Leveraging SANS and NIST to Evaluate New Security Tools

Transcription

1 Leveraging SANS and NIST to Evaluate New Security Tools

2 Agenda About TaaSera A Problem to Solve Overview of NIST Cybersecurity Framework Overview of SANS CSC-20 Call to Action Conclusion Q&A

3 Company Founded 2012 Spin-Off from SRI International Patented Technology (6 Issued, 3 Pending, 3 Licensed) $19.5mm Raised to Date Series B Underway 28+ Customers, 50+ PoCs Headcount 65+ Cupertino, CA I McLean, VA

4 A Problem To Solve Implementing risk management and deploying security controls The number of products can up add quickly and it becomes increasingly difficult to assess the potential value of the next product How do I make gains against the plan? -Easy to implement -Measurable and reasonable

5 Overview of NIST Cybersecurity Framework History What is it? Framework Core Framework Implementation Tiers Framework Profile

6 NIST Cybersecurity Framework Core Referenced from: NIST Cybersecurity Framework, 02/12/2014

7 Turning Theory Into Practice Introducing SANS CSC-20 History Why is there a SANS CSC-20?

8 Turning Theory Into Practice What does it consist of? Proof Actions grouped by 4 Categories o Quick Wins o Visibility & Attribution Measures o Improved Information Security Config & Hygiene o Advanced Security Framework Mappings Procedures and Tools Metrics and Tests Samples! Why should I care?!?

9 First Five Quick Wins ID # Description Category CSC 2-1 CSC 3-1 CSC 3-2 CSC 3-3 CSC 12-1 Deploy application whitelisting technology Establish and ensure the use of standard secure configurations of your operating systems. Implement automated patching tools and processes for both applications and for operating system software. Limit administrative privileges to very few users Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior. Quick win (One of the "First Five") Quick win (One of the "First Five") Quick win (One of the "First Five") Quick win (One of the "First Five") Quick win (One of the "First Five")

10 Mapping CSC to Other Frameworks Referenced from: SANS CSC-20 Fall 2014 Poster

11 Call to Action Create a Baseline/Gap Analysis Integrate Controls Into Operations Develop a Roadmap Implement the First Phase of Controls 11

12 SANS CSC-20 Baseline

13 Financial Services Client SANS CSC-20 Coverage Control ID Description Client s Current Goal Progress Progress Including TaaSera TaaSera Coverage # of Sub-CSCs Handled CSCs Addressed CSC 4 Continuous Vulnerability Management 62% 86% 5 of , 4.2, 4.4, 4.6, 4.10 CSC 5 Malware Defenses 50% 90% 8 of , 5.6, CSC 18 Incident Response & Management 71% 82% 2 of , 18.4 CSC 20 Penetration Tests & Red Team Exercises 74% 84% 3 of , 20.6, 20.8 Percentage to Goal 50% or Below 51 80% %

14 Financial Services Client SANS CSC-20 Coverage Control ID Description Client s Current Goal Progress Progress Including TaaSera TaaSera Coverage # of Sub-CSCs Handled CSCs Addressed CSC 1 Device Inventory 46% 58% 2 of 7 1.1, 1.4 CSC 3 Workstation & Server Configurations 41% 55% 2 of , 3.7 CSC 19 Secure Network Engineering 48% 64% 1 of Percentage to Goal 50% or Below 51 80% %

15 Selling SANS CSC-20 to Management SANS CSC-20 answers key questions: What is connected? What is running? Which few people have admin privileges? Which continuous improvement processes help prevent/detect/mitigate breaches? We can prove it

16 Conclusion Using NIST as a guiding framework SANS CSC-20 to convert theory into practice Using SANS CSC-20 to evaluate continuous security effectiveness improvement Model for evaluating new security products

17 Attend a demo session next week & be entered in our iwatch drawing! Tuesday, 2pm EDT Wednesday, 10am EDT Thursday, 4pm EDT Just share your card & we ll register you.

18 Q & A Brian Eberhardy Director of Solutions Consulting beberhardy@taasera.com (414)