Presentation is loading. Please wait.

Presentation is loading. Please wait.

Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Enterprise Security: Planning Today for Tomorrows Unknown Threats.

Similar presentations


Presentation on theme: "Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Enterprise Security: Planning Today for Tomorrows Unknown Threats."— Presentation transcript:

1 Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Enterprise Security: Planning Today for Tomorrows Unknown Threats Christopher Buse Chief Information Security Officer State of Minnesota

2 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Agenda Vulnerability and threat trends Minnesotas enterprise-wide vulnerability management approach Q & A

3 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Payoff Update on the current threat landscape Understanding of why the problem is simply too big to solve on an agency by agency basis Tips to form audit recommendations with serious impact

4 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us My Job Build a world class enterprise security program for the State of Minnesota Challenges - Security - Cultural - Financial - Human Resources

5 Our Organization

6 Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Threat Update

7 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us The Landscape is Hostile Exponential increase in threats Threats more complex and stealthy Perpetrated by well funded criminal groups Zero day is now everyday

8 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Mobile Phone Attacks Todays phones are computes iPhone Blackberry Examples Blackjacking Exploit

9 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us RSA Takeaway Bad guys are getting much better Crimes of notoriety now crimes perpetrated for financial gain Almost everything bad starts by exploiting a vulnerability

10 Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Minnesotas Approach

11 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us What is a Vulnerability? Typically a logic flaw in a piece of software Exploited by hackers to obtain unauthorized access Over 8000 new vulnerabilities in 2006

12 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Dissecting the Problem Vulnerabilities that we can find and fix - In the wild long for at least a week - Reputable vendors have signatures Zero day vulnerabilities - Problems just identified - Most likely no signatures - Sometimes workarounds to minimize risk Unknown vulnerabilities - Something bad is happening - Scanning shows that nothing is wrong - AV and all else is up to date

13 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Plan of Attack ClassificationApproachToolset Find and FixActive Scanning and Remediation ip360, Webinspect, Core Impact Zero DayThreat Dissemination Services Commercial Services, ip360, Secure Portal UnknownBehavior AnalysisSIEM, IDS/IPS, Netflow

14 Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Find and Fix

15 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Desired Outcome Develop a comprehensive vulnerability management program - Promptly identify vulnerabilities - Classify vulnerabilities, based on criticality - Remediate issues

16 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Strategy Invest in an Enterprise Vulnerability Management Solution Join forces with Minnesota Colleges and Universities to build out a common vulnerability management program and share a common vulnerability management platform

17 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Personnel Office of Enterprise Technology and MnSCU Office of the Chancellor: - Oversee the program - Maintain enterprise tools - Provide training and technical support to agencies - Analyze and disseminate security advisories Agencies and MnSCU Institutions: - Use the tools to assess all technology assets - Establish vulnerability management team - Remediate issues

18 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Team Interactions Agency Vulnerability Management Team Network Support Server Support Workstation Support Application Support OET Central Vulnerability Management Team

19 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Tools ip360 by nCircle - VNE Manager appliance Harden BSD OS Web based console - Device Profiler Harden BSD OS Flash memory - Security Intelligence Hub (SIH) Oracle Database Canned and custom reporting TCO expected to be about 13 million over 12 years

20 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Architecture

21 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Program Status Software and hardware infrastructure built Installations complete at most large agencies Policies and detailed standards being finalized Lots of scanning activity - External face of government - Inside secure agency networks - Across the WAN Areas to focus on next - Mobile device vulnerabilities - Web application vulnerabilities

22 Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Zero Day Exploits

23 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Shootin Cattle World one giant herd Sharpshooters take aim and fire One cow drops Lead cow puts impenetrable shield to stop more bullets The herd is once again safe Snoop Doggie Moo

24 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Key Takeaways One cow always takes a bullet for the good of the team Its best not to be THAT cow Snoop I Paid Da Cost To Be Da Boss

25 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Strategy Manage an enterprise-wide threat dissemination service Subscribe to several commercial vulnerability notification services Communicate targeted notices to agencies - Leverage inventory date in ip360 - Communicate over secure portal

26 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Status Targeted advisory service dependent on ip360 inventory data Until ip360 fully deployed, broadcast critical alerts to agencies Plan to implement a secure portal this year

27 Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Unknown Vulnerabilities

28 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Strategy Actively look for signs of anomalies - IDS/IPS systems - Network flows - Security Information and Event Management (SIEM) system Quarantine machines exhibiting abnormal behavior

29 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us SIEM Real time analysis of security event data - Identify threats - Reporting on log data for forensic activities and compliance monitoring SIM is responsible for storage and reporting SEM is responsible for analysis and threat identification

30

31

32 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Status Joining forces with MnSCU to build one SIEM solution for higher education and government Currently working on RFP Plan to have solution running by June 2009 SIEM technology carries a hefty price tag

33 Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Audit Tips

34 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Stuff To Consider Enterprise-wide vulnerability and threat management audit Problem simply too costly to solve on an agency by agency basis Scanners only address known vulnerabilities with signatures - Need strategy to limit damage from zero day vulnerabilities - Need to be able to recognize abnormal network traffic

35 Innovation Change Transformation Office of Enterprise Technology Enterprise Security Office www.security.state.mn.us Questions chris.buse@state.mn.us


Download ppt "Innovation Change Transformation Enterprise Security Office www.security.state.mn.us Enterprise Security: Planning Today for Tomorrows Unknown Threats."

Similar presentations


Ads by Google