SlideShare a Scribd company logo

Isf 2015 continuous diagnostics monitoring may 2015

Download as PPTX, PDF
A
abhi75

Cyber Security Components

Engineering
1 of 27
20 May 2015 Northrop Grumman Information Systems (NGIS) Applying Continuous Monitoring and Cyber Best Practice to the Texas Cyber Framework Calvin Smith Approved for Public Release #15-0906; Unlimited Distribution
Agenda 2 • Introduction • About Northrop Grumman • Texas Cybersecurity Framework • Federal Continuous Monitoring Program • Dynamic Texas Cyber Monitoring Framework Dashboard • Cyber Best Practice / Defensive In Depth • Q&A Approved for Public Release #15-0906; Unlimited Distribution
Northrop Grumman Information Sector Snapshot At a Glance • $6.2B business • More than 16,000 employees • 50 states, 21 countries 3 Focus Areas • Cyber • Communications • Command and Control • Integrated Air and Missile Defense • Intelligence, Surveillance, Reconnaissance • Civil • Health Approved for Public Release, #15-0507; Unlimited Distribution Approved for Public Release #15-0906; Unlimited Distribution
Information Systems Sector Focus Areas 4 Bioinformatics and Analytics Benefits Management Population Health Fraud Detection/ Prevention NextGen Claims/Payment Modernization Personalized Health Health Financial Compliance and Fraud Detection Enterprise Support Applications Information Sharing Decision Support Tools Public Safety C2 and Mobility Identity Management Civil Multi-INT Fusion Large-Scale Data Management Multi-Source Solutions Special Intelligence Solutions SIGINT Tactical and Strategic ISR ISR Integrated Avionics Gateways and Networking Multi-Function RF Devices Ground and Airborne Radios Global SATCOM Distributed Mission Operations Communications Full-Spectrum Cyber Secure Enterprise Computing Defensive Cyber Operations Cyber Resilience Network Exploitation Big Data Analysis Biometric Intelligence Cyber Multi-Domain C2 Systems Combat System Integration: Air, Land, Maritime Large-Scale Enterprise C2 Solutions Critical Infrastructure and Force Protection Command and Control (C2) Joint Air and Missile Defense Ballistic Missile Defense Integration BMD Fieldable Systems International IAMD Integrated Air and Missile Defense UNMANNEDCYBER C4ISR LOGISTICS Approved for Public Release, #15-0507; Unlimited Distribution Approved for Public Release #15-0906; Unlimited Distribution
About Me The End-to-End Monitoring team supports federal, state and local government programs, specializing in cyber and performance monitoring.  Cal - 28+ years in networking & cyber, 10 years in continuous & end-to-end monitoring architectures.  Currently supporting US CERT as Cyber Technologist and Solution Architect for Texas State Agencies  Previously worked as Cyber Architect for U.S. Department of State, Department of Homeland Security, Department of Justice and Patent Trademark Office.  In his spare time he is an avid music collector, IT cloud tech enthusiast and road warrior. 5 Approved for Public Release #15-0906; Unlimited Distribution
Revised TAC 202 • Method to standardize and prioritize cyber risk from the state of Texas perspective • Standardizes a cyber approach and establishes a baseline for minimum cyber security • Tailorable or customizable for each state agency • Enables structure to fuse people, process and technology (tools) • Provides a phased approach to align with FISMA / NIST 800-53 • Control Catalog for mapping Federal / Texas laws, guidance and instruction 6 Approved for Public Release #15-0906; Unlimited Distribution
Texas Cybersecurity Framework Overview – Phased approach to FISMA 7 Texas Cybersecurity Framework TAC 202 Agency Security Plan Template Control Catalog Vendor Services Alignment Risk Management Agency Security Plan Revised TAC 202Framework Texas Migrating from Static Governance to Dynamic FISMA Alignment Approved for Public Release #15-0906; Unlimited Distribution
Federal Continuous Monitoring Program Continuous Diagnostics & Mitigation (CDM) • Leveraging automated tools and processes to continually assess IT systems, networks and programs • Capture real-time security information to effectively manage risk while reducing cost • Security controls are assessed continuously to provide real-time security posture instead of the traditional “snapshot-in-time • Real-time risk assessment is based on how well security controls mitigate known threats and vulnerabilities • Enables real-time risk management decision-making via continuous streaming of system state intelligence • Maps to 11 NIST Continuous Monitoring Domains, 15 DHS CDM Domains, NIST 800-53 Controls 8 Federal Policy Rapidly Moving Towards Real-time Cyber Monitoring Approved for Public Release #15-0906; Unlimited Distribution
Department of Homeland Security (DHS) 15 Continuous Monitoring Domains Abbreviation Continuous Monitoring Domains Rollout Schedule HWAM Hardware Asset Management Phase 1 / 2015 SWAM Software Asset Management Phase 1 / 2015 VUL Vulnerability Management Phase 1 / 2015 CM Configuration Management Phase 1 / 2015 NAC Network Access Control Phase 2 / 2016 TRU Manage Trust In People Granted Access Phase 2 / 2016 BEH Manage Security Related Behavior Phase 2 / 2016 CAM Credential Access Management Phase 2 / 2016 AAC Manage Account Access Phase 2 / 2016 CP Prepare to Contingencies & Incidents (CIRT) Phase 3 / 2017 INC Respond to Contingencies & Incidents (CIRT) Phase 3 / 2017 POL Design & Build in Requirements Policy & Planning Phase 3 / 2017 QAL Design & Build in Quality Phase 3 / 2017 AUD Manage Audit Information Phase 3 / 2017 OPS Manage Operation Security (SIEM) Phase 3 / 2017 9 Approved for Public Release #15-0906; Unlimited Distribution
