Reorganizing Federal IT to Address Today's Threats
-
Upload
lumension -
Category
Technology
-
view
684 -
download
0
description
Transcript of Reorganizing Federal IT to Address Today's Threats
![Page 1: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/1.jpg)
Reorganizing Federal IT to Address Today’s Threats
![Page 2: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/2.jpg)
Today’s Speakers
Paul ZimskiVP of Solution StrategyLumension
Richard StiennonAnalyst and AuthorIT Harvest
2
![Page 3: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/3.jpg)
Today’s Agenda
Today’s Threats Targeting Government Systems
How to Reorganize Federal IT
Examining Key Security Strategies
Q&A
![Page 4: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/4.jpg)
New Threats to Federal IT Systems
![Page 5: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/5.jpg)
5
Dark and Stormy forecast for Federal networks• In March 2011 24,000 documents exfiltrated from Pentagon
contractor
• Elaborate attack against RSA results in loss of millions of secret seeds for tokens
• Ensuing attacks against Lockheed Martin, Grumman and L3
• IMF losses
• Hacker attacks against Senate.gov, CIA.gov
5
![Page 6: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/6.jpg)
6
Something needs to change• Threat is there, now what do we do?
6
![Page 7: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/7.jpg)
How to Reorganize Federal IT
![Page 8: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/8.jpg)
8
Advocate bottom-up rather than top-down change
•Pentagon’s just published Strategy for Operating in Cyberspace is yet another example of top down strategy documents.
•Expect similar results to the Comprehensive National Cybersecurity Initiative, Presidential Directives, and Cyberspace Policy Review.
8
![Page 9: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/9.jpg)
Pentagon Strategy for Operating in Cyberspace 15, July 2011• Strategic Initiative 1: Treat cyberspace as an operational domain to organize,
train, and equip so that DoD can take full advantage of cyberspace’s potential.
• Strategic Initiative 2: Employ new defense operating concepts to protect DoD networks and systems.
• Strategic Initiative 3: Partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy.
• Strategic Initiative 4: Build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity.
• Strategic Initiative 5: Leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation.
9
![Page 10: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/10.jpg)
10
Organizing for cyber defense
• There is no strategy without responsibility
• Create a separate unit to address targeted attacks
10
![Page 11: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/11.jpg)
Introducing the cyber defense team
Cyber Commander
Analysts Operations Red Team
11
![Page 12: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/12.jpg)
Cyber Commander• Assigns and directs roles
• Makes sure the correct tools and defenses are deployed
• Puts in place controls and audit processes
• Reports to upper management on the results of those processes and audits
• Primary point of contact for communicating to law enforcement and intelligence agencies
12
![Page 13: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/13.jpg)
Analysts
Cyber defense analysts study the threat landscape and gather intelligence on emerging threats.
• Understanding the state of the art in attack methodologies.
• Getting to know potential attackers and monitoring their activity.
• Monitoring known attack sources.
• Communicating the threat level to the rest of the cyber defense team.
• Assisting in evaluating technology for internal deployment.
13
![Page 14: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/14.jpg)
Operations
• Selecting and deploying tools
• Discovering internal infections
• Monitoring insider behavior
14
![Page 15: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/15.jpg)
Red Team
• Attack and penetration
• Internal audit
• Operates outside the realm of operational vulnerability assessment. They thrive on social engineering.
15
![Page 16: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/16.jpg)
16
Next steps
• Repeat cyber command structure in every agency / department
• Create overarching cyber command
16
![Page 17: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/17.jpg)
17
Elements of a defensive strategyHarden networks and end points against targeted attacks:
1.Complete packet inspection inbound and outbound
2.Whitelisting on servers, desktops, and embedded systems
3.Platform diversity (Do not, for instance, run Windows on control systems)
4.User behavior monitoring
17
![Page 18: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/18.jpg)
The attackers have changed their tools, targets, and goals.
The defenders must change too.
