Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Automation May 26th, 2010. Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error.

Published byOliver Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Automation May 26th, 2010. Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error."— Presentation transcript:

1 Security Automation May 26th, 2010

2 Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error prone – Difficult to scale Inefficient – Resources spent on “security hygiene” Vulnerability management Configuration management Patch management Compliance management 2 Web Sites Guidance Documents Assessment Tools Management Tools Alerts & Advisories Reporting Tools

3 Security Automation: the solution Standardization: – Same Object, Same Name – Reporting Automation: – Efficiency – Accuracy – Resources re-tasked to harder problems: Incident response Infrastructure enhancement 3 Web Sites Assessment Tools Management Tools Alerts & Advisories Reporting Tools Guidance Documents

4 What are we achieving with Security Automation? Minimize Effort Reducing the time and effort of manual assessment and remediation Providing a more comprehensive assessment of system state Increase Standardization and Interoperability Enabling fast and accurate correlation within the enterprise and across organizations/agencies; Reporting Shortening decision cycles by rapidly communicating: Requirements (What/How to check) Results (What was found) Allowing diverse tool suites and repositories to share data Fostering shared situational awareness by enabling and facilitating data sharing, analysis, and aggregation

5 What are we achieving with Security Automation and Standardization? Standard data, economy of scale, and reuse Standardized security content can be developed once and used by many Common definitions for vulnerabilities, software, and policy statements Speed Rapidly identify vulnerabilities and improperly configured systems and communicate the degree of associated risk Zero day malware detection

6 Security Content Automation Protocol (SCAP) SCAP is a suite of specifications that together enable standardization and automation of vulnerability management, measurement, and technical policy compliance checking along with enhanced product and database integration capabilities with machine readable reporting. In other words, “the plumbing”

7 Security Content Automation Protocol (SCAP) Community developed Machine readable XML Reporting Representing security checklists Detecting machine state – Community developed – Product names – Vulnerabilities – Configuration settings Languages Means of providing instructions Enumerations Convention for identifying and naming Metrics Risk scoring framework Community developed Transparent Metrics Base Temporal Environmental

8 Business Systems Vulnerability Checks Infrastructure FixesAssetsEvent LanguagePatterns Sharable Policy System Characteristics Standard Names & Reference Conventions ControlsPolicy Reporting Layer and Data Interface WeaknessesThreats Lessons Learned Attack Patterns Technical Alerts & Signatures Bulletins and Advisories Situational Awareness Continuous Monitoring Automated Compliance Mgmt Notional Security Data Model

9 Reportable IT Systems OVALOCIL Inventoried, Trusted Connections OVRLAssetsEvent LanguagePatterns XCCDF System Characteristics ControlsPolicy Reporting Layer and Data Interface (TBD, e.g. XBRL, etc) TBDSignatures CAPEC Technical Bulletins Bulletins and Advisories Situational Awareness Continuous Monitoring Automated Compliance Mgmt TBD CRE CEE CERE CCECVECRETBD CCICCSSCPETBD Specifications-Based Security Automation

10 Security Automation Partners and Resources

11 Partners US Government – National Institute of Standards and Technology (NIST) – National Security Agency (NSA) – Department of Homeland Security (DHS) – Defense Information Systems Agency (DISA) Foreign Government – Japan - JVN/IPA - Japan Vulnerability Notes / Information Technology Promotion Agency – Spain – INTECO - Instituto Nacional de Tecnologías de la Comunicación Private Sector – Apple, Microsoft, Red Hat, Sun Microsystems – Security product vendors

12 National Vulnerability Database NVD is the U.S. government repository of public vulnerability management information. Provides standardized reference for software vulnerabilities. Over 39,000 CVE entries with the NVD Analysis Team evaluating over 6,000 vulnerabilities a year Product dictionary containing 18,000 unique product names Used by government, industry and academia Machine-readable data feeds Spanish and Japanese language translation http://nvd.nist.gov

13 National Checklist Program U.S. Government repository of publicly available security checklists Eases compliance management Checklists cover 178 products SCAP content Checklist contributors include Government organizations Vendors Non-profit organizations Part 39 of the Federal Acquisition Regulation (FAR) http://checklists.nist.gov

14 Content Tools eSCAPe Creation of new and/or customized configuration policies Puts the power of SCAP into the hands of existing staff; reduces cost/barrier of entry Government wide, department level, or agency specific Quickly generate specific assessment criteria for vulnerabilities or presence of malware Pushed out to SCAP enabled products Content Validation Ensures all content published to NCP is formatted correctly

15 SCAP Validation Program Provides product conformance testing for Security Content Automation Protocol (SCAP) National Voluntary Laboratory Accreditation Program – Independent testing laboratories – Reports validated by NIST http://scap.nist.gov/validation.cfm (Validation Program) http://scap.nist.gov/validation.cfm http://scap.nist.gov/scapproducts.cfm (Validated Products) http://scap.nist.gov/scapproducts.cfm

16 NIST SCAP Product Validation Program http://nvd.nist.gov/scapproducts.cfm

17 Looking Ahead Remediation capabilities – Rapidly deploy corrective action Shutting down services, locking out accounts, etc… Network Event Management – Event Management Automation Protocol (EMAP)

18 Conclusion Security Automation: Improves efficiency Promotes interoperability of data and security tools Enables standardized reporting across multiple views Provides enhanced situational awareness

Download ppt "Security Automation May 26th, 2010. Security Automation: the challenge “Tower of Babel” – Too much proprietary, incompatible information – Costly – Error."

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
IMPLEMENTING FINANCIAL AND ACCOUNTING SYSTEMS FOR GOVERNMENT CHRISTIAN T. SOTTIE THE CONTROLLER AND ACCOUNTANT-GENERAL GHANA.

IMPLEMENTING FINANCIAL AND ACCOUNTING SYSTEMS FOR GOVERNMENT CHRISTIAN T. SOTTIE THE CONTROLLER AND ACCOUNTANT-GENERAL GHANA.
METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.

METRICS AND CONTROLS FOR DEFENSE IN DEPTH AN INFORMATION TECHNOLOGY SECURITY ASSESSMENT INITIATIVE.
Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.

Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Bill McClanahan – Principal Business Consultant LPS Integration.

Bill McClanahan – Principal Business Consultant LPS Integration.
Delivering Mission Agility Through Agile SOA Governance 13 th SOA e-Government Conference 4/12/2012 Presented by Wolf Tombe Chief Technology Officer (CTO)

Delivering Mission Agility Through Agile SOA Governance 13 th SOA e-Government Conference 4/12/2012 Presented by Wolf Tombe Chief Technology Officer (CTO)
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Paul Green –President and Founder of G2, Inc –We are trusted security advisors to the Federal Government and Fortune 500. –We are recognized as having.

Paul Green –President and Founder of G2, Inc –We are trusted security advisors to the Federal Government and Fortune 500. –We are recognized as having.
Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA www.gilligangroupinc.com March 10, 2009.

Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA March 10, 2009.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
TRAC / TDR ICPSR 2012. Trustworthy Digital Repositories.

TRAC / TDR ICPSR Trustworthy Digital Repositories.
Use of Oregon Statewide Electronic Records Management Systems (ERMS) Price & Services Agreements (PSA) DAS SPO Representative Lena Ferris DAS EISPD Representatives.

Use of Oregon Statewide Electronic Records Management Systems (ERMS) Price & Services Agreements (PSA) DAS SPO Representative Lena Ferris DAS EISPD Representatives.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Security Controls – What Works

Security Controls – What Works
NSA/DISA/NIST Security Content Automation Program Vulnerability Compliance & Measurement Stephen Quinn & Peter Mell Computer Security Division NIST.

NSA/DISA/NIST Security Content Automation Program Vulnerability Compliance & Measurement Stephen Quinn & Peter Mell Computer Security Division NIST.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.

Inteco and NIST Cooperation Peter Mell National Vulnerability Database Project Lead Senior Computer Scientist NIST Computer Security Division Tim Grance.

Similar presentations

Ads by Google