National Institute of Standards and Technology (NIST) 11 Continuous Monitoring Domains NIST – DHS Continuous Domain Crosswalk D1 D2 D3 D4 D5 D6 D7 D8 D9 D10 D11 Asset Mgmt Vul Mgmt Config Mgmt Patch Mgmt Net Mgmt Event Mgmt Inc Mgmt Malware Detect Info Mgmt Lic Mgmt SwA A1 HWAM X A2 SWAM X X X A3 VUL X A4 CM X X A5 NAC X A6 TRU X X A7 BEH X X A8 CAM X A9 AAC X A10 CP X X X X A11 INC X A12 POL X X X X X X A13 QAL X A14 AUD X A15 OPS X X X X X X X X X X X 10 Approved for Public Release #15-0906; Unlimited Distribution
11 Continuous Monitoring Architecture Tailorable Framework As capabilities mature you move from continuous monitoring to continuous management Approved for Public Release #15-0906; Unlimited Distribution
Dynamic TAC 202 Cyber Dashboard Features & Capabilities • Acceptable Cyber Risk (ACR) – The ACR is dynamically determined based on advanced analytics. It is continuously generated based on historical and real-time data. There are no static, defined thresholds. • Advanced Analytics – Display of meaningful and hidden patterns in unstructured security data using statistics, metrics, and algorithms. Big Data analytics is best “visualized” to show insights normally not seen in tabular data displays, i.e, visual analytics. Cyber measures / metrics are dynamically reported in real-time • Dynamic Color Coding – A color scheme using green, yellow and red applied to dashboard metrics and maps based on dynamic changes in the ACR. • Predictive Analytics (Machine-Learning) – The dashboard dynamically extracts and learns from security control, defense in depth protection and incident information (i.e., historical and real-time) in order to predict future cyber events and ability to respond and mitigate. • Quality of Protection (QoP)– A derived metric capturing end-to-end cyber protection based on security controls and defense-in-depth cyber protection profiles. Key Cyber Indicators (KCIs) are calculated, combined and weighted to measure potential risk factors contributing to lack/failure of end-user or critical asset protection. 12 Approved for Public Release #15-0906; Unlimited Distribution
Continuous Monitoring Key Architecture Considerations 1. Know the Desired State Security Policy 2. Know the Actual State “On the Wire” Assessment 3. Know the Differences and Act Assess & Analyze Deviations Quickly 4. Group Items Found for Reporting Key stakeholders 5. Integrate with Legacy Systems Interoperate 6. Scale Enterprise & Regions 7. Role-Based Access Control Limit Access 8. Information Sharing Collaboration & Dissemination 13 Dynamic Cyber Dashboard Automate Security Aggregation, Correlation & Reporting Approved for Public Release #15-0906; Unlimited Distribution
14 “A cyber TAC 202 dashboard provides integrated visual analytics allowing cyber teams to visually interact with their data to better collaborate and quickly mitigate vulnerabilities and threats” Dynamic TAC 202 Cyber Dashboard Interactive Texas map drill-down to sites, assets, vulnerabilities, threats TAC 202 Dashboard Approved for Public Release #15-0906; Unlimited Distribution
15 Dynamic TAC 202 Cyber Dashboard Detailed Drill-down to Assets, Controls, Vulnerabilities, Compliance & Risk Approved for Public Release #15-0906; Unlimited Distribution
Dynamic Continuous Monitoring Use Cases Unauthorized (Rogue) Device Events Rapid Detection of Rogue Devices Automate Alerting for Rapid Remediation (Quarantine, Removal) Unauthorized Software (Potential Malware) Events Rapid Detection of Unauthorized/Unlicensed Software on Endpoints Automate Alerting for Rapid Remediation and Removal Misconfigured Software (Deviations) Events Rapid Detection of “Current State vs Desired State” (based on policy) Automate Alerting for Remediation or Change Control Critical Vulnerability (Potential Exploitation/Weakness) Events 1. Rapid Detection of Vulnerabilities 2. Automate Alerting for Rapid Remediation (Quarantine, Removal) 3. Prioritized Response (based on policy) for Rapid Remediation (Quarantine, Removal) 16 1 2 3 4 Approved for Public Release #15-0906; Unlimited Distribution
Unauthorized / Rogue Device Events 17 1 Approved for Public Release #15-0906; Unlimited Distribution
18 Dynamic TAC 202 Cyber Dashboard Cyber “Weather Map” for Unauthorized SW / Malware Detection TAC 202 Dashboard 2 Approved for Public Release #15-0906; Unlimited Distribution
Dynamic TAC 202 Cyber Dashboard Cyber “Weather Map” for Mis-Configured Endpoints 19 TAC 202 Dashboard 3 Approved for Public Release #15-0906; Unlimited Distribution
20 Dynamic TAC 202 Cyber Dashboard Cyber “Weather Map” for Critical Vulnerability Detection TAC 202 Dashboard 4 Approved for Public Release #15-0906; Unlimited Distribution
Cyber Situational Awareness Problem Reducing the Attacker “Free Time” in Network 21 “Profile of a Cyber Attack” Approved for Public Release #15-0906; Unlimited Distribution
Cyber Best Practice Defense in Depth Monitoring 22 TAC 202 Dashboard Approved for Public Release #15-0906; Unlimited Distribution