18
![Page 19: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/19.jpg)
19
Richard StiennonChief Research AnalystIT-Harvest
[email protected] Blog: Forbes Cyber Domaintwitter.com/stiennon
19
![Page 20: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/20.jpg)
Examining Key Security Approaches
![Page 21: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/21.jpg)
1. Implement Defense-in-Depth Endpoint Security
2. Shift from Threat-Centric to Trust-Based Security
3. Build a bottom up approach with operational excellence focused on “the basics”
Three Defensive Strategies
![Page 22: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/22.jpg)
Strategy 1: Defense-in-Depth
22
BlacklistingAs The Core
Zero Day
3rd Party Application Risk
MalwareAs a Service
Volume of Malware
Traditional Endpoint Security
Patch & Patch & ConfigurationConfiguration
Mgmt.Mgmt.
Defense-N-Depth
![Page 23: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/23.jpg)
Strategy 2: Trust-Based Security
![Page 24: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/24.jpg)
Malware
What is Application Whitelisting?
24
Authorized•Operating Systems•Business Software
Known• Viruses• Worms• Trojans
Unauthorized•Games•iTunes
•Shareware•Unlicensed S/W
Unknown• Viruses• Worms• Trojans• Keyloggers• Spyware
ApplicationsU
n-T
rust
ed
![Page 25: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/25.jpg)
Flexible Trust
Trusted Publisher• Authorizes applications based on the vendor that “published” them through
the digital signing certificate.
25
Trusted Updater• Authorizes select systems management solutions to “update” software, patches
and custom remediations, while automatically updating them to the whitelist.
Trusted Path• Authorizes applications to run based on their location.
Local Authorization• Allows end-users to locally authorize applications which have not been otherwise
trusted by the whitelist or any other trust rules.
25
![Page 26: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/26.jpg)
Strategy 3: Operational Excellence – “The Basics”
26
Assess Prioritize Remediate Repeat• Identify all IT assets (including platforms, operating systems, applications, network services)
• Monitor external sources for vulnerabilities, threats and intelligence regarding remediation
• Scan all IT assets on a regular schedule for vulnerabilities, patches and configurations
• Maintain an inventory of IT assets
• Maintain a database of remediation intelligence
• Prioritize the order of remediation as a function of risk, compliance, audit and business value
• Model / stage / test remediation before deployment
• Deploy remediation (automated, or manually)
• Train administrators and end-users in vulnerability management best practices
• Scan to verify success of previous remediation
• Report for audit and compliance
• Continue to assess, prioritize and remediate
Source: Aberdeen Group, Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), December 2010
![Page 27: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/27.jpg)
Stop Unwanted Applications
»Immediate and simple risk mitigation
27
Denied Application Policy prevents unwanted applications even if they are already installed
Easily remove unwanted applications
![Page 28: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/28.jpg)
Reducing Local Administrator Risk
»Limit Local Admin Usage»Monitor and Control existing Local Admins
28
![Page 29: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/29.jpg)
Q&A
![Page 30: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/30.jpg)
Next Steps
30
•Resource Center: Putting Cyber Security Plans into Action
» http://www.lumension.com/Resources/Resource-Center/Putting-Cybersecurity-Plans-into-Action.aspx
•Free Security Tools» http://www.lumension.com/Resources/Premium-Security-Tools.aspx
•Whitepapers» Infosecurity for Government Agencies: Checks, Balances &a More Secure Endpoint
• http://www.lumension.com/Resources/WhitePapers/Information-Security-for-Government-Agencies-Checks-Balances-and-a-More-Secure-Endpoint.aspx
» Intelligent Whitelisting: An Introduction to More Effective and Efficient Security• http://www.lumension.com/Resources/Whitepapers/Intelligent-Whitelisting-An-Introd
uction-to-More-Effective-and-Efficient-Endpoint-Security.aspx
![Page 31: Reorganizing Federal IT to Address Today's Threats](https://reader035.fdocuments.in/reader035/viewer/2022070315/554dadd5b4c905047b8b4f9e/html5/thumbnails/31.jpg)
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828