Continuous Monitoring and Real Time Risk Scoring
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Continuous Monitoring and Real Time Risk Scoring

on

  • 2,017 views

 

Statistics

Views

Total Views
2,017
Views on SlideShare
1,899
Embed Views
118

Actions

Likes
0
Downloads
41
Comments
0

2 Embeds 118

http://blog.q1labs.com 113
http://iaminitiatives.blog.com 5

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Continuous Monitoring and Real Time Risk Scoring Presentation Transcript

  • 1. Continuous Monitoringand Real Time RiskScoringErich Baumgartner, VP FederalQ1 Labs – An IBM CompanyJ.R. Cunningham, Director ofFederal StrategyAccuvant
  • 2. Meeting the Information Requirements ofFederal Agencies Two-phased compliance and security timeline 2
  • 3. Security Intelligence for Continuous Monitoring Monitors network changes to detect vulnerabilities in the network  Changes may be potential threats and policy/compliance violations, resulting in security gaps Compares configuration data from network security devices with layer 7 network activity analysis  Continuously checks rule policy effectiveness and raises alerts Provides single console view of risk exposure needed to meet continuous monitoring requirements (risk management, log management, SIEM, network behavior analysis) 3
  • 4. Continuously Manage Risk with Security Intelligence Move beyond traditionally reactive security management Multi-vendor network Automated compliance Predictive threatconfiguration monitoring & and risk assessment modeling & simulation audit Risk Indicators Configuration/  Topology Network  Activity Vulnerability  Management Network &  vulnerability context 4
  • 5. Accuvant & Q1 Labs Traditional SVARs Technology DrivenTraditional ConsultingAudit/Compliance Driven 5
  • 6. J.R. Cunningham Accuvant 6
  • 7. What is Continuous Monitoring?“…determine if thecomplete set ofplanned, required,and deployedsecurity controlswithinan informationsystem orinherited by thesystem continueto be effectiveover time…” NISTSP 800-37 7
  • 8. Why is Continuous Monitoring Critical? (Beyond the Obvious Answer – “It’s Required”)Intelligent Cyber Security- Applyingcountermeasures to only systems needing thosecontrolsThreat Intelligence – Understanding as muchabout the enemy and threat vectors as possibleAcquisition excellence – find the “big ROI”Situational Awareness – decision superioritydelivered with “speed of need”“If an agency has $1 to spend today, whereshould they spend it and why?” 8
  • 9. Continuous Monitoring and Situational Awareness Endpoint Protection Network Defenses Encryption DLP SIEM Countermeasure RBAC SituationalThreat Awareness Malware Insider Threat Device/Data Theft Leakage DDoS Espionage 9
  • 10. Choosing Meaningful MetricsOrganizational Data • AccurateVulnerability & Patch • Repeatable • Potential for Risk Relevance ManagementSoftware & Data Asset (either alone or with other Management data) Network & Configuration • Should be known in industry Management • Not Necessarily Actionable Compliance & Audit • Can sometimes validate or Management invalidate other dataSecurity Information & Event Management 10
  • 11. Industry Standard Metrics(measurablesecurity.mitre.org) 11
  • 12. Finding the Risk Relevant DataOrganizational DataVulnerability & Patch ManagementSoftware & Data Asset • Some level of aggregation Management • Also a repeatable process Risk Relevant • Begins to inform SA Network & Data • Not necessarily actionable Configuration Management • Centrally managed Compliance & Audit ManagementSecurity Information & Event Management 12
  • 13. Security Intelligence Across theInfrastructure – Anomaly Detection 13
  • 14. Squelching the Noise 14
  • 15. Informative and Actionable OutputQ1 Report Screen Here 15
  • 16. Pre-built NIST reporting 16
  • 17. Risk Based Decisions * NIST SP 800-39 17
  • 18. What to do next? Watch our recent webcasts http://q1labs.com/resource- center/media-center.aspx Download the “Gartner SIEM Critical Capabilities” report http://q1labs.com/resource-center/analyst- reports/details.aspx?id=17 Download the “Continuous Monitoring for Government Agencies” paper http://q1labs.com/resource-center/white- papers/details.aspx?id=137 Read our blog http://blog.q1labs.com/ Follow us on Twitter: @q1labs @ibmsecurity 18
  • 19. Thank You!More info: info@Q1Labs.comTwitter: @q1labs @accuvantBlog: blog.q1labs.com 19