DISA Global Operations

Slides:



Advertisements
Similar presentations
BENEFITS OF SUCCESSFUL IT MODERNIZATION
Advertisements

The U.S. Coast Guard’s Role in Cybersecurity
South Carolina Cyber.
5/17/ SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)
The Evergreen, Background, Methodology and IT Service Management Model
Delivering an Architecture for the Social Enterprise Alpesh Doshi, Fintricity Information Age Social&Mobile Business Conference Tuesday 31st January 2012.
US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force 1 Lt Gen Bill Lord, SAF/CIO A6 Chief of Warfighting Integration and.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.
Corporate Information Reconnaissance Cell (CIRC).
The Changing World of Endpoint Protection
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
WELCOME CyberSecurity and Global Affairs Workshop Enhancing Situational Awareness Through Cyber Intelligence Henry Horton, CISM Partner, CyberSecurity.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
US CYBER COMMAND The overall classification of this brief is: UNCLASSIFIED 1 Perspectives from the Command to APEX LtGen Robert E. Schmidle USMC Deputy.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Coast Guard Cyber Command
How to Make Cyber Threat Intelligence Actionable
Financial Sector Cybersecurity R&D Priorities The Members of the FSSCC R&D Committee November 2014.
ABOUT COMPANY Janbask is one among the fastest growing IT Services and consulting company. We provide various solutions for strategy, consulting and implement.
Proactive Incident Response
Acting Deputy Assistant Secretary of Defense for Systems Engineering
OIT Security Operations
Collaborative Innovation Communities: Bringing the Best Together
Center of Excellence in Cyber Security
Attention CFOs How to tighten your belt and still survive May 18, 2017.
Real-time protection for web sites and web apps against ATTACKS
Improving Mission Effectiveness By Exploiting the Command’s Implementation Of the DoD Enterprise Services Management Framework - DESMF in the [name the.
Federal Outlook for Security Products and Services
Intelligence Driven Defense, The Next Generation SOC
California Cybersecurity Integration Center (Cal-CSIC)
Leverage What’s Out There
Improving Mission Effectiveness By Exploiting the Command’s Implementation Of the DoD Enterprise Services Management Framework - DESMF in the [name the.
Webinar Optimize Your Business Applications Strategy
Cybersecurity EXERCISE (CE) ATD Scenario intro
E2E Testing in Agile – A Necessary Evil
Cyber defense management
Cyber Threat Intelligence Sharing Standards-based Repository
Closing the Breach Detection Gap
Governance, Risk Management & Compliance (GRC) Market Share, Segmentation, Report 2024
By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union
Making Information Security Manageable with GRC
Wes Rihani, MBA ADP – Global Payroll Product Leader October 23, 2018
Quantifying Quality in DevOps
Securing Cloud-Native Applications Jason Schmitt CEO
THE NEXT GENERATION MSSP
How to Operationalize Big Data Security Analytics
Detecting and Mitigating Threats: The Evolving Threat Landscape in the GCC
Healthcare Cloud Security Stack for Microsoft Azure
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Shifting from “Incident” to “Continuous” Response
Panda Adaptive Defense Platform and Services
Chapter 4: Protecting the Organization
Healthcare Cloud Security Stack for Microsoft Azure
Cyber Security Culture
UW System Information Security
Cybersecurity ATD technical
Enhanced alerting and collaborative incident management
Coordinated Security Response
World-Leading Research with Real-World Impact!
Women in Cyber and Satellites Discuss Realities & Practicalities
DDR&E AC: Aligned to the National Defense Strategy
IT Management Services Infrastructure Services
Plan and design the solution
Presentation transcript:

DISA Global Operations Cyber Defense Program Overview Sandy J. Radesky Deputy, Future Plans and Programs Division/Lead Cyber Strategist DISA Global Operations Command 10 Jan 2017

