Presentation is loading. Please wait.

Presentation is loading. Please wait.

‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ www.jackbe.com John Crupi, CTO Rick Smith, Cyber Consultant.

Published byBrook Bruce Modified over 8 years ago

Similar presentations

Presentation on theme: "‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ www.jackbe.com John Crupi, CTO Rick Smith, Cyber Consultant."— Presentation transcript:

1 ‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ www.jackbe.com John Crupi, CTO Rick Smith, Cyber Consultant

2 About JackBe Leading Solution Provider of Real-Time Operational Intelligence for Government Agencies & Enterprise Businesses Small Business Headquartered in DC area with Global Reach DoD Accredited Software Broad Access to Contract Vehicles and Procurement Methods for all Federal Customers Named to ‘Top 10 Enterprise Products’ in 2010

3 Today’s Special Guests John Crupi, Chief Technology Officer Formerly, CTO of Sun’s SOA Practice & Sun Distinguished Engineer Co-Author of Core J2EE Patterns Rick Smith CISSP, CISM Cyber Security SME at Blue Canopy Over 16 years experience in government and private sector. Recognized speaker for ISACA and a Cyber Security SME Focusing on Enhance Situational Awareness, Improving Continuous Monitoring, Cyber Analytics, and Cyber Active Threat Management.

4 Today’s Agenda Why Can’t Secretary of Defense Leon Panetta Sleep at Night? Today’s Federal Cyber Security Best Practices What are the Concerns with Today’s Continuous Monitoring Programs? The Old Way, the New Way, and the Future of Continuous Monitoring How Real-Time Operational Intelligence Enables Enhanced Cyber Situational Awareness Demo Scenario: The Operational View, The Tactical View, The Strategic View of Cyber Situational Awareness

5 LOUISVILLE, Ky., March 1, 2012 - What keeps Secretary of Defense Leon Panetta, awake at night, he didn't hesitate: “A MAJOR CYBER ATTACK!” “We are literally getting HUNDREDS OF THOUSANDS OF ATTACKS EVERYDAY that try to exploit information in various [U.S.] agencies or department. There are plenty of targets beyond government too,” he added. “The country needs to defend against that kind of attack, but also DEVELOP THE INTELLIGENCE RESOURCES TO UNDERSTAND WHEN THOSE POSSIBLE ATTACKS ARE COMING,” the secretary said. A Major Cyber Attack! Hundreds of thousands of attacks every day! Develop the intelligence resources to understand when those possible attacks are coming! What Keeps Secretary of Defense Leon Panetta Up At Night? By Jim Garamone, American Forces Press Service

6 Federal Cyber Security Best Practices National Institute of Standards and Technology (NIST) created the Risk Management Framework (RMF) as a risk-based paradigm to help guide their FISMA implementation work. INFORMATION SECURITY CONTINUOUS MONITORING Bruce Levinson, Center for Regulatory Effectiveness Oct, 2011 Information Security Continuous Monitoring Best Practices: Principle 1: Aggregate Diverse Data Principle 2: Analyze Multi-Source Data Principle 3: Create Real-Time Data Queries Principle 4: Transform Data Into Actionable Intelligence Principle 5: Maintain Real-Time Actionable Awareness

7 Information Security Continuous Monitoring

8 ISCM Ongoing Awareness Requirements Maintain Situational Awareness of all systems across the organization An understanding of threats and threat activities Assess Collect, Correlate & Analyze All security controls Security-related information Risk by organizational officials Security status across all tiers of an organization Provide Actively Manage

9 Domains that Continuous Monitoring Can Support 1) Vulnerability Management 2) Patch Management 3) Event Management 4) Incident Management 5) Malware Detection 6) Asset Management 7) Configuration Management 8) Network Management 9) License Management 10) Information Management 11) Software Assurance 12) Digital Policy Management 13) Advanced Persistent

10 Today’s ‘Continuous Monitoring’ Programs Portable Risk Score Manager (PRSM) designed to reduce the number of cyber risks by increasing the compliance with IA policies and network security standards to improve IA posture by adopting the iPost Risk Scoring methodology. iPost is a custom application designed to continuously monitor and report risk on the IT infrastructure in an effort to identify weaknesses. Continuous Asset Evaluation, Situational Awareness, and Risk Scoring Reference Architecture Report (CAESARS) designed to enable Federal agencies to implement Continuous Monitoring more rapidly through federal standards that leverage federal buying power to reduce the cost of implementing Continuous Monitoring.

11 The ‘Concerns’ with Today’s Current Cyber Programs Workforce Supply And Demand Maintaining good skill-sets and building continuity Attracting experienced cyber security pros for government work Ensuring the security clearance process doesn’t become a hurdle Skills Development Provide on-going skill building programs Provide a collaborative approach to improving skills and data sharing Oversight And Compliance Compliance Automation Reporting meeting zero day attacks Collaboration and data sharing Trusted Supply Chain Acquisition Trusted equipment free of malware and vulnerabilities Tracking, remediating and reducing vulnerabilities once it is in the network

12 The Old Way: ‘Periodic Snapshots’ Fix Verify ScanFix Verify ScanFix Verify Scan Repetitive

13 The New Way – Continuous Monitoring Vulnerability Management Vulnerability Management Added Process to Verify Vulnerability Management Vulnerability Management

14 The Future: Continuous Monitoring Feeding Risk Score Cards Vulnerability And Threat Management Capabilities Vulnerability And Threat Management Capabilities Vulnerability Assessment Vulnerability Assessment Risk Management Risk Management Compliance Checking Enterprise Security Enterprise Security Enhance Situational Awareness

15 What’s Coming Next?

16 Continuous Monitoring for Cyber Awareness (A Real-Time Approach to Continuous Monitoring, SANS Analyst Program) Vulnerability Management Network Management Incident management Vulnerability, configuration and asset management System and network log collection, correlation and reporting Advanced network monitoring using real-time network forensics Threat intelligence and business analytics that fuse data from all monitoring feeds for correlation and analysis Enhanced Situational Awareness Dashboard Data Points News Feeds, Twitter Other disparate data, external data

17 What’s the Global Business Impact? Tie to: Business Systems Global Threat Security Risk Program Impact Vulnerability Score Operation Systems

18 Vulnerabilities Assets Health, status, security, vulnerability, and mission dependency data Presto for Cyber Situational Awareness Real-Time Mashing

19 What’s Coming Next?

20 Demo Scenario Walk-Thru Operational View Hardware View Software View Patches applied Asset Management Compliance Management Resource Allocation Actionable Remediation Vulnerabilities Categorization of Vulnerabilities Enhance Situational Awareness Tactical View Cost for Remediation Impact Analysis Strategic View Remediation recommendations POA&M Tracking

21 Asset Management HW & SW Counts Patches Applied

22 Compliance Management Vulnerabilities Found from Scans Vulnerabilities that match to Cyber Command list Vulnerabilities By Machine Type Tier 3 Vulnerabilities

23 Resource Allocation Data correlation from disparate business units Summarization Portfolio Management

24 Resource Allocation Consolidated Impact Analysis Impact Analysis & cost of impact to remediate

25 Actionable Remediation Leadership is provided with a way forward on remediation approach

26 Today’s Architecture of Sharing Data Tier 1 Tier 2 Tier 3 Tier 2 Tier 3 Takes up a lot of resource FTP Email File Sharing

27 Real Time Data Sharing Tier 1 Tier 2 Tier 3 Tier 2 Tier 3 More Efficient Share Views No Re-Homing Data Sharing Apps Confederated Process Roll up Data

28 The Benefits of the Cyber Use Case Integrating Disparate Data Operational, Tactical and Strategic views are shared Providing a workflow process that is inclusive Bringing disparate data together for a common cause Improving Collaboration/Analytics Full disclosure of data points for discussions at any time Improve the cyber security posture for an organization Create trackable, accountable, and actionable process Enhance Situational Awareness Enable Verification and Validation Provide data that is beyond traditional alerting mechanisms

29 How JackBe Can Help You? Read About JackBe Presto Solutions in Government Today To get additional information about how we can help your agency achieve Enhanced Situational Awareness, contact us at http://www.jackbe.com/about/contact_form.php. http://www.jackbe.com/about/contact_form.php To get additional information about how we can help your agency achieve Enhanced Situational Awareness, contact us at http://www.jackbe.com/about/contact_form.php. http://www.jackbe.com/about/contact_form.php http://www.jackbe.com/solutions/federal.php

30 ‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ www.jackbe.com John Crupi, CTO Rick Smith, Cyber Consultant

Download ppt "‘Enhanced Cyber Situational Awareness with Continuous Monitoring’ www.jackbe.com John Crupi, CTO Rick Smith, Cyber Consultant."

Similar presentations

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.

NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.

1 Continuous Monitoring Proprietary Information of SecureInfo ® Corporation © 2011 All Rights Reserved.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
7/23/2009 Capabilities Briefing For CDCA Andy Carter

7/23/2009 Capabilities Briefing For CDCA Andy Carter
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.
1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.

1© Copyright 2012 EMC Corporation. All rights reserved. Getting Ahead of Advanced Threats Advanced Security Solutions for Trusted IT Chezki Gil – Territory.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
NIST Special Publication Revision 1

NIST Special Publication Revision 1
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.

Similar presentations

Ads by Google