Security Coordination with IF-MAP

Similar documents
Security Orchestration with IF-MAP

TNC: Open Standards for Network Security Automation. Copyright 2010 Trusted Computing Group

IF-MAP Overview. Jan Ursi Technical Director EMEA Infoblox Inc. All Rights Reserved.

Network Access Control (NAC) and Network Security Standards

Orchestrated Security Network. Automated, Event Driven Network Security. Ralph Wanders Consulting Systems Engineer

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

IF-MAP Use Cases: Real-Time CMDB, and More

Trusted Network Connect (TNC)

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge

SANS Top 20 Critical Controls for Effective Cyber Defense

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Defending Against Data Beaches: Internal Controls for Cybersecurity

IBM Endpoint Manager Product Introduction and Overview

Secure Cloud-Ready Data Centers Juniper Networks

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Critical Controls for Cyber Security.

Intro to NSX. Network Virtualization VMware Inc. All rights reserved.

Obtaining Enterprise Cybersituational

Splunk: Using Big Data for Cybersecurity

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

Using SIEM for Real- Time Threat Detection

Update On Smart Grid Cyber Security

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

Policy Management: The Avenda Approach To An Essential Network Service

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

Cisco & Big Data Security

VMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

A viable SIEM approach for Android

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

The SIEM Evaluator s Guide

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Security Issues in Cloud Computing

Trust: When Physical and Logical Security Worlds Collide

- IF-MAP Research Projects and Open Source Software

Total Protection for Compliance: Unified IT Policy Auditing

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

McAfee Security Architectures for the Public Sector

Log Management, Compliance and Auditing

Netzwerkvirtualisierung? Aber mit Sicherheit!

Infoblox vnios Software for CISCO AXP

Vulnerability Management

Cyber Security Metrics Dashboards & Analytics

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

How To Manage Security On A Networked Computer System

IBM Tivoli Endpoint Manager for Security and Compliance

Looking at the SANS 20 Critical Security Controls

Continuous Cyber Situational Awareness

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

IF-MAP Driving IT Agility through an Infrastructure Revolution

Secure Access into Industrial Automation and Control Systems Industry Best Practice and Trends. Serhii Konovalov Venkat Pothamsetty Cisco

The Importance of Cybersecurity Monitoring for Utilities

Network Access Security It's Broke, Now What? June 15, 2010

What is Security Intelligence?

Threat-Centric Security for Service Providers

Juniper Security Threat Response Manager (STRM) Mikko Kuljukka COMPUTERLINKS Oy

SourceFireNext-Generation IPS

Security Analytics for Smart Grid

Bypassing Network Access Control Systems

QRadar SIEM 6.3 Datasheet

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

Big Data and Security: At the Edge of Prediction

How To Manage Sourcefire From A Command Console

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

STEALTHWATCH MANAGEMENT CONSOLE

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security

Extreme Networks: A SOLUTION WHITE PAPER

INSERT COMPANY LOGO HERE

Sygate Secure Enterprise and Alcatel

How To Buy Nitro Security

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

RAVEN, Network Security and Health for the Enterprise

Network that Know. Rasmus Andersen Lead Security Sales Specialist North & RESE

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

OneFabric Connect. Overview. Extend the OneFabric architecture to 3rd party applications DATA SHEET BENEFITS BUSINESS ALIGNMENT

Critical Security Controls

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Transcription:

Security Coordination with IF-MAP Matt Webster, Lumeta 28 Sept 2010 Copyright 2010 Trusted Computing Group

Agenda Threat Landscape and Federal Networks Recap of TNC Explanation of IF-MAP What is IF-MAP? What problems does IF-MAP address? How does IF-MAP solve those problems? Use cases IF-MAP Adoption Summary For More Information Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #2

Cyber Threat Sources & Trends National Governments Terrorists Industrial Spies Organized Crime Groups Hacktivists Hackers Malware Botnets Cyber warfare Threats to VoIP and mobile devices The evolving cyber crime economy Sources: US-CERT http://www.us-cert.gov/control_systems/csthreats.html; GTISC Emerging Cyber ThreatsReport for 2009 http://www.gtisc.gatech.edu/pdf/cyberthreatsrepoand rt2009.pdf Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #3

Automation & Continuous Monitoring Automate continuous monitoring Automate Access Control using SCAP Regularly assess effectiveness of security controls Adversaries exploit the weakest controls True security is dependent on all controls remaining effective over time Source: NIST FAQ on Continuous Monitoring, June 1, 2010 Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #4

Security Content Automation Protocol (SCAP) Languages Means of providing instructions Metrics Risk scoring framework Enumerations Convention for identifying and naming Community developed Machine readable XML Reporting Representing security checklists Detecting machine state Community developed Transparent Metrics Base Temporal Environmental Community developed Product names Vulnerabilities Configuration settings

What is Trusted Network Connect? Open Architecture for Network Security Completely vendor-neutral Strong security through trusted computing Open Standards for Network Security Full set of specifications available to all Products shipping for more than four years Developed by Trusted Computing Group (TCG) Industry standards group More than 100 member organizations Includes large vendors, small vendors, customers, etc. Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #6

Where Does IF-MAP Sit Within TNC Access Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Metadata Access Point (MAP) Sensors, Flow Controllers Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #7

What is IF-MAP? Open Standard for Security and Network Coordination First published in May 2008 by the Trusted Computing Group Industry consortium including most large IT vendors Freely available for anyone to implement Growing base of vendor and product support Shared database for information on network devices, their state, and their activities MySpace for IP devices and systems Aggregates real-time information from many different sources Both standard data types and vendor-specific extensions Designed to scale for machine-to-machine coordination Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #8

Enterprise Connectivity The Monitored Network What Else is Connected? Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #9

Problems Addressed by IF-MAP Network and Endpoint Visibility Situational Awareness - Who and what s on my network? Are devices on my network secure? Is user/device behavior appropriate? Network Enforcement Provide information on unauthorized users/devices Provide information on network events Security Automation Test access levels for users/devices Automate audit of security controls across a full suite of tools Validate remediation efforts Systems Interoperability & Data Integration Automate security decision-making, with best available information Share real-time information about network events, users, devices, threats, etc. Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #10

Coordinated Security with IF-MAP Asset Management System Endpoint Security (via NAC) SIM / SEM MAP IPAM IF-MAP Protocol Physical Security ICS/SCADA Security AAA Routing Server or IDS Switching Wireless Firewalls Cloud Security Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #11

The Integration Challenge Supply Chain Mgmt Smart Grid CMDB AAA SIEM Network Location Switches Routers ERP Building Controls Factory Controls Infrastructure Management Network Security DNS, DHCP Asset Mgmt IPAM CRM HR Applications SNMP, Syslog, Netflow Custom Integration API s, Scripts Complex Costly Brittle High Maintenance Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #12

From Integration to Orchestration with IF- MAP Supply Chain Mgmt Smart Grid CMDB SIEM Switches AAA Routers Network Location ERP Building Controls Factory Controls Infrastructure Management Network Security DNS, DHCP Asset Mgmt IPAM CRM HR IF-MAP Protocol (Publish, Subscribe, Search) Applications IF-MAP Server Automatically aggregates, correlates, and distributes data to and from different systems, in real time Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #13

TNC/IF-MAP and SCAP Together Access Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Metadata Access Point (MAP) Sensors, Flow Controllers SCAP Client Software SCAP Analysis Software SCAP External Scanner Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #14

IF-MAP Standardization & Adoption Agencies & Vendors benefit from Security Automation in multi-vendor environments Agencies leverage existing IT investments with interoperability; improve information sharing with standardized data Procurement & Gov t IT Leadership drive standards adoption among vendors Product integration costs & time greatly reduces through standards-based interoperability Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #15

From Baseline to Coordinated Security DISCOVERY FORENSICS COLLECTION RESPONSE MONITORING ANALYSIS Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #16

IF-MAP Lets Existing Systems to Share Data Network Security Physical Security Network Location Provisioning, Visualization & Analytics (Management) IF-MAP Server Decisions (Control) Sensors & Actuators Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #17

Many New Applications are Emerging Just the Tip of the Iceberg Cyber/Physical (CyPhy) Convergence IT Automation Cloud Computing Don t allow users to connect to the network if they haven t badged into the building Don t allow a wireless device to connect if its located outside of the building Track the location and status of all IT assets (IPs, MACs, devices, hardware, VMs, apps, users, etc.) in real time Allocate assets on the fly, dynamically re-provision data centers Federate authentication and authorization status across private & public clouds Move computing workloads to the cloud when prices drop Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #18

Use Case Quarantine a Leaking Device Challenges: Manage network change Fight insider threats Ensure security policy compliance Enforce network segmentation Consequences: Policy violations Unauthorized, unsecure network connections Worms, viruses, hackers, insider threat Inhibited situational awareness Solution: Lumeta IPsonar s Network Leak Discovery Enable organizations to detect unknown, unauthorized and unsecure network connections Juniper Networks Unified Access Control Automatically and securely remediate the situation Integrated network defense via TNC Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #19

Lumeta s IF-MAP Client Lumeta is currently contributing member of TNC Co-chair TNC adoption sub-group (Matt Webster) Beta IF-MAP client fall 2008 No significant development time or costs IPsonar version 4.5 contains IF-MAP client GA in August of 2009 Enables delivery of IPsonar Discovery events for automated remediation Significant interest with Government Clients Integrated network defense solution with Juniper Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #20

Policy Violation Leaking Device Access Requestor Policy Enforcement Point Policy Decision Point Metadata Access Point Sensors and Flow Controllers Remediation Network!!!! NAC Policy No Network Leak Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #21

Use Case Physical Security Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #22

IF-MAP Adoption Access Requestor Policy Enforcement Point Policy Decision Point Metadata Access Point Sensors, Flow Controllers Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #23

What About Open Source? Lots of open source support for TNC University of Applied Arts and Sciences in Hannover, Germany (FHH) http://trust.inform.fh-hannover.de tnc@fhh - the open source TNC implementation. ISC DHCP - the open source DHCP implementation. Nagios - the industry standard in IT infrastructure monitoring. Snort - the open source network intrusion prevention and detection system. netfilter/iptables - the packet filtering framework inside the Linux 2.4.x and 2.6.x kernel series. omapd IF-MAP Server http://code.google.com/p/omapd IF-MAP Client Code http://ifmapdev.com/ Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #24

IT Situational Awareness via IF-MAP What s on the network? Are there patterns that I m not seeing? Collect & correlate information on all users, events & devices Prioritize risk, take appropriate action Validate the success of remediation Repeatable, automated assessments of the IT environment Automated and Continuous Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #25

Upcoming TNC-Related Sessions TNC: Open Standards for Network Security Automation There was just a presentation earlier today If you missed that presentation, please check out the slide deck! Leveraging SCAP for TNC, Endpoint Sensor Grid and Automated Remediation In-depth look at TNC-SCAP integration See a demo of TNC-SCAP Integration! After the IF-MAP session in Ballroom I (Tuesday, 4:45-5:30 PM) Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #26

For More Information TNC Web Site Technical http://www.trustedcomputinggroup.org/developers/trusted_network_connect Business http://www.trustedcomputinggroup.org/solutions/network_security TNC-WG Co-Chairs Steve Hanna Distinguished Engineer, Juniper Networks shanna@juniper.net Paul Sangster Chief Security Standards Officer, Symantec Paul_Sangster@symantec.com Copyright 2010 Trusted Computing Group Other names and brands are properties of their respective owners. Slide #27

Thank you! Trusted Computing Group Confidential

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information