Presentation is loading. Please wait.

Presentation is loading. Please wait.

DISA Global Operations

Published byLeo Randall Modified over 6 years ago

Similar presentations

Presentation on theme: "DISA Global Operations"— Presentation transcript:

1 DISA Global Operations
Cyber Defense Program Overview Sandy J. Radesky Deputy, Future Plans and Programs Division/Lead Cyber Strategist DISA Global Operations Command 10 Jan 2017

2 Me… In a Nutshell

3 DOD’s Cyber Focus Department of Defense Priority Cyber Missions:
Defend DOD Networks, Systems and Information Defend US Homeland and US National Interests against Cyberattacks Provide Cyber Support to Military Operational and Contingency Plans Expand Cyber Mission Forces: 133 Teams by 2018 Snippets from DOD’s Cyber Strategy: Build technical capabilities for Cyber Operations Build the Joint Information Environment (JIE) Single Security Architecture Improve Computer Network Defense Service Provider (CNDSP) References:

4 DISA’s Cyber Focus “We will bring the business of defensive cyberspace operations support for the DoD under one roof — Our Roof…”  “DODIN” “…Eliminating Department duplication of effort, capitalizing on the range of commercial cloud solutions, and maintaining the operational cyberspace integrity of the DODIN services we defend, operate, and assure” “Authorized, authenticated user access and freedom of maneuver to cloud, collaboration, and command and control capabilities; without impact from rogue entities, hacktivists, nation states, or insider threats” Deploy & Operationalize Joint Regional Security Stacks Enhance mobility & collaboration efforts Superior delivery of capability to mission partners/warfighter Reference:

5 Scope… DISA’s Cyber Defense Environment

6 C2 How? ... By Integrating Missions & Unity of Effort
Positive CM/CC enabling NA and MA How? ... By Integrating Missions & Unity of Effort INTEL Engineering Defense Operations C2 Capability Delivery Problem/Configuration Management (Implement, Configure, Secure, Sustain & Maintain) Provide engineering/trend analysis, modeling, performance, QA, IT&A, change and problem mgt for DODIN Ops Defensive Cyber Ops Real Time Analysts and Countermeasures (Passive and Active Defense, Detect, Analyze, Mitigate, Hunting, Countermeasures) Triage analytics and Incident Response across the DODIN Perimeters DODIN Ops Incident Management (Operate, Maintain, Secure, Mission Assure) Synchronization of NetOps through Incident Management Mission Assurance Network Assurance Integrated / Mission Focused / Threat Specific / Responsive

7 High Fidelity Analytics
Analytics: Going Back to the Basics What Do We Know? Who’s Who ? What’s What ? It’s that bad! Content Development Correlation Enrich Threat Data Intelligence Increase Cyber SA High Fidelity Analytics Countermeasures Cyber Fusion Real Time Analysis Let’s Make Sure…. Now Let’s Manage This!

8 Analytic Values Accuracy Drives Value Analytics Values Triage
Content specific Correlation rules Pipeline, IP Sets, Behaviors Network Profiling HBEs, DDoS Dark Space BotNets / Malware Specific Spearphising / Campaigns End-point Behaviors  Mobility Specific Values Intelligence Incident Reports Profiling Metrics Countermeasures Collaboration Products Indicator Trends Knowledge Gained Triage Specific Environments or Missions Discovery Accuracy Drives Value

9 Understand the Value of Context & Integrate!
Data & More Data… What goes where and why? Base it on the threat vectors and networks Base it on workflow and Community of Interest Base it on fidelity Base it on periodicity What else? SIEM Big Data SiLK Understand the Value of Context & Integrate!

10 Case Study 1: Port Abuse

11 Case Study 1: Port Abuse Know your network
Build continuous checks -> pipeline & correlation Don’t dismiss blocked traffic SSL/TLS traffic (>2.4gb) and HTTP traffic (>38mb) excluded for clarity

12 Traffic of Interest, before/after Countermeasures Introduced
Case Study 2: Blocking Effectiveness Accuracy was achievable… NOT fun Metrics are IMPORTANT… Evolve with strategies as they evolve! Traffic of Interest, before/after Countermeasures Introduced Absolute Change: Considerable Required blocking effectiveness: 99.9% Measured: 98.4%

13 …So What? Knowing your infrastructure helps to identify the gaps
Remove the noise & carve out “discovery” opportunities Outcomes: Significant improvement of policy enforcement; validate what is happening is “by design” or NOT! Leverage indicators as reconnaissance information Create a manageable capability with automation Prove value through real metrics – show your work!

14 In Closing… And… Thank you!
Be agile and listen to the “analysts” Drive integration at all levels – knowing the “context” is a game changer  Big Data + Cyber Collaboration: Ability to work between Industry, Academia and Government

15

Download ppt "DISA Global Operations"

Similar presentations

BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
The U.S. Coast Guard’s Role in Cybersecurity

The U.S. Coast Guard’s Role in Cybersecurity
South Carolina Cyber.

South Carolina Cyber.
5/17/2015 1 SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)

5/17/ SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)
The Evergreen, Background, Methodology and IT Service Management Model

The Evergreen, Background, Methodology and IT Service Management Model
Delivering an Architecture for the Social Enterprise Alpesh Doshi, Fintricity Information Age Social&Mobile Business Conference Tuesday 31st January 2012.

Delivering an Architecture for the Social Enterprise Alpesh Doshi, Fintricity Information Age Social&Mobile Business Conference Tuesday 31st January 2012.
US-CERT www.us-cert.gov National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.

US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.

CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.
I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force 1 Lt Gen Bill Lord, SAF/CIO A6 Chief of Warfighting Integration and.

I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force 1 Lt Gen Bill Lord, SAF/CIO A6 Chief of Warfighting Integration and.
STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.
Corporate Information Reconnaissance Cell (CIRC).

Corporate Information Reconnaissance Cell (CIRC).
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks

Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
WELCOME CyberSecurity and Global Affairs Workshop Enhancing Situational Awareness Through Cyber Intelligence Henry Horton, CISM Partner, CyberSecurity.

WELCOME CyberSecurity and Global Affairs Workshop Enhancing Situational Awareness Through Cyber Intelligence Henry Horton, CISM Partner, CyberSecurity.
Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.

Nexthink V5 Demo Security – Malicious Anomaly. Situation › Avoid damage resulting from the incident itself and the cost of the unplanned response › Protection.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.

Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
US CYBER COMMAND The overall classification of this brief is: UNCLASSIFIED 1 Perspectives from the Command to APEX LtGen Robert E. Schmidle USMC Deputy.

US CYBER COMMAND The overall classification of this brief is: UNCLASSIFIED 1 Perspectives from the Command to APEX LtGen Robert E. Schmidle USMC Deputy.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Similar presentations

Ads by Google