‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ John Crupi, CTO Rick Smith, Cyber Consultant
About JackBe Leading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses Small Business Headquartered in DC area with Global Reach DoD Accredited Software Broad Access to Contract Vehicles and Procurement Methods for all Federal Customers Named to ‘Top 10 Enterprise Products’ in 2010
Today’s Special Guests John Crupi, Chief Technology Officer Formerly, CTO of Sun’s SOA Practice & Sun Distinguished Engineer Co-Author of Core J2EE Patterns Rick Smith CISSP, CISM Cyber Security SME at Blue Canopy Over 16 years experience in government and private sector. Recognized speaker for ISACA and a Cyber Security SME Focusing on Enhance Situational Awareness, Improving Continuous Monitoring, Cyber Analytics, and Cyber Active Threat Management.
Today’s Agenda Why Can’t Secretary of Defense Leon Panetta Sleep at Night? Today’s Federal Cyber Security Best Practices What are the Concerns with Today’s Continuous Monitoring Programs? The Old Way, the New Way, and the Future of Continuous Monitoring How Real-Time Operational Intelligence Enables Enhanced Cyber Situational Awareness Demo Scenario: The Operational View, The Tactical View, The Strategic View of Cyber Situational Awareness
LOUISVILLE, Ky., March 1, What keeps Secretary of Defense Leon Panetta, awake at night, he didn't hesitate: “A MAJOR CYBER ATTACK!” “We are literally getting HUNDREDS OF THOUSANDS OF ATTACKS EVERYDAY that try to exploit information in various [U.S.] agencies or department. There are plenty of targets beyond government too,” he added. “The country needs to defend against that kind of attack, but also DEVELOP THE INTELLIGENCE RESOURCES TO UNDERSTAND WHEN THOSE POSSIBLE ATTACKS ARE COMING,” the secretary said. A Major Cyber Attack! Hundreds of thousands of attacks every day! Develop the intelligence resources to understand when those possible attacks are coming! What Keeps Secretary of Defense Leon Panetta Up At Night? By Jim Garamone, American Forces Press Service
Federal Cyber Security Best Practices National Institute of Standards and Technology (NIST) created the Risk Management Framework (RMF) as a risk-based paradigm to help guide their FISMA implementation work. INFORMATION SECURITY CONTINUOUS MONITORING Bruce Levinson, Center for Regulatory Effectiveness Oct, 2011 Information Security Continuous Monitoring Best Practices: Principle 1: Aggregate Diverse Data Principle 2: Analyze Multi-Source Data Principle 3: Create Real-Time Data Queries Principle 4: Transform Data Into Actionable Intelligence Principle 5: Maintain Real-Time Actionable Awareness
Information Security Continuous Monitoring
ISCM Ongoing Awareness Requirements Maintain Situational Awareness of all systems across the organization An understanding of threats and threat activities Assess Collect, Correlate & Analyze All security controls Security-related information Risk by organizational officials Security status across all tiers of an organization Provide Actively Manage
Domains that Continuous Monitoring Can Support 1) Vulnerability Management 2) Patch Management 3) Event Management 4) Incident Management 5) Malware Detection 6) Asset Management 7) Configuration Management 8) Network Management 9) License Management 10) Information Management 11) Software Assurance 12) Digital Policy Management 13) Advanced Persistent
Today’s ‘Continuous Monitoring’ Programs Portable Risk Score Manager (PRSM) designed to reduce the number of cyber risks by increasing the compliance with IA policies and network security standards to improve IA posture by adopting the iPost Risk Scoring methodology. iPost is a custom application designed to continuously monitor and report risk on the IT infrastructure in an effort to identify weaknesses. Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS) designed to enable Federal agencies to implement Continuous Monitoring more rapidly through federal standards that leverage federal buying power to reduce the cost of implementing Continuous Monitoring.
The ‘Concerns’ with Today’s Current Cyber Programs Workforce Supply And Demand Maintaining good skill-sets and building continuity Attracting experienced cyber security pros for government work Ensuring the security clearance process doesn’t become a hurdle Skills Development Provide on-going skill building programs Provide a collaborative approach to improving skills and data sharing Oversight And Compliance Compliance Automation Reporting meeting zero day attacks Collaboration and data sharing Trusted Supply Chain Acquisition Trusted equipment free of malware and vulnerabilities Tracking, remediating and reducing vulnerabilities once it is in the network
The Old Way: ‘Periodic Snapshots’ Fix Verify ScanFix Verify ScanFix Verify Scan Repetitive
The New Way – Continuous Monitoring Vulnerability Management Vulnerability Management Added Process to Verify Vulnerability Management Vulnerability Management
The Future: Continuous Monitoring Feeding Risk Score Cards Vulnerability And Threat Management Capabilities Vulnerability And Threat Management Capabilities Vulnerability Assessment Vulnerability Assessment Risk Management Risk Management Compliance Checking Enterprise Security Enterprise Security Enhance Situational Awareness
What’s Coming Next?
Continuous Monitoring for Cyber Awareness (A Real-Time Approach to Continuous Monitoring, SANS Analyst Program) Vulnerability Management Network Management Incident management Vulnerability, configuration and asset management System and network log collection, correlation and reporting Advanced network monitoring using real-time network forensics Threat intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis Enhanced Situational Awareness Dashboard Data Points News Feeds, Twitter Other disparate data, external data
What’s the Global Business Impact? Tie to: Business Systems Global Threat Security Risk Program Impact Vulnerability Score Operation Systems
Vulnerabilities Assets Health, status, security, vulnerability, and mission dependency data Presto for Cyber Situational Awareness Real-Time Mashing
What’s Coming Next?
Demo Scenario Walk-Thru Operational View Hardware View Software View Patches applied Asset Management Compliance Management Resource Allocation Actionable Remediation Vulnerabilities Categorization of Vulnerabilities Enhance Situational Awareness Tactical View Cost for Remediation Impact Analysis Strategic View Remediation recommendations POA&M Tracking
Asset Management HW & SW Counts Patches Applied
Compliance Management Vulnerabilities Found from Scans Vulnerabilities that match to Cyber Command list Vulnerabilities By Machine Type Tier 3 Vulnerabilities
Resource Allocation Data correlation from disparate business units Summarization Portfolio Management
Resource Allocation Consolidated Impact Analysis Impact Analysis & cost of impact to remediate
Actionable Remediation Leadership is provided with a way forward on remediation approach
Today’s Architecture of Sharing Data Tier 1 Tier 2 Tier 3 Tier 2 Tier 3 Takes up a lot of resource FTP File Sharing
Real Time Data Sharing Tier 1 Tier 2 Tier 3 Tier 2 Tier 3 More Efficient Share Views No Re-Homing Data Sharing Apps Confederated Process Roll up Data
The Benefits of the Cyber Use Case Integrating Disparate Data Operational, Tactical and Strategic views are shared Providing a workflow process that is inclusive Bringing disparate data together for a common cause Improving Collaboration/Analytics Full disclosure of data points for discussions at any time Improve the cyber security posture for an organization Create trackable, accountable, and actionable process Enhance Situational Awareness Enable Verification and Validation Provide data that is beyond traditional alerting mechanisms
How JackBe Can Help You? Read About JackBe Presto Solutions in Government Today To get additional information about how we can help your agency achieve Enhanced Situational Awareness, contact us at To get additional information about how we can help your agency achieve Enhanced Situational Awareness, contact us at
‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ John Crupi, CTO Rick Smith, Cyber Consultant