Presentation is loading. Please wait.

Presentation is loading. Please wait.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center.

Similar presentations


Presentation on theme: "REN-ISAC Research and Education Networking Information Sharing and Analysis Center."— Presentation transcript:

1 REN-ISAC Research and Education Networking Information Sharing and Analysis Center

2 ISACs in General

3

4 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

5 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

6 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

7 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

8 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

9 Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

10 Roles ISAC role: A community formed of trusted security staff at R&E institutions; sharing actionable information for operational protection and response; among the trusted R&E members, cross- sector, and with external trusted partners. Certain services (alerts and notifications) to all of R&E regardless of membership status. REN-ISAC is the R&E “trusted partner” in commercial, governmental, and private security information sharing relationships. CSIRT role: Notifications (>12k/month) regarding compromised systems and other incident involvement; supporting all of US R&E (>1600 institutions notified to-date). SOC for Internet2 network.

11 REN-ISAC is a Cooperative Effort Member participation is a cornerstone of REN-ISAC Dedicated resource contributors: IU, LSU, and Internet2 In kind contributors: EDUCAUSE, MOREnet Member contributions through participation: – Executive Advisory Group – Technical Advisory Group – Microsoft Analysis Team – Membership Committee – Services development and operation – Systems, tools, etc. Seek mutually beneficial relationships 11

12 Advisory Groups, Analysis Teams, and Services Executive Advisory Group Technical Advisory Group Membership Committee Microsoft Analysis Team Services BardArbor NetworksEmoryIUMOREnet EDUCAUSEBaylorIASNYU Internet2CornellIUUAB IUInternet2LSUU Washington LBLIUScranton OaklandTeam CymruUT Dallas Reed CollegeU Mass Amherst UMBCWPI UMD

13 Relationships Internet2 Internet2 SALSA Internet2 CSI2 Working Group Global Research NOC at IU EDUCAUSE Higher Education Information Security Council Private threat analysis and mitigation efforts Other sector ISACs National ISAC Council DHS/US-CERT and other national CERTS and CSIRTS Vendors (Microsoft) NCFTA (National Cyber-Forensics & Training Alliance) APWG (Anti-Phishing Working Group)

14 Sustainability Hosted by Indiana University Financial contributions from IU, LSU, and Internet2, and in-kind support from EDUCAUSE Member contributions in projects, services, and activities A modest membership fee ($700/$900 per institution per year) Financial Principles, in the Charter: 7.3.1 REN-ISAC will not be operated to generate and disseminate profit, but also cannot be a cost center of any particular sponsoring or supporting organization. 7.3.2 The fundamental financial goal of the REN-ISAC is to cover all costs through a combination of tangible sponsorship, support, or other philanthropic revenue and fees, and given the expense parameters and the fiscal environment in which the REN-ISAC operates.

15 Benefits of Membership Receive and share practical and actionable defense information in a private community of trusted members Establish relationships with known and trusted peers Have access to direct security services Benefit from information sharing relationships in the broad security community Benefit from vendor relationships, such as the REN-ISAC and Microsoft Security Cooperation Program relationship Participate in technical educational security webinars Participate in REN-ISAC meetings, workshops, & training Have access to the 24x7 REN-ISAC Watch Desk Have access to threat information resources ("data feeds") that can be used to identify local compromised machines, and to block known threats

16 Information Products Daily Watch Report provides situational awareness. Alerts provide critical and timely information concerning new or increasing threat. Notifications identify specific sources and targets of active threat or incident involving R&E. Sent directly to contacts at involved sites. ~4000 notifications sent per month. Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc. Advisories inform regarding specific practices or approaches that can improve security posture. TechBurst webcasts provide instruction on technical topics relevant to security protection and response. Monitoring views provide summary views from sensor systems, e.g. traffic patterns on Internet2, useful for situational awareness.

17 Membership Membership is open to colleges and universities, teaching hospitals, R&E network providers, and government-funded research organizations. The institution is the “member”, and is represented by a management representative who nominates one or more member representatives. Very specific job responsibility requirements define who is eligible to become a member representative. Membership is tiered (General and XSec). The tiers differ in eligibility criteria, the degree of trust vetting, sensitivity of information shared, information products shared, and the commitment-level of the institution.

18 Membership and Reach As of October 2011, there are: – 341 members Represented by 858 member representatives A list of member institutions is on the Membership web page – http://www.ren-isac.net/cgi-bin/memberlist.cgi http://www.ren-isac.net/cgi-bin/memberlist.cgi Service to R&E beyond just the membership – REN-ISAC has communicated with over 1600 EDU institutions, directly and privately, regarding compromised systems (notifications) – Episodic public alerts are aimed at R&E security practitioners and CIOs

19 Joining REN-ISAC Membership is initiated by a CIO or equivalent, who becomes the “management representative”. During registration the CIO can delegate the management representative role. The management representative nominates “member representatives” Member representatives must be FTE with institution-wide responsibilities for operational security protection and response, etcetera. Tiered membership model – First tier (General): nominated by management representative, meets eligibility criteria, and no dings by current members during vetting – Second tier (Xsec): has been a General member in good standing for six weeks, meets eligibility requirements, and receives two vouches of personal trust from existing members, http://www.ren-isac.net/membership.html

20 Over the Past Year Membership growth: 301  341 institutions, represented by 730  858 persons (dated October 2011) Relationships growth: US-CERT, NCFTA, APWG Growth in engagement with trusted partners: more information sharing Involvement in strategic industry groups focused at the takedown of specific security threats Advancement of the SES tool (v1  v2), created the Collective Intelligence Framework (CIF): threat data repository, flexible API, support for analyst threat research NSF award OCI-1127425 for development of SES v3, including support for inter-federation, scaling, additional data types, and tool integration. Engagement with the NSF International Research Network Connections, TransPAC3 and America Connects to Europe projects, supporting "community security" activities.

21 Over the Past Year Partnership with the Multi-State ISAC and SANS to bring an aggressive aggregate buy program for Securing The Human training to EDU. Engagement in international standards work for security incident reporting (IODEF) Handling of 0-day vulnerability communications between members and vendors Increase in number of notifications (more data sources) regarding observed infected EDU-based machine: > 12,000 notifications/month Additional staff, funded by membership fees, permitting substantial strengthening of our infrastructure, and deployment of new services

22 References REN-ISAC Organizational Documents – http://www.ren-isac.net/about/index.html http://www.ren-isac.net/about/index.html Charter Membership Document Terms and Conditions Fees Information Sharing Policy Disclaimer Overviews – http://www.ren-isac.net/about/index.html http://www.ren-isac.net/about/index.html Flier Executive Overview Joining – http://www.ren-isac.net/membership.html http://www.ren-isac.net/membership.html

23 Contacts Doug Pearson Technical Director dodpears@ren-isac.net http://www.ren-isac.net 24x7 Watch Desk: soc@ren-isac.net +1 (317) 278-6630


Download ppt "REN-ISAC Research and Education Networking Information Sharing and Analysis Center."

Similar presentations


Ads by Google