White Paper. View cyber and mission-critical data in one dashboard

Similar documents
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Federal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Information Security Continuous Monitoring (ISCM) Program Evaluation

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Continuous protection to reduce risk and maintain production availability

Why you should adopt the NIST Cybersecurity Framework

Cisco Smart+Connected Communities

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

RSA NetWitness Suite Respond in Minutes, Not Months

INFORMATION ASSURANCE DIRECTORATE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Accelerate Your Enterprise Private Cloud Initiative

SIEM: Five Requirements that Solve the Bigger Business Issues

Total Protection for Compliance: Unified IT Policy Auditing

Information Security and Service Management. Security and Risk Management ISSM and ITIL/ITSM Interrelationship

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Symantec Security Monitoring Services

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Secure the value chain. Risk management in the omnichannel consumer and retail environment

CYBERSECURITY RESILIENCE

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

CONE 2019 Project Proposal on Cybersecurity

Oracle Buys Automated Applications Controls Leader LogicalApps

WHITE PAPER CONTINUOUS MONITORING INTRODUCTION & CONSIDERATIONS PART 1 OF 3

Security and Privacy Governance Program Guidelines

Vulnerability Assessments and Penetration Testing

Enterprise Risk Management (ERM) and Cybersecurity. Na9onal Science Founda9on March 14, 2018

DHS Cybersecurity: Services for State and Local Officials. February 2017

The Connected Water Plant. Immediate Value. Long-Term Flexibility.

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

MITIGATE CYBER ATTACK RISK

McAfee epolicy Orchestrator

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

NEXT GENERATION SECURITY OPERATIONS CENTER

QUIACLE TECHNOLOGY SOLUTIONS, INC. CLOUD SERVICES MANAGED SECURITY SERVICES

HP Fortify Software Security Center

SIEM Solutions from McAfee

Department of Management Services REQUEST FOR INFORMATION

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

G7 Bar Associations and Councils

Best Practices in Securing a Multicloud World

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

FOR FINANCIAL SERVICES ORGANIZATIONS

IT-CNP, Inc. Capability Statement

Cisco Connected Factory Accelerator Bundles

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

INFORMATION ASSURANCE DIRECTORATE

THE POWER OF TECH-SAVVY BOARDS:

5 Steps to Government IT Modernization

Cyber attacks are coming. Amplify your security and risk management protect your data, customers, and future

Federal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Cybersecurity & Privacy Enhancements

Automating the Top 20 CIS Critical Security Controls

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Cybersecurity and the Board of Directors

Industry role moving forward

Ensuring System Protection throughout the Operational Lifecycle

The Perfect Storm Cyber RDT&E

TSC Business Continuity & Disaster Recovery Session

Background FAST FACTS

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015

Sustainable Security Operations

The NIST Cybersecurity Framework

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Information Infrastructure and Security. The value of smart manufacturing begins with a secure and reliable infrastructure

locuz.com SOC Services

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Smart Data Center Solutions

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

CYBER SOLUTIONS & THREAT INTELLIGENCE

Micro Focus Partner Program. For Resellers

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

SYNERGISTIC WARFARE COMMUNICATION SOLUTIONS

Cyber Security and Cyber Fraud

Are we breached? Deloitte's Cyber Threat Hunting

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Transcription:

View cyber and mission-critical data in one dashboard

Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland Security Continuous Diagnostics & Mitigation (CDM) program is dashboards that provide enterprise-wide views of the current status of basic security controls. If properly implemented and maintained, they reduce many of the common vulnerabilities Internet-facing technology creates. DXC Technology found a way to combine that information with mission asset information to create a more holistic view. Rising cyber events Hardly a week goes by without news of a significant cyber event that results in the loss of highly personal, financial, medical, or business-sensitive information. Frequently, these losses are attributed to flaws in the commercial software that powers our on-line world. The National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and the Department of Homeland Security s Continuous Diagnostics & Mitigation Program (CDM) were both established to assist public sector organizations in keeping up with, if not getting ahead of, some of the cyber threats that face those organizations that rely on the Internet. Public sector organizations have embraced RMF to address these issues, using enterprise-wide programs that continuously identify, prioritize, and document risks. The result is that an economical set of control measures (involving people, processes, and technology) can be selected to mitigate the risks to an acceptable level. This approach also begins the process of identifying the dependencies between assets and missions, executing incident response and remediation according to priorities, and generating an easily understood view of the overall security posture. There are a number of challenges and obstacles to developing a solution that accomplishes the complex orchestration of capabilities needed. These include integrating a wide variety of products, evolving compliance-based processes to risk-based processes, associating cyber and physical assets to the mission space, and understanding the expanding volume of data. Mitigating threats By focusing on data integration, we were able to integrate encryption technology that secures data in motion and data at rest. These functions, in turn, allowed us to more easily develop a shared services solution, focused on smaller agencies that may not have the technical resources and expertise to perform this work themselves. The intent is to instrument the endpoints, hosts, and local networks with sensors. Thus securely sending that information to a shared service that will perform the more complex and compute-intensive aggregation, correlation, analysis, and risk scoring in a multitenant environment. 2

DXC enables government and commercial enterprises to leverage their current investments, using our data-centric integration approach. It normalizes the data and information that comes from a variety of tools and products into a common model. This common data model provides a single authoritative data access point, allowing us to easily integrate new tools and capabilities for analysis and operations that satisfy the requirements of cyber defense situational awareness.. These capabilities form the basis of an open, flexible, and secure platform adhering to the principles of the RMF. When we reviewed the requirements for a client s CDSA capability, we realized that our extensive CDM integration work in our lab could be broadened to incorporate the products that would satisfy the full range of CDSA functions. We focused on four specific functions that bridge the current version of CDM to CDSA, and which adhere to DHS program phases: incident response, courses of action (CoA), mission dependencies, and mission asset management. The key innovation behind these four functions is relating cyber incidents and affected assets to specific missions and mission assets, for example, soldiers and equipment in the field. So, in a client sample scenario, when an advanced persistent threat (APT) is detected, both a cyber incident response and mission incident response would be initiated. The APT should be remediated, but any related missions should be modified to protect people and equipment. The DXC solution provides the ability to manage by risk, respond to incidents, and apply courses of action to the mission space. Heighten awareness A comprehensive cyber situational awareness (CSA) model is based upon analysis of millions of sensors, processing billions of files and web objects, and correlation of global network traffic flows against industry threat intelligence feeds and threat models. The results must be continuously shared within the organization, as well as with its external partners. The model must also extend to appropriate security metrics, security enforcement policies, controls and technologies, security management, operations workflow, and multi-level risk management reporting dashboards that can fuse analytics with mission dependencies. DXC has quickly accomplished the transformation of our cybersecurity solution set because we have invested in performing the complex and difficult integration work, making it incredibly easy to plug in new technologies and functionality. We are able to do this by leveraging our world-class capabilities and proven experience in cybersecurity, enterprise service management, Big Data management, as well as analytics and risk management. We have leveraged the agile integration successes in the Center for Cybersecurity Innovation & Integration (C2I2) lab to rapidly begin DHS CDM deployments to 6 civilian agencies, well ahead of our competitors even though we were awarded the most recent task order. This methodology has also allowed us to quickly expand the functionality of our risk management solution, leading to development of CDSA capabilities for foreign public sector customers in the form of proofs-of-concept. The same process has influenced the development of Contextual Security Analytics and Mitigation (CSAM) capabilities for U.S. public sector customers in the form of proofs-of-concept. 3

Author George Romas is currently a chief engineer, Cybersecurity at DXC Enterprise. Mr. Romas has over 30 years experience, providing his expertise across a wide range of technologies to customers in the U.S. federal government and commercial markets. From requirements analysis to designing, deploying, and managing global architectures, Mr. Romas has integrated secure solutions from requirements and concept through deployment and sustainment. He maintains a toplevel clearance and memberships in the following organizations: IEEE, ACM, and MENSA. Through the convergence of these complementary solution sets, DXC is quickly developing an architecture that supports cyber situational awareness and mission assurance. By focusing on protecting your digital enterprise and empowering the data-driven organization, we are proving these advanced capabilities in our own labs, our customers development environments, and our customers production systems. Authority on assets Cyber defense tools: configurations, network management, vulnerabilities, application security Cyber defense tools: configurations, network management, vulnerabilities, application security Threats SIEM/APT alerts Single authoritative data access point Comparisons/ defect detection Desired state/ policies Courses of action Defects/alterations/ findings Implement COA to reduce threat/risk Situational awareness portal Figure 1: Client CDSA Solution Architecture Case Study #1 A large defense entity developed a use case based set of scenarios, detailing various high, moderate, and lower priority situations. Each interested participant was asked to provide a detailed technical overview, describing what commercial off-theshelf (COTS) technologies the participant could provide, and how those technologies would be integrated to address the specific sample scenarios. Based on these presentations to the organization, DXC was one of only a small number of firms invited to provide a live capability demonstration of the proposed solution, using sample data provided by the client. DXC was further down selected as one of two firms to undergo more rigorous testing by the client. DXC was selected to provide an initial implementation of the Cyber Defense and Situational Assessment solution at the client s headquarter facilities. Case Study #2 The Continuous Diagnostics & Mitigation (CDM) program is a dynamic approach to fortifying the cybersecurity of government networks and systems. CDM provides federal departments and agencies with capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritizes these risks based upon potential impacts, and enables cybersecurity personnel to mitigate the most significant problems first. Congress established the CDM program to provide adequate, riskbased, and cost-effective cybersecurity and more efficiently allocate cybersecurity resources. The CDM program enables government entities to expand their continuous diagnostic capabilities by increasing their network sensor capacity, automating sensor collections, and prioritizing risk alerts based upon COTS tools, with robust terms for technical modernization as threats change. 4

DXC was awarded one of 17 blanket purchase agreements, which in turn, allowed us to win Task Order 2E to provide the DXC CDM Solution to the Department of Housing and Urban Development (HUD), Environmental Protection Agency (EPA), Small Business Administration (SBA), Department of Education (DoED), National Science Foundation (NSF), and the Nuclear Regulatory Commission (NRC). Evolving the solution As we mature our CDSA capabilities, our architectural roadmap includes a Big Data, analytic platform as the single authoritative data source. We are developing this platform as part of a separate offering CSAM, which is built on state-of-the-art Big Data components: Open source: Hadoop, Kafka, Spark DXC products: Autonomy IDOL, Vertica As we scale up CDSA data sources, our clients will gain unique insight on cyber events and how they relate to missions. Focusing on data and data integration simplifies the overall solution architecture. DXC continues to demonstrate its leadership in the cybersecurity space, not merely by providing technologies, but by providing innovative solutions that leverage our clients current investments with our unique integration capabilities to better protect the enterprise. Learn more at www.dxc.technology/security About DXC DXC Technology (NYSE: DXC) is the world s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70 countries. The company s technology independence, global talent and extensive partner alliance combine to deliver powerful next-generation IT services and solutions. DXC Technology is recognized among the best corporate citizens globally. For more information, visit www.dxc.technology. www.dxc.technology 2017 DXC Technology Company. All rights reserved. DXC_4AA6-5052ENW. April 2016

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback