryption

Incident Response

ApplicationControl

Custom Database Security

• Endpoint framework reduces per desktop cost

• Faster operationalization reduces backend contract and training cost

• Focusing on attack vectors increases detection capability

Consolidation

Endpoint Framework

Attack Vectors

Data Repositories

Security Operations

� Reduces Real Cost

� Avoids Future Cost

� Improves Quality

Dynamic Defense Capability


Information is Power!

� Asset & Event Awareness

� Exposure Level

� Threat Intelligence

Readiness Assessment

Automation

Status &Event

Collection

ReadinessAssessment

EmbedIntelligence

IncidentResponse

� Reduce Real Cost

� Avoid Future Cost

� Improve Quality

• Automated status collection reduces manpower needs

• Enterprise incident response capability reduces recovery costs

• Embedded intelligence in sensors improves detection ability



Critical Components!� Indicators of Compromise

� Enterprise data collection

� Rapid file analysis

Building a Response Capability


So What’s Needed?

� Automated assetstatus

� Enterprise data collection

� Decisions based on intelligence

Intelligence in Context

Integration

Intelligencein Context

ResponseCapability

DefensiveArchitecture

DataStrategy

� Reduce Real Cost

� Avoid Future Cost

� Improve Quality

• Data strategy eliminates duplicate investments and reduces travel cost

• Intelligence in context speeds decision and reduces recovery costs

• Data strategy reduces travel and increases scope for readiness assessments


Dynamic Defense

•Speed of Reaction

•Speed of Decision

THANK YOU !

Mo [email protected]

OPERATIONALIZINGDYNAMICDEFENSE

operationalizing dynamic defensemo cashman director, security architecture global defense and...

Documents