Because Security Gives Us Freedom - Chapters Site · NIST Security Controls (NIST Special...
Transcript of Because Security Gives Us Freedom - Chapters Site · NIST Security Controls (NIST Special...
www.onShore.com PANOPTIC CYBERDEFENSE™
Because Security Gives Us Freedom
www.onShore.com PANOPTIC CYBERDEFENSE™
PANOPTIC CYBERDEFENSE
CYBERSECURITYLEADERSHIP
Panoptic Cyberdefense is a monitoring and detection service in three levels:● Security Management and Reporting● Managed Detection and Response● Security Orchestration
Cybersecurity Leadership is a professional service, custom-tailored to the needs andgoals of your organization, designed to augment the leadership necessary to build amature cybersecurity operation, from the ground up. The service assists your organization with Assessment, Governance and Compliance, Security Readiness, and CISO Services.
Managed Security Systems for the enterprise, inclusing our own SIEM and NIDS platforms.
www.onShore.com PANOPTIC CYBERDEFENSE™
SECURITY IS A PROCESS NOT
A PRODUCT
www.onShore.com PANOPTIC CYBERDEFENSE™
CONFUSIONCONFUSION
www.onShore.com PANOPTIC CYBERDEFENSE™
SHELFWARE
MOST LIKELY
SIEMIDS
MAIN REASONS
LACK OF STAFFLACK OF CLARITYCOMPLIANCE ONLY
Source: 451 Research
www.onShore.com PANOPTIC CYBERDEFENSE™
LACKINGCLARITY
POINT OF ACTIVITY
SCOPE
www.onShore.com PANOPTIC CYBERDEFENSE™
SOLUTIONFRAGMENTATION
www.onShore.com PANOPTIC CYBERDEFENSE™
INCONSISTENTTERMS
www.onShore.com PANOPTIC CYBERDEFENSE™
UNCLEARSCOPE
www.onShore.com PANOPTIC CYBERDEFENSE™
SCOPEFRAGMENTATION
www.onShore.com PANOPTIC CYBERDEFENSE™
SOLUTIONFRAGMENTATION
www.onShore.com PANOPTIC CYBERDEFENSE™
POINTGAPS
www.onShore.com PANOPTIC CYBERDEFENSE™
SCOPEGAPS
www.onShore.com PANOPTIC CYBERDEFENSE™
LACKINGINTEGRATION
www.onShore.com PANOPTIC CYBERDEFENSE™
SCOPEGAPS
www.onShore.com PANOPTIC CYBERDEFENSE™
UNCLEARCLAIMS
www.onShore.com PANOPTIC CYBERDEFENSE™
PARTIAL ORCOMPLETE?
www.onShore.com PANOPTIC CYBERDEFENSE™
NEEDCOMPLIANCE
INFO
www.onShore.com PANOPTIC CYBERDEFENSE™
LITTLESTANDARDIZATION
OF TERMS
MAGNIFICENT 7
ENCRYPTIONSIEMVULNERABILITY MANAGEMENTIDS/IPSAVFIREWALLS/NGFWSMONITORING (GENERAL)
Source: 451 Research
www.onShore.com PANOPTIC CYBERDEFENSE™
LITTLESTANDARDIZATION
OF TERMS
MAGNIFICENT 7
ENCRYPTIONSIEMVULNERABILITY MANAGEMENTIDS/IPSAVFIREWALLS/NGFWSMONITORING (GENERAL)
Source: 451 Research
www.onShore.com PANOPTIC CYBERDEFENSE™
NO AUTHORITYINDUSTRY DOESN’T HAVEINCENTIVE
STANDARDS DON’T HAVEAUTHORITY
www.onShore.com PANOPTIC CYBERDEFENSE™
USE A MODEL
NIST Special Publication 800-53 (Rev. 4)Security Controls and AssessmentProcedures for Federal Information Systems and Organizations
NOT
NIST Framework for ImprovingCritical Infrastructure Cybersecurity
www.onShore.com PANOPTIC CYBERDEFENSE™
THE SOLUTION:MAPPING
PRODUCT
PROCESS
SERVICE
AC-1 ACCESS CONTROL POLICY- PROCEDURESAC-2 ACCOUNT MANAGEMENTAC-3 ACCESS ENFORCEMENTAC-4 INFORMATION FLOW ENFORCEMENTAC-5 SEPARATION OF DUTIESAC-6 LEAST PRIVILEGEAC-7 UNSUCCESSFUL LOGON ATTEMPTSAC-8 SYSTEM USE NOTIFICATIONAC-9 PREVIOUS LOGON NOTIFICATIONAC-10 CONCURRENT SESSION CONTROLAC-11 SESSION LOCKAC-12 SESSION TERMINATIONAC-13 SUPERVISION AND REVIEW - ACCESSAC-14 PERMITTED ACTIONS WITHOUT IDAC-15 AUTOMATED MARKINGAC-16 SECURITY ATTRIBUTESAC-17 REMOTE ACCESSAC-18 WIRELESS ACCESSAC-19 ACCESS CONTROL FOR MOBILE DEVICESAC-20 USE OF EXTERNAL INFORMATION SYSTEMAC-21 INFORMATION SHARINGAC-22 PUBLICLY ACCESSIBLE CONTENTAC-23 DATA MINING PROTECTIONAC-24 ACCESS CONTROL DECISIONSAC-25 REFERENCE MONITOR
www.onShore.com PANOPTIC CYBERDEFENSE™
A TINY BITABOUT
NIST
NIST Security Controls(NIST Special Publication 800-53 (Rev. 4))
Control FamiliesAC - Access ControlAU - Audit and AccountabilityAT - Awareness and TrainingCM - Confguration ManagementCP - Contingency PlanningIA - Identifcation and AuthenticationIR - Incident ResponseMA - MaintenanceMP - Media ProtectionPS - Personnel SecurityPE - Physical and Environmental ProtectionPL - PlanningPM - Program ManagementRA - Risk AssessmentCA - Security Assessment and AuthorizationSC - System and Communications ProtectionSI - System and Information IntegritySA - System and Services Acquisition
www.onShore.com PANOPTIC CYBERDEFENSE™
NIST ISCOMPREHENSIVE
SC-5 DENIAL OF SERVICE PROTECTION
Control DescriptionThe information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or references to sources for such information] by employing [Assignment: organization-defined security safeguards].
