Presentation is loading. Please wait.

Presentation is loading. Please wait.

Agenda Enterprise Situational Awareness Active Defense

Published byEustace Norman Modified over 6 years ago

Similar presentations

Presentation on theme: "Agenda Enterprise Situational Awareness Active Defense"— Presentation transcript:

0 Accenture Cyber Security Enterprise Situational Awareness, Risk Assessment, and Active Defense
Accenture Proprietary, All Rights Reserved, Not for Distribution Copyright © 2010 Accenture. All right reserved

1 Agenda Enterprise Situational Awareness Active Defense
Open Architecture for Data Processing and Distribution Prioritization Risk Management

2 Enterprise Situational Awareness- Problem and Challenges
Active Defense Open Architecture for Data Processing and Distribution Prioritization Risk Management Problem Without full visualization and situational awareness of the GIG, it is difficult to provide an adequate cyber defense Currently no means to validate the network defensive posture Need enhanced situational awareness to improve network defense and effective combat operations Providing the effective and efficient means for COCOMS, Agencies, and other organizations to share compliance information A comprehensive solution includes Making it easy to share and distribute information Information must be relevant for each level of the organizational hierarchy The data transmission must not negatively impact the computational and network resources of the organizations and the GIG A vendor neutral capability that provides and distributes the networks’ defensive posture across the organizational hierarchy

3 Accenture Compliance Automation Reporting for Enhanced Situational Awareness
Enterprise Situational Awareness Active Defense Open Architecture for Data Processing and Distribution Prioritization Risk Management Accenture Compliance Automation Reporting (CAR) provides near-real time reporting throughout the organizational hierarchy Aggregates information from the lower levels and rolls up to the higher levels up to headquarters Data is summarized, transformed, and compressed to provide appropriate information at each level, which minimizes amount of data transmitted CAR, Powered by the Accenture Federated Framework, provides enterprise wide enhanced situational awareness

4 CAR Dashboard and Application
Enterprise Situational Awareness Active Defense Open Architecture for Data Processing and Distribution Prioritization Risk Management CAR’s Functions Provides a unified dashboard to access and display multi-vendor security compliance and risk applications at the organizational level (lowest level) Inputs FDCC scores in XCCDF format Groups FDCC fail scores into 7 risk categories (0-6, risk category 0 = 100% compliance) Provides a per desktop compliance score (0-100%) vs. risk score (0 – 7) of the organization on a two-dimensional graph that clearly identifies outliers Transforms XCCDF to an industry standard lightweight data interchange format and compresses it to two orders of magnitude less than original format Distributes the compressed risk and compliance data up the organizational hierarchy via the Accenture Federated Framework

5 Accenture Compliance Automation Reporting (CAR) Architecture and Data Flow
Enterprise Situational Awareness Active Defense Open Architecture for Data Processing and Distribution Prioritization Risk Management CAR, Powered by Accenture Federated Framework Employs GOTS & open source software Reduced cost of ownership Vendor Agnostic Conforms to Federal standards Real-time, federated architecture Consumes and Produces SCAP (XCCDF) HBSS Environment SQL Usage SCAP Usage

6 Accenture Federated Framework
Enterprise Situational Awareness Active Defense Open Architecture for Data Processing and Distribution Prioritization Risk Management Java based framework comprised of three components Application Layer - allows for custom business logic development (e.g., CAR) Data Processing Layer – provides access to enterprise data and interfaces to applications and software tools Federated Message-Oriented Middleware – distributes compressed data securely to all other Accenture Federated Framework nodes in the enterprise CAR

7 Start Demo CAR Demo Enterprise Situational Awareness Active Defense
Open Architecture for Data Processing and Distribution Prioritization Risk Management Start Demo

8 Active Defense Forensic Quarantine
Enterprise Situational Awareness Active Defense Open Architecture for Data Processing and Distribution Prioritization Risk Management Zero-day attacks …. We propose an approach to detect and stop the spread zero-day malware when the data is in motion. The proposed solution includes HBGary’s Digital DNA McAfee ePO Server Virtual Armor’s Blockhouse Accenture’s CAR and Dynamic Distributed Network (DDN)