Cyber Attack Profiles Why Continuous Monitoring of Security Controls and DnD Matters 23 Perimeter Security Network Security Endpoint Security Application Security Data Security Mission Critical Assets Prevention Response Server IDP DLPSecurity Policies & Compliance Security Technology Evaluation Security Architecture & Design Security Awareness Training Near Real Time Security Dashboard Cyber Threat Intelligence Certification & Accreditation IT Security Governance Near Real Time Vulnerability Assessment SIEM SOC / NOC Monitoring (24x7) Threat Modeling Penetration Testing Incident Reporting, Detection, Response Digital Forensics Escalation Management Security SLA/SLO Reporting Outside threats Protection Risk Management DLP DLP DLP Acronyms & Abbreviations: DAR: Data At Rest DIM: Data In Motion DIU: Data In Use PKI: Public Key Infrastructure FDCC: Federal Desktop Core Configuration IDP: Intrusion Detection and PreventionSIEM: Security Information Event Management DLP: Data Loss Prevention NAC: Network Access Control DHS Einstein Honeypot Secure DMZs Application Security Messaging Security Messaging Security Web Proxy Content Filtering Enclave Firewall/IDP Desktop Firewall/IDP Endpoint Security Enforcement (Whitelist) XML Firewall Web Application Firewall Dynamic App Testing Static App Testing/Code Review Database Monitoring, Protection Enterprise Right Management PKI DAR/DIM/DIU Protection Identity & Access Management Data Integrity Data/Drive Encryption Perimeter Security Network Security Endpoint Security Application Security Data Security Mission Critical Assets Enclave Firewall/IDP Data Integrity DLP Data/Drive Encryption Database Monitoring, Protection PKI DAR/DIM/DIU Protection Enterprise Right Management Identity & Access Management Security Policies & Compliance Security Technology Evaluation Security Architecture & Design Security Awareness Training Near Real Time Security Dashboard Cyber Threat Intelligence Certification & Accreditation IT Security Governance Near Real Time Vulnerability Assessment SIEM SOC / NOC Monitoring (24x7) Threat Modeling Penetration Testing Incident Reporting, Detection, Response Digital Forensics Escalation Management Security SLA/SLO Reporting Malacious Insider Risk Management DLP DLP DLP Acronyms & Abbreviations: DAR: Data At Rest DIM: Data In Motion DIU: Data In Use PKI: Public Key Infrastructure FDCC: Federal Desktop Core Configuration IDP: Intrusion Detection and PreventionSIEM: Security Information Event Management DLP: Data Loss Prevention NAC: Network Access Control Prevention Response Protection Perimeter Security Network Security Endpoint Security Application Security Data Security Mission Critical Assets Prevention Response Perimeter Firewall NAC DLP Web Application Firewall PKI Security Policies & Compliance Security Technology Evaluation Security Architecture & Design Security Awareness Training Near Real Time Security Dashboard Cyber Threat Intelligence Certification & Accreditation IT Security Governance Near Real Time Vulnerability Assessment SIEM SOC / NOC Monitoring (24x7) Threat Modeling Penetration Testing Incident Reporting, Detection, Response Digital Forensics Escalation Management Security SLA/SLO Reporting Inside threats Protection Risk Management XML Firewall DLP DLP DLP Acronyms & Abbreviations: DAR: Data At Rest DIM: Data In Motion DIU: Data In Use PKI: Public Key Infrastructure FDCC: Federal Desktop Core Configuration IDP: Intrusion Detection and PreventionSIEM: Security Information Event Management DLP: Data Loss Prevention NAC: Network Access Control Perimeter IDP Messaging Security (Anti-virus, Anti-malware) DHS Einstein Web Proxy Content Filtering Endpoint Security Enforcement Server IDP Desktop Firewall/IDP Remote Access Wireless Security Network IDP Enclave Firewall/IDP Identity & Access Management DAR/DIM/DIU Protection Data/Drive Encryption Enterprise Right Management Database Monitoring, Protection Perimeter Security Network Security Endpoint Security Application Security Data Security Mission Critical Assets Prevention Response Security Policies & Compliance Security Technology Evaluation Security Architecture & Design Security Awareness Training Near Real Time Security Dashboard Cyber Threat Intelligence Certification & Accreditation IT Security Governance Near Real Time Vulnerability Assessment SIEM SOC / NOC Monitoring (24x7) Threat Modeling Penetration Testing Incident Reporting, Detection, Response Digital Forensics Escalation Management Security SLA/SLO Reporting Evading Insider User Protection Risk Management Acronyms & Abbreviations: DAR: Data At Rest DIM: Data In Motion DIU: Data In Use PKI: Public Key Infrastructure FDCC: Federal Desktop Core Configuration IDP: Intrusion Detection and PreventionSIEM: Security Information Event Management DLP: Data Loss Prevention NAC: Network Access Control Perimeter Firewall Web Proxy Content Filtering Endpoint Security Enforcement Zero Day Attack Insider Threat Massive Data Exfiltration Loss of data integrity confidentiality Approved for Public Release #15-0906; Unlimited Distribution
Best Cyber Practice • Know your cyber requirements – Understand policy – Operationalize policy and apply to cyber tools and processes to make it more “actionable” – Design defense in depth monitoring architecture based on the business • Understand the threat – External bad actors – Insider threat – Know tactics, techniques and procedures • Understand your data… – Create data plan/data architecture – Map to security controls and defense in depth – “Listen” to your data • And how this applies to your agency’s core mission – What’s important to your business? – What are you trying to accomplish? – What, Who and How to report? 24 Implement Continuous Monitoring Approved for Public Release #15-0906; Unlimited Distribution
Points of Contact Keri McClellan Program Manager Cell: 817-240-4693 Email: Keri.McClellan@ngc.com Calvin Smith Cyber Technologist, Solutions Architect & Project Manager Office: 512-374-4136 Email: ch.smith@ngc.com 25
Q&A 26 Northrop Grumman Private/Proprietary Level 1Approved for Public Release #15-0906; Unlimited Distribution
Isf 2015 continuous diagnostics monitoring may 2015