Control EnhancementsSC-5(1) DENIAL OF SERVICE PROTECTION | RESTRICT INTERNAL USERSThe information system restricts the ability of individuals to launch [Assignment: organization-defined denial of service attacks] against other information systems.SC-5(2) DENIAL OF SERVICE PROTECTION | EXCESS CAPACITY / BANDWIDTH / REDUNDANCYThe information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding denial of service attacks.SC-5(3) DENIAL OF SERVICE PROTECTION | DETECTION / MONITORINGThe organization:SC-5 (3)(a) Employs [Assignment: organization-defined monitoring tools] to detect indicators of denial of service attacks against the information system; andSC-5 (3)(b) Monitors [Assignment: organization-defined information system resources] to determine if sufficient resources exist to prevent effective denial of service attacks.
www.onShore.com PANOPTIC CYBERDEFENSE™
AC-5 SEPARATION OF DUTIES
Control DescriptionThe organization:a. Separates [Assignment: organization-defined duties of individuals];
b. Documents separation of duties of individuals; and
c. Defines information system access authorizations to support separation of duties.
MANY AREPURELY POLICY
www.onShore.com PANOPTIC CYBERDEFENSE™
Access ControlAC-4 INFORMATION FLOW ENFORCEMENTAC-5 SEPARATION OF DUTIESAC-20 USE OF EXTERNAL INFORMATION SYSTEMSAC-21 INFORMATION SHARING
Incident ResponseIR-4 INCIDENT HANDLINGIR-5 INCIDENT MONITORINGIR-6 INCIDENT REPORTINGIR-7 INCIDENT RESPONSE ASSISTANCEIR-9 INFORMATION SPILLAGE RESPONSEIR-10 INTEGRATED INFORMATION SECURITY
ANALYSIS TEAM
ONSHOREMDR
www.onShore.com PANOPTIC CYBERDEFENSE™
Access ControlAC-3 ACCESS ENFORCEMENTAC-5 SEPARATION OF DUTIESAC-7 UNSUCCESSFUL LOGON ATTEMPTSAC-8 SYSTEM USE NOTIFICATIONAC-9 PREVIOUS LOGON (ACCESS) NOTIFICATIONAC-10 CONCURRENT SESSION CONTROLAC-11 SESSION LOCKAC-12 SESSION TERMINATIONAC-13 SUPERVISION AND REVIEW - ACCESS CONTROLAC-14 PERMITTED ACTIONS WITHOUT IDENTIFICATION
OR AUTHENTICATIONAC-20 USE OF EXTERNAL INFORMATION SYSTEMSAC-21 INFORMATION SHARINGAC-24 ACCESS CONTROL DECISIONSAC-25 REFERENCE MONITOR
Incident ResponseIR-4 INCIDENT HANDLINGIR-5 INCIDENT MONITORINGIR-6 INCIDENT REPORTINGIR-7 INCIDENT RESPONSE ASSISTANCEIR-10 INTEGRATED INFORMATION SECURITY ANALYSIS TEAM
ONSHORESIEM
www.onShore.com PANOPTIC CYBERDEFENSE™
QUALIFIERS
SUPPORTS
COMPLETE
PARTIAL
www.onShore.com PANOPTIC CYBERDEFENSE™
CONSIDERATIONS
IN-SOURCEVS. OUT-SOURCE
POINT OF ACTIVITY
www.onShore.com PANOPTIC CYBERDEFENSE™
REVIEW
● It can be difficult to understand cybersecurity offerings and gaps that may remain because of the lack of a way to compare functions against a complete stack model and because of the lack of standardized terminology.
● NIST can be used as a model of completeness and mapping solutions to NIST controls both provides clarity and identifcation of gaps.
● Using the model involves determining which NIST controls the solution satisfes and to what degree. This can be done by simply posing the question to the vendor.
● Additional factors to consider involve in-sourcing versus out-sourcing in the context of risk.
● Point of activity should also be determined to understand gaps in scope not refected in the NIST controls.
●
www.onShore.com PANOPTIC CYBERDEFENSE™
CREDITS
Jim BurnhamSix Nines IT
Steve KentonShore’s CTO
Chris JohnsononShore’s Security Compliance Strategist
www.onShore.com PANOPTIC CYBERDEFENSE™
QUESTIONS
Stel ValavanisCEOonShore [email protected]@onShore.com