9 Goals Indentify zero-day malware Determine if malware is spreading
Enterprise Situational Awareness Active Defense Open Architecture for Data Processing and Distribution Prioritization Risk Management Indentify zero-day malware Determine if malware is spreading Determine where it has spread Assess impact Prevent it from spreading further Isolate compromised machines Determine vector Remediate

10 Proposed Architecture and Process Flow
Enterprise Situational Awareness Active Defense Open Architecture for Data Processing and Distribution Prioritization Risk Management Digital DNA detects zero-day malware HBGary distributes malware signature to BlockHouse Blockhouse sends malware signature and network device change requests Blockhouse monitors firewall and network devices and identifies malware DDN configure network devices to protect network from new malware CAR distributes malware signature to all sites in federation to update other Blockhouse servers 5 6 3, 4 2 1

11 HBGary Digital DNA

12 Virtual Armor BlockHouse

13 Still Working on the this summary
Recommended Approach Think Big: Develop a Multi-Tiered offering for aggregation of data. Use a customer-focused approach within in the framework of a broad strategy that can achieve value through economies of scale. Develop a prioritization and risk management process from the visual views Collaborate from Cyber Command down to the services and agencies. Start Small: Provide Compliance Automation Reporting Framework at a lower command Develop the compliance definition and apply it into the report. 3 Month engagement Write a Governance process for Compliance Reporting Write a prioritization and risk management plan Initial releases will have minimal features that meet the customer needs Scale Fast: Build on success by quickly pulling in additional groups In parallel, evolve the Tiers with the lowest TCO to make them applicable to a broader audience Re-visit the “waterfall” after each change to the app set to re-evaluate candidacy for a higher Tier to help drive down costs. Subsequent releases will increase features to deliver capabilities not currently possible with the current desktop approach. Accenture Proprietary, All Rights Reserved, Not for Distribution Copyright © 2010 Accenture. All right reserved 13

14 Backup Slides

15 Threat Analysis Center Asset Capabilities
Cyber Range (Virtualized) Compliance Automation Reporting Framework Cyber Tool Set as a service Security Operation Center Transfer of data using SCAP (ARF) Past (Trend Analysis) Present (Real Time Mitigation and Remediation) Future (Predictive Analytics) Forensic Tools (Non Criminal activity) Threat Anomaly Correlation Malware Detection, Analysis and reverse engineering Vulnerability Replay Software Quality Assurance Security Engineering Monitoring Triage Coordination with outside SOC Arc Sight, Symantec, or McAfee Tools Consider A Security Operations Analysis Center – Everyone already has a NOC and SOC All can be reused throughout the Threat Analysis Framework Accenture Proprietary, All Rights Reserved, Not for Distribution Copyright © 2010 Accenture. All right reserved

16 GeoCode View GEO Code View - SAS

Download ppt "Agenda Enterprise Situational Awareness Active Defense"

Similar presentations

The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
EEye Digital Security  1.866.339.3732   On the Frontline of the Threat Landscape: Simple configuration goes a long way.

EEye Digital Security    On the Frontline of the Threat Landscape: Simple configuration goes a long way.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan www.gilligangroupinc.com May, 2009.

Automating Enterprise IT Management by Leveraging Security Content Automation Protocol (SCAP) John M. Gilligan May, 2009.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Security Automation May 26th, 2010. Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error.

Security Automation May 26th, Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error.
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
1© Copyright 2016 EMC Corporation. All rights reserved. VIEWTRUST SOFTWARE OVERVIEW RISK MANAGEMENT AND COMPLIANCE MONITORING.

1© Copyright 2016 EMC Corporation. All rights reserved. VIEWTRUST SOFTWARE OVERVIEW RISK MANAGEMENT AND COMPLIANCE MONITORING.
Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Similar presentations

Ads by Google