Me… In a Nutshell

DOD’s Cyber Focus Department of Defense Priority Cyber Missions: Defend DOD Networks, Systems and Information Defend US Homeland and US National Interests against Cyberattacks Provide Cyber Support to Military Operational and Contingency Plans Expand Cyber Mission Forces: 133 Teams by 2018 Snippets from DOD’s Cyber Strategy: Build technical capabilities for Cyber Operations Build the Joint Information Environment (JIE) Single Security Architecture Improve Computer Network Defense Service Provider (CNDSP) References: http://www.defense.gov/News/Special-Reports/0415_Cyber-Strategy http://www.defense.gov/Portals/1/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf

DISA’s Cyber Focus “We will bring the business of defensive cyberspace operations support for the DoD under one roof — Our Roof…”  “DODIN” “…Eliminating Department duplication of effort, capitalizing on the range of commercial cloud solutions, and maintaining the operational cyberspace integrity of the DODIN services we defend, operate, and assure” “Authorized, authenticated user access and freedom of maneuver to cloud, collaboration, and command and control capabilities; without impact from rogue entities, hacktivists, nation states, or insider threats” Deploy & Operationalize Joint Regional Security Stacks Enhance mobility & collaboration efforts Superior delivery of capability to mission partners/warfighter Reference: http://www.disa.mil/~/media/files/disa/about/strategic-plan.pdf

Scope… DISA’s Cyber Defense Environment

C2 How? ... By Integrating Missions & Unity of Effort Positive CM/CC enabling NA and MA How? ... By Integrating Missions & Unity of Effort INTEL Engineering Defense Operations C2 Capability Delivery Problem/Configuration Management (Implement, Configure, Secure, Sustain & Maintain) Provide engineering/trend analysis, modeling, performance, QA, IT&A, change and problem mgt for DODIN Ops Defensive Cyber Ops Real Time Analysts and Countermeasures (Passive and Active Defense, Detect, Analyze, Mitigate, Hunting, Countermeasures) Triage analytics and Incident Response across the DODIN Perimeters DODIN Ops Incident Management (Operate, Maintain, Secure, Mission Assure) Synchronization of NetOps through Incident Management Mission Assurance Network Assurance Integrated / Mission Focused / Threat Specific / Responsive

High Fidelity Analytics Analytics: Going Back to the Basics What Do We Know? Who’s Who ? What’s What ? It’s that bad! Content Development Correlation Enrich Threat Data Intelligence Increase Cyber SA High Fidelity Analytics Countermeasures Cyber Fusion Real Time Analysis Let’s Make Sure…. Now Let’s Manage This!

Analytic Values Accuracy Drives Value Analytics Values Triage Content specific Correlation rules Pipeline, IP Sets, Behaviors Network Profiling HBEs, DDoS Dark Space BotNets / Malware Specific Spearphising /Email Campaigns End-point Behaviors  Mobility Specific Values Intelligence Incident Reports Profiling Metrics Countermeasures Collaboration Products Indicator Trends Knowledge Gained Triage Specific Environments or Missions Discovery Accuracy Drives Value

Understand the Value of Context & Integrate! Data & More Data… What goes where and why? Base it on the threat vectors and networks Base it on workflow and Community of Interest Base it on fidelity Base it on periodicity What else? SIEM Big Data SiLK Understand the Value of Context & Integrate!

Case Study 1: Port Abuse

Case Study 1: Port Abuse Know your network Build continuous checks -> pipeline & correlation Don’t dismiss blocked traffic SSL/TLS traffic (>2.4gb) and HTTP traffic (>38mb) excluded for clarity

Traffic of Interest, before/after Countermeasures Introduced Case Study 2: Blocking Effectiveness Accuracy was achievable… NOT fun Metrics are IMPORTANT… Evolve with strategies as they evolve! Traffic of Interest, before/after Countermeasures Introduced Absolute Change: Considerable Required blocking effectiveness: 99.9% Measured: 98.4%

…So What? Knowing your infrastructure helps to identify the gaps Remove the noise & carve out “discovery” opportunities Outcomes: Significant improvement of policy enforcement; validate what is happening is “by design” or NOT! Leverage indicators as reconnaissance information Create a manageable capability with automation Prove value through real metrics – show your work!

In Closing… And… Thank you! Be agile and listen to the “analysts” Drive integration at all levels – knowing the “context” is a game changer  Big Data + Cyber Collaboration: Ability to work between Industry, Academia and Government

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.