OIT Security Operations

Slides:



Advertisements
Similar presentations
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Advertisements

Identity, Governance and Administration as forefront of IT Security model: European and North American Experience Vladislav Shapiro Director of Identity.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Controls for Information Security
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Module 14: Configuring Server Security Compliance
Chapter 6 of the Executive Guide manual Technology.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Alert Logic Security and Compliance Solutions for vCloud Air High-level Overview.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.
Wireless Intrusion Prevention System
Module 11: Designing Security for Network Perimeters.
IT Priorities Minimize CAPEX Maximize employee productivity Grow the business Add new compute resources real- time to support growth Meet compliance requirements.
Application Security in a cyber security program
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
ARAMA TECH D A T A P R O T E C T I O N P R O F E S S I O N A L S VISION & STRATEGY.
IS3220 Information Technology Infrastructure Security
BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.
2© Copyright 2013 EMC Corporation. All rights reserved. Cyber Intelligence Fighting Cyber Crime Insert Event Date LEADERS EDGE.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
SELF-DEFENDING NETWORK. CONTENTS Introduction What is Self Defending Network? Types of Network Attacks Structure of Self Defending Network Conclusion.
White Paper: Enterprise Encryption and Key Management Strategy 1 Vormetric Contact: Name: Tina Stewart (send traffic.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.
Security fundamentals
Your Partner for Superior Cybersecurity
Centralized Security Event Management
Cybersecurity - What’s Next? June 2017
Critical Security Controls
Real-time protection for web sites and web apps against ATTACKS
Compliance with hardening standards
Securing the Network Perimeter with ISA 2004
Intelligence Driven Defense, The Next Generation SOC
Leverage What’s Out There
Threat Management Gateway
Matt G change over point ?
Infrastructure, Data Center & Managed Services
I have many checklists: how do I get started with cyber security?
PBA.
Detecting and Mitigating Threats: The Evolving Threat Landscape in the GCC
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
AKAMAI INTELLIGENT PLATFORM™
Shifting from “Incident” to “Continuous” Response
Identity & Access Management
Securing the Threats of Tomorrow, Today.
Contact Center Security Strategies
Chapter 4: Protecting the Organization
How to Mitigate the Consequences What are the Countermeasures?
(With Hybrid Network Support)
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
UDTSecure TM.
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
New Security Rates Deliver Additional and Improved Protections
Presentation transcript:

OIT Security Operations November 10th, 2016

OIT Security Operations The Enterprise Security Operations team is responsible for the day-to- day security operations for our state agency customers. The team works with other OIT teams to ensure the State’s security position is balanced between business needs and the current threat to technology resources.

Enterprise Support The Enterprise Security Operations team works hand in hand with the Office of Information Security and implementing the Secure Colorado initiative. The CIS 20 Critical Security Controls are part of the Secure Colorado Initiative. The implementation strategy relies heavily on the security layered defense model. The four tiered (Endpoint Security, Network Security, SOC Services, Threat and Vulnerability Services) organization structure aligns with the CIS 20 Critical Security Controls strategy providing service at each layered defense level. The Enterprise Security Operations team is currently assigned to planning, architecting/designing, implementing, and running the security control/layered defense within the state infrastructure.

Enterprise Security Operations Services Endpoint Security Services McAfee EPO Virus Scan Enterprise, Endpoint Encryption Policy Auditor Host Intrusion Prevention System (HIPS) Host Data Lost Prevention Anti-spyware, Application Whitelisting CIS Benchmark scanning Web Filtering - Agency Based Content Monitoring - Agency Based Threat and Vulnerability Management Services Vulnerability scanning ( Web, Application, DataBase) External and internal Pen testing Threat Intelligence   Network Security Service Firewall Change Request- installation, modification and monitoring External DNS VPN - Site to Site, Client based remote access Security Operations Center Services Perimeter monitoring Incident response Intrusion Prevention System/Intrusion Detection Systems administrator Log management and correlation of state network traffic

Tools and Technologies Intel (McAfee) Security Suite: Virus Scan Enterprise, Host IPS, Enhanced endpoint Policies, Global Threat Intelligence, Nitro - SIEM Palo Alto – Vulnerability protection, Application ACL inspections, DDOS protection, WildFire MS-ISAC Albert (IDS) services, US-Cert notification, Currently review tools for Advanced analytics and threat detections

Current and Future Metrics Current Metrics: The ratio of managed to unmanaged assets Security Incident recorded in ticket system Number of machines patched Trending reports from SIEM Monthly Threat report from Cyber Joint Task Force Maturity Metrics: The ratio of managed to unmanaged assets The mean time to patch critical vulnerabilities The mean time to remediate an incident The percentage of systems that that meet compliance standards The percentage of users who fail selected social engineering tests

Key Factors for Maturing Threat Detection and Incident Response Educate employees and IT staff – Currently providing quarterly security training for employees and IT staff. Additional training for IT staff focusing on first responders ability to identify a security event and elevation of security incident Incident Response Table Top exercises – The state Office of Information Security and Security Operations are performing monthly table top exercise during our Security All Hands meeting. In order to familiarize ourselves with our incident response plans, identify gaps and improvements. Additionally, the state is participating in table top exercises with the national guard and educational partners Alleviate admin burden (reduction of manual process) - Currently we are investing in solution to help automate incident response. The Intel (McAfee) MAR (McAfee Active Response), TIE/DXL, and ATD ( Advance Threat Detection) are in planning stages and will be identify threat and automate incident response. The state is also currently review Incident Response tools to help with tracking and providing standard operating procedure for handling security incidents. Reduce poor security practices and behavior – This is a cultural change for the state in which we are working with the IT team to think security while developing solution. This is a continuous effort which we are beginning to see significant improvement. North/South and East/West visibility - The state is beginning to posture itself to have visibility north, south, east, and west in each security zone. The initial phase was implemented two years ago when replacing the state perimeter and logically separating executive branch traffic from non-executive branch traffic.

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.