Recommended

Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryUKTI2014
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
[이동식 원격 데이터센터 컨퍼런스] 이동식 원격 데이터센터의 군 활용-국방대 권태욱 교수
[이동식 원격 데이터센터 컨퍼런스] 이동식 원격 데이터센터의 군 활용-국방대 권태욱 교수[이동식 원격 데이터센터 컨퍼런스] 이동식 원격 데이터센터의 군 활용-국방대 권태욱 교수
[이동식 원격 데이터센터 컨퍼런스] 이동식 원격 데이터센터의 군 활용-국방대 권태욱 교수NAIM Networks, Inc.
 

Recommended

Build Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-SegmentationWestermo Network Technologies
 
Cevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryCevn Vibert. Thales UK. 28th January
Cevn Vibert. Thales UK. 28th JanuaryUKTI2014
 
The Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and LancopeCisco Enterprise Networks
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco Canada
 
Study Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLStudy Wireless Security Deployment - PKL
Study Wireless Security Deployment - PKLAaron ND Sawmadal
 
Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Palo Alto Networks Portfolio & Strategy Overview 2019
Palo Alto Networks Portfolio & Strategy Overview 2019Sean Xie
 
TechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnectRobb Boyd
 
[이동식 원격 데이터센터 컨퍼런스] 이동식 원격 데이터센터의 군 활용-국방대 권태욱 교수
[이동식 원격 데이터센터 컨퍼런스] 이동식 원격 데이터센터의 군 활용-국방대 권태욱 교수[이동식 원격 데이터센터 컨퍼런스] 이동식 원격 데이터센터의 군 활용-국방대 권태욱 교수
[이동식 원격 데이터센터 컨퍼런스] 이동식 원격 데이터센터의 군 활용-국방대 권태욱 교수NAIM Networks, Inc.
 
1500024 en
1500024 en1500024 en
1500024 enAlber Louis
 
Solution note-cryptoflow-lan
Solution note-cryptoflow-lanSolution note-cryptoflow-lan
Solution note-cryptoflow-lancnnetwork
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Secure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guideSecure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guideSigfox
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefLiveAction Next Generation Network Management Software
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - OverviewIrsandi Hasan
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottwebinos project
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...LiveAction Next Generation Network Management Software
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chainInternet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chainDuncan Purves
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNaloscocco
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Amazon Web Services
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management ProgramTripwire
 

More Related Content

What's hot

Solution note-cryptoflow-lan
Solution note-cryptoflow-lanSolution note-cryptoflow-lan
Solution note-cryptoflow-lancnnetwork
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Lancope, Inc.
 
Secure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guideSecure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guideSigfox
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution TaarakMohit8780
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...Community Protection Forum
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - OverviewIrsandi Hasan
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottwebinos project
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1Lancope, Inc.
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxSigfox
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overviewpgmaynard
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chainInternet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chainDuncan Purves
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNaloscocco
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bellCisco Canada
 

What's hot (20)

1500024 en
1500024 en1500024 en
1500024 en
 
Solution note-cryptoflow-lan
Solution note-cryptoflow-lanSolution note-cryptoflow-lan
Solution note-cryptoflow-lan
 
Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security Using Your Network as a Sensor for Enhanced Visibility and Security
Using Your Network as a Sensor for Enhanced Visibility and Security
 
Secure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guideSecure sigfox ready devices recommendation guide
Secure sigfox ready devices recommendation guide
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Cisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution BriefCisco1000v Net Optics Solution Brief
Cisco1000v Net Optics Solution Brief
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - Overview
 
iotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allottiotmaship - Webinos iot and m2m - allott
iotmaship - Webinos iot and m2m - allott
 
Data center webinar_v2_1
Data center webinar_v2_1Data center webinar_v2_1
Data center webinar_v2_1
 
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
Sourcefire - A Next-Generation Intrusion Prevention Solution Delivering Scala...
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
Make things come alive in a secure way - Sigfox
Make things come alive in a secure way - SigfoxMake things come alive in a secure way - Sigfox
Make things come alive in a secure way - Sigfox
 
Industrial Control System Security Overview
Industrial Control System Security OverviewIndustrial Control System Security Overview
Industrial Control System Security Overview
 
Internet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chainInternet of Things Security - Trust in the supply chain
Internet of Things Security - Trust in the supply chain
 
Porque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPNPorque cambiar de IPSec a SSL VPN
Porque cambiar de IPSec a SSL VPN
 
Meraki powered services bell
Meraki powered services bellMeraki powered services bell
Meraki powered services bell
 

Similar to Isf 2015 continuous diagnostics monitoring may 2015

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Amazon Web Services
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management ProgramTripwire
 
Network security offering
Network security offeringNetwork security offering
Network security offeringGss America
 
Network Security Offering by GSS America
Network Security Offering by GSS AmericaNetwork Security Offering by GSS America
Network Security Offering by GSS AmericaGss America
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanTripwire
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionDLT Solutions
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™CPaschal
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectivesSensePost
 
2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackersShawn Wells
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxCouronne1
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSathishKumar960827
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
Lowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZLowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZTim De Keukelaere
 

Similar to Isf 2015 continuous diagnostics monitoring may 2015 (20)

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
 
Network security offering
Network security offeringNetwork security offering
Network security offering
 
Network Security Offering by GSS America
Network Security Offering by GSS AmericaNetwork Security Offering by GSS America
Network Security Offering by GSS America
 
Developing a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action PlanDeveloping a Continuous Monitoring Action Plan
Developing a Continuous Monitoring Action Plan
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™RiskWatch for Physical & Homeland Security™
RiskWatch for Physical & Homeland Security™
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers2014-12-16 defense news - shutdown the hackers
2014-12-16 defense news - shutdown the hackers
 
Cost effective cyber security
Cost effective cyber securityCost effective cyber security
Cost effective cyber security
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Be the Hunter
Be the Hunter Be the Hunter
Be the Hunter
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
Lowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZLowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to Z
 

Recently uploaded

Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 

Recently uploaded (20)

Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 

Isf 2015 continuous diagnostics monitoring may 2015

  • 1. 20 May 2015 Northrop Grumman Information Systems (NGIS) Applying Continuous Monitoring and Cyber Best Practice to the Texas Cyber Framework Calvin Smith Approved for Public Release #15-0906; Unlimited Distribution
  • 2. Agenda 2 • Introduction • About Northrop Grumman • Texas Cybersecurity Framework • Federal Continuous Monitoring Program • Dynamic Texas Cyber Monitoring Framework Dashboard • Cyber Best Practice / Defensive In Depth • Q&A Approved for Public Release #15-0906; Unlimited Distribution
  • 3. Northrop Grumman Information Sector Snapshot At a Glance • $6.2B business • More than 16,000 employees • 50 states, 21 countries 3 Focus Areas • Cyber • Communications • Command and Control • Integrated Air and Missile Defense • Intelligence, Surveillance, Reconnaissance • Civil • Health Approved for Public Release, #15-0507; Unlimited Distribution Approved for Public Release #15-0906; Unlimited Distribution
  • 4. Information Systems Sector Focus Areas 4 Bioinformatics and Analytics Benefits Management Population Health Fraud Detection/ Prevention NextGen Claims/Payment Modernization Personalized Health Health Financial Compliance and Fraud Detection Enterprise Support Applications Information Sharing Decision Support Tools Public Safety C2 and Mobility Identity Management Civil Multi-INT Fusion Large-Scale Data Management Multi-Source Solutions Special Intelligence Solutions SIGINT Tactical and Strategic ISR ISR Integrated Avionics Gateways and Networking Multi-Function RF Devices Ground and Airborne Radios Global SATCOM Distributed Mission Operations Communications Full-Spectrum Cyber Secure Enterprise Computing Defensive Cyber Operations Cyber Resilience Network Exploitation Big Data Analysis Biometric Intelligence Cyber Multi-Domain C2 Systems Combat System Integration: Air, Land, Maritime Large-Scale Enterprise C2 Solutions Critical Infrastructure and Force Protection Command and Control (C2) Joint Air and Missile Defense Ballistic Missile Defense Integration BMD Fieldable Systems International IAMD Integrated Air and Missile Defense UNMANNEDCYBER C4ISR LOGISTICS Approved for Public Release, #15-0507; Unlimited Distribution Approved for Public Release #15-0906; Unlimited Distribution
  • 5. About Me The End-to-End Monitoring team supports federal, state and local government programs, specializing in cyber and performance monitoring.  Cal - 28+ years in networking & cyber, 10 years in continuous & end-to-end monitoring architectures.  Currently supporting US CERT as Cyber Technologist and Solution Architect for Texas State Agencies  Previously worked as Cyber Architect for U.S. Department of State, Department of Homeland Security, Department of Justice and Patent Trademark Office.  In his spare time he is an avid music collector, IT cloud tech enthusiast and road warrior. 5 Approved for Public Release #15-0906; Unlimited Distribution
  • 6. Revised TAC 202 • Method to standardize and prioritize cyber risk from the state of Texas perspective • Standardizes a cyber approach and establishes a baseline for minimum cyber security • Tailorable or customizable for each state agency • Enables structure to fuse people, process and technology (tools) • Provides a phased approach to align with FISMA / NIST 800-53 • Control Catalog for mapping Federal / Texas laws, guidance and instruction 6 Approved for Public Release #15-0906; Unlimited Distribution
  • 7. Texas Cybersecurity Framework Overview – Phased approach to FISMA 7 Texas Cybersecurity Framework TAC 202 Agency Security Plan Template Control Catalog Vendor Services Alignment Risk Management Agency Security Plan Revised TAC 202Framework Texas Migrating from Static Governance to Dynamic FISMA Alignment Approved for Public Release #15-0906; Unlimited Distribution
  • 8. Federal Continuous Monitoring Program Continuous Diagnostics & Mitigation (CDM) • Leveraging automated tools and processes to continually assess IT systems, networks and programs • Capture real-time security information to effectively manage risk while reducing cost • Security controls are assessed continuously to provide real-time security posture instead of the traditional “snapshot-in-time • Real-time risk assessment is based on how well security controls mitigate known threats and vulnerabilities • Enables real-time risk management decision-making via continuous streaming of system state intelligence • Maps to 11 NIST Continuous Monitoring Domains, 15 DHS CDM Domains, NIST 800-53 Controls 8 Federal Policy Rapidly Moving Towards Real-time Cyber Monitoring Approved for Public Release #15-0906; Unlimited Distribution
  • 9. Department of Homeland Security (DHS) 15 Continuous Monitoring Domains Abbreviation Continuous Monitoring Domains Rollout Schedule HWAM Hardware Asset Management Phase 1 / 2015 SWAM Software Asset Management Phase 1 / 2015 VUL Vulnerability Management Phase 1 / 2015 CM Configuration Management Phase 1 / 2015 NAC Network Access Control Phase 2 / 2016 TRU Manage Trust In People Granted Access Phase 2 / 2016 BEH Manage Security Related Behavior Phase 2 / 2016 CAM Credential Access Management Phase 2 / 2016 AAC Manage Account Access Phase 2 / 2016 CP Prepare to Contingencies & Incidents (CIRT) Phase 3 / 2017 INC Respond to Contingencies & Incidents (CIRT) Phase 3 / 2017 POL Design & Build in Requirements Policy & Planning Phase 3 / 2017 QAL Design & Build in Quality Phase 3 / 2017 AUD Manage Audit Information Phase 3 / 2017 OPS Manage Operation Security (SIEM) Phase 3 / 2017 9 Approved for Public Release #15-0906; Unlimited Distribution
  • 10. National Institute of Standards and Technology (NIST) 11 Continuous Monitoring Domains NIST – DHS Continuous Domain Crosswalk D1 D2 D3 D4 D5 D6 D7 D8 D9 D10 D11 Asset Mgmt Vul Mgmt Config Mgmt Patch Mgmt Net Mgmt Event Mgmt Inc Mgmt Malware Detect Info Mgmt Lic Mgmt SwA A1 HWAM X A2 SWAM X X X A3 VUL X A4 CM X X A5 NAC X A6 TRU X X A7 BEH X X A8 CAM X A9 AAC X A10 CP X X X X A11 INC X A12 POL X X X X X X A13 QAL X A14 AUD X A15 OPS X X X X X X X X X X X 10 Approved for Public Release #15-0906; Unlimited Distribution
  • 11. 11 Continuous Monitoring Architecture Tailorable Framework As capabilities mature you move from continuous monitoring to continuous management Approved for Public Release #15-0906; Unlimited Distribution
  • 12. Dynamic TAC 202 Cyber Dashboard Features & Capabilities • Acceptable Cyber Risk (ACR) – The ACR is dynamically determined based on advanced analytics. It is continuously generated based on historical and real-time data. There are no static, defined thresholds. • Advanced Analytics – Display of meaningful and hidden patterns in unstructured security data using statistics, metrics, and algorithms. Big Data analytics is best “visualized” to show insights normally not seen in tabular data displays, i.e, visual analytics. Cyber measures / metrics are dynamically reported in real-time • Dynamic Color Coding – A color scheme using green, yellow and red applied to dashboard metrics and maps based on dynamic changes in the ACR. • Predictive Analytics (Machine-Learning) – The dashboard dynamically extracts and learns from security control, defense in depth protection and incident information (i.e., historical and real-time) in order to predict future cyber events and ability to respond and mitigate. • Quality of Protection (QoP)– A derived metric capturing end-to-end cyber protection based on security controls and defense-in-depth cyber protection profiles. Key Cyber Indicators (KCIs) are calculated, combined and weighted to measure potential risk factors contributing to lack/failure of end-user or critical asset protection. 12 Approved for Public Release #15-0906; Unlimited Distribution
  • 13. Continuous Monitoring Key Architecture Considerations 1. Know the Desired State Security Policy 2. Know the Actual State “On the Wire” Assessment 3. Know the Differences and Act Assess & Analyze Deviations Quickly 4. Group Items Found for Reporting Key stakeholders 5. Integrate with Legacy Systems Interoperate 6. Scale Enterprise & Regions 7. Role-Based Access Control Limit Access 8. Information Sharing Collaboration & Dissemination 13 Dynamic Cyber Dashboard Automate Security Aggregation, Correlation & Reporting Approved for Public Release #15-0906; Unlimited Distribution
  • 14. 14 “A cyber TAC 202 dashboard provides integrated visual analytics allowing cyber teams to visually interact with their data to better collaborate and quickly mitigate vulnerabilities and threats” Dynamic TAC 202 Cyber Dashboard Interactive Texas map drill-down to sites, assets, vulnerabilities, threats TAC 202 Dashboard Approved for Public Release #15-0906; Unlimited Distribution
  • 15. 15 Dynamic TAC 202 Cyber Dashboard Detailed Drill-down to Assets, Controls, Vulnerabilities, Compliance & Risk Approved for Public Release #15-0906; Unlimited Distribution
  • 16. Dynamic Continuous Monitoring Use Cases Unauthorized (Rogue) Device Events Rapid Detection of Rogue Devices Automate Alerting for Rapid Remediation (Quarantine, Removal) Unauthorized Software (Potential Malware) Events Rapid Detection of Unauthorized/Unlicensed Software on Endpoints Automate Alerting for Rapid Remediation and Removal Misconfigured Software (Deviations) Events Rapid Detection of “Current State vs Desired State” (based on policy) Automate Alerting for Remediation or Change Control Critical Vulnerability (Potential Exploitation/Weakness) Events 1. Rapid Detection of Vulnerabilities 2. Automate Alerting for Rapid Remediation (Quarantine, Removal) 3. Prioritized Response (based on policy) for Rapid Remediation (Quarantine, Removal) 16 1 2 3 4 Approved for Public Release #15-0906; Unlimited Distribution
  • 17. Unauthorized / Rogue Device Events 17 1 Approved for Public Release #15-0906; Unlimited Distribution
  • 18. 18 Dynamic TAC 202 Cyber Dashboard Cyber “Weather Map” for Unauthorized SW / Malware Detection TAC 202 Dashboard 2 Approved for Public Release #15-0906; Unlimited Distribution
  • 19. Dynamic TAC 202 Cyber Dashboard Cyber “Weather Map” for Mis-Configured Endpoints 19 TAC 202 Dashboard 3 Approved for Public Release #15-0906; Unlimited Distribution
  • 20. 20 Dynamic TAC 202 Cyber Dashboard Cyber “Weather Map” for Critical Vulnerability Detection TAC 202 Dashboard 4 Approved for Public Release #15-0906; Unlimited Distribution
  • 21. Cyber Situational Awareness Problem Reducing the Attacker “Free Time” in Network 21 “Profile of a Cyber Attack” Approved for Public Release #15-0906; Unlimited Distribution
  • 22. Cyber Best Practice Defense in Depth Monitoring 22 TAC 202 Dashboard Approved for Public Release #15-0906; Unlimited Distribution
  • 23. Cyber Attack Profiles Why Continuous Monitoring of Security Controls and DnD Matters 23 Perimeter Security Network Security Endpoint Security Application Security Data Security Mission Critical Assets Prevention Response Server IDP DLPSecurity Policies & Compliance Security Technology Evaluation Security Architecture & Design Security Awareness Training Near Real Time Security Dashboard Cyber Threat Intelligence Certification & Accreditation IT Security Governance Near Real Time Vulnerability Assessment SIEM SOC / NOC Monitoring (24x7) Threat Modeling Penetration Testing Incident Reporting, Detection, Response Digital Forensics Escalation Management Security SLA/SLO Reporting Outside threats Protection Risk Management DLP DLP DLP Acronyms & Abbreviations: DAR: Data At Rest DIM: Data In Motion DIU: Data In Use PKI: Public Key Infrastructure FDCC: Federal Desktop Core Configuration IDP: Intrusion Detection and PreventionSIEM: Security Information Event Management DLP: Data Loss Prevention NAC: Network Access Control DHS Einstein Honeypot Secure DMZs Application Security Messaging Security Messaging Security Web Proxy Content Filtering Enclave Firewall/IDP Desktop Firewall/IDP Endpoint Security Enforcement (Whitelist) XML Firewall Web Application Firewall Dynamic App Testing Static App Testing/Code Review Database Monitoring, Protection Enterprise Right Management PKI DAR/DIM/DIU Protection Identity & Access Management Data Integrity Data/Drive Encryption Perimeter Security Network Security Endpoint Security Application Security Data Security Mission Critical Assets Enclave Firewall/IDP Data Integrity DLP Data/Drive Encryption Database Monitoring, Protection PKI DAR/DIM/DIU Protection Enterprise Right Management Identity & Access Management Security Policies & Compliance Security Technology Evaluation Security Architecture & Design Security Awareness Training Near Real Time Security Dashboard Cyber Threat Intelligence Certification & Accreditation IT Security Governance Near Real Time Vulnerability Assessment SIEM SOC / NOC Monitoring (24x7) Threat Modeling Penetration Testing Incident Reporting, Detection, Response Digital Forensics Escalation Management Security SLA/SLO Reporting Malacious Insider Risk Management DLP DLP DLP Acronyms & Abbreviations: DAR: Data At Rest DIM: Data In Motion DIU: Data In Use PKI: Public Key Infrastructure FDCC: Federal Desktop Core Configuration IDP: Intrusion Detection and PreventionSIEM: Security Information Event Management DLP: Data Loss Prevention NAC: Network Access Control Prevention Response Protection Perimeter Security Network Security Endpoint Security Application Security Data Security Mission Critical Assets Prevention Response Perimeter Firewall NAC DLP Web Application Firewall PKI Security Policies & Compliance Security Technology Evaluation Security Architecture & Design Security Awareness Training Near Real Time Security Dashboard Cyber Threat Intelligence Certification & Accreditation IT Security Governance Near Real Time Vulnerability Assessment SIEM SOC / NOC Monitoring (24x7) Threat Modeling Penetration Testing Incident Reporting, Detection, Response Digital Forensics Escalation Management Security SLA/SLO Reporting Inside threats Protection Risk Management XML Firewall DLP DLP DLP Acronyms & Abbreviations: DAR: Data At Rest DIM: Data In Motion DIU: Data In Use PKI: Public Key Infrastructure FDCC: Federal Desktop Core Configuration IDP: Intrusion Detection and PreventionSIEM: Security Information Event Management DLP: Data Loss Prevention NAC: Network Access Control Perimeter IDP Messaging Security (Anti-virus, Anti-malware) DHS Einstein Web Proxy Content Filtering Endpoint Security Enforcement Server IDP Desktop Firewall/IDP Remote Access Wireless Security Network IDP Enclave Firewall/IDP Identity & Access Management DAR/DIM/DIU Protection Data/Drive Encryption Enterprise Right Management Database Monitoring, Protection Perimeter Security Network Security Endpoint Security Application Security Data Security Mission Critical Assets Prevention Response Security Policies & Compliance Security Technology Evaluation Security Architecture & Design Security Awareness Training Near Real Time Security Dashboard Cyber Threat Intelligence Certification & Accreditation IT Security Governance Near Real Time Vulnerability Assessment SIEM SOC / NOC Monitoring (24x7) Threat Modeling Penetration Testing Incident Reporting, Detection, Response Digital Forensics Escalation Management Security SLA/SLO Reporting Evading Insider User Protection Risk Management Acronyms & Abbreviations: DAR: Data At Rest DIM: Data In Motion DIU: Data In Use PKI: Public Key Infrastructure FDCC: Federal Desktop Core Configuration IDP: Intrusion Detection and PreventionSIEM: Security Information Event Management DLP: Data Loss Prevention NAC: Network Access Control Perimeter Firewall Web Proxy Content Filtering Endpoint Security Enforcement Zero Day Attack Insider Threat Massive Data Exfiltration Loss of data integrity confidentiality Approved for Public Release #15-0906; Unlimited Distribution
  • 24. Best Cyber Practice • Know your cyber requirements – Understand policy – Operationalize policy and apply to cyber tools and processes to make it more “actionable” – Design defense in depth monitoring architecture based on the business • Understand the threat – External bad actors – Insider threat – Know tactics, techniques and procedures • Understand your data… – Create data plan/data architecture – Map to security controls and defense in depth – “Listen” to your data • And how this applies to your agency’s core mission – What’s important to your business? – What are you trying to accomplish? – What, Who and How to report? 24 Implement Continuous Monitoring Approved for Public Release #15-0906; Unlimited Distribution
  • 25. Points of Contact Keri McClellan Program Manager Cell: 817-240-4693 Email: Keri.McClellan@ngc.com Calvin Smith Cyber Technologist, Solutions Architect & Project Manager Office: 512-374-4136 Email: ch.smith@ngc.com 25
  • 26. Q&A 26 Northrop Grumman Private/Proprietary Level 1Approved for Public Release #15-0906; Unlimited Distribution