Raytheon Oakley Systems

Similar documents
A New Era of Cybersecurity Neil Mohammed, Sales Engineer

Meeting the Demands of Government Policies & Regulations

SecureVue Product Brochure

Enterprise Security Solutions

The Impact of HIPAA and HITECH

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

McAfee Security Architectures for the Public Sector

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Always Worry About Cyber Security. Always. Track 4 Session 8

High End Information Security Services

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

ILM et Archivage Les solutions IBM

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Agio Remote Monitoring and Management

IBM QRadar as a Service

Analyzing HTTP/HTTPS Traffic Logs

Access FedVTE online at: fedvte.usalearning.gov

Websense Data Security Solutions

The Evolution of Application Monitoring

RSA Identity Management & Governance (Aveksa)

Achieving Actionable Situational Awareness... McAfee ESM. Ad Quist, Sales Engineer NEEUR

End-user Security Analytics Strengthens Protection with ArcSight

McAfee Security Information Event Management (SIEM) Administration Course 101

Metrics that Matter Security Risk Analytics

Strengthen security with intelligent identity and access management

EnCase Analytics Product Overview

August Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

How To Monitor Your Entire It Environment

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

What We Do: Simplify Enterprise Mobility

Fight fire with fire when protecting sensitive data

Security Integration Splunk and ArcSight

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Ecom Infotech. Page 1 of 6

Compliance Overview: FISMA / NIST SP800 53

Breach Found. Did It Hurt?

End-to-End Application Security from the Cloud

Security Information & Event Management (SIEM)

McAfee Data Protection Solutions

IBM Exam M IBM Security Sales Mastery Test v4 Version: 7.0 [ Total Questions: 62 ]

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

RAVEN, Network Security and Health for the Enterprise

Securing and protecting the organization s most sensitive data

Everything You Always Wanted to Know About Log Management But Were Afraid to Ask. August 21, 2013

10 Building Blocks for Securing File Data

The Purview Solution Integration With Splunk

Information & Asset Protection with SIEM and DLP

In ediscovery and Litigation Support Repositories MPeterson, June 2009

CyberArk Privileged Threat Analytics. Solution Brief

Solutions to Trust. NEXThink V5 What is New?

Unprecedented Malware Growth

A Comprehensive Cyber Compliance Model for Tactical Systems

Mucho Big Data y La Seguridad para cuándo?

How Our Cloud Backup Solution Protects Your Network

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

Mitigating the Risks of Privilege-based Attacks in Federal Agencies

How To Buy Nitro Security

Managing Cloud Computing Risk

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Federal and Large Enterprise Solutions - FAQs

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Data Protection McAfee s Endpoint and Network Data Loss Prevention

Auditing Data Access Without Bringing Your Database To Its Knees

Top 20 Critical Security Controls

Database Auditing & Security. Brian Flasck - IBM Louise Joosse - BPSolutions

CA Technologies Data Protection

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

Lumension Endpoint Management and Security Suite

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

SAP HANA Cloud Portal Overview and Scenarios

Vulnerability Management

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs

Secure Cloud Computing

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

What s New in Security Analytics Be the Hunter.. Not the Hunted

Mitra Innovation Leverages WSO2's Open Source Middleware to Build BIM Exchange Platform

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

Advanced Threats: The New World Order

SIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

SAP IT Infrastructure Management

Tivoli Security Information and Event Manager V1.0

Augmented Search for Web Applications. New frontier in big log data analysis and application intelligence

Track-It! 8.5. The World s Most Widely Installed Help Desk and Asset Management Solution

Italy. EY s Global Information Security Survey 2013

White paper. Five Key Considerations for Selecting a Data Loss Prevention Solution

Teradata and Protegrity High-Value Protection for High-Value Data

Transcription:

Raytheon Oakley Systems Michael Crouse VP, Sales & Marketing Daniel Velez Director, Program Operations Cleared for release. #IIS2013-226. Page 1

Raytheon Oakley Systems About us Founded as Oakley Networks in 2001 Acquired by Raytheon in 2007 US Government & Fortune 500 customers 9th Generation Enterprise Audit and Insider Threat Solutions SureView Export Controlled Dept of Commerce Securing Classified Networks and Fortune 500 customers since 2001 Page 2

Raytheon Oakley Systems Products Insider Threat, Enterprise Audit, Risk Management, IP Theft Protection, Cross Domain, External Data Source Integration, & Analytics Page 3

SureView Innovation and Integration Investigations Dashboards SureView SureView Events Policies c ArcSight McAfee epo (HBSS) Email Browser IM Office Keyboard Clipboard File System Printer Process Log On Lotus Notes Application Channel Registry Terminal USB Video Servers 64-bit malware detection audit social networking reporting scalability Linux Page 4

Policy-Driven Auditing Specifies what to audit and what should be in the audit record Specifies what not to collect Ex: Do not collect email to/from chaplain@unit.army.mil Leverages simple If/Then statements Enables Multiple Stakeholders Ex: Active Malware Protection (AMP) AUDITED ACTIVITY File write to removable media File contains sensitive data - fingerprinted text - SAP code names AUDIT RECORD Date/Time, Username, Workstation Offending Device Action: Capture File Action: <email> Security Staff Action: <forward> ArcSight Page 5

Management Controls Role-based Access Robust Operator Auditing Segregation of Collected Data Chain of Custody Features Non-technical Oversight Integration with 3rd Party Enterprise Tools such as epo and various SIEM s ArcSight, SPLUNK, etc. Access to controls based on role, mission requirements, and authorization US DoD Image Page 6

CrossView : Cross Domain Auditing Analyze events from networks across air gapped domains on one investigator workbench. Network A Network B Network C Analyst Workbench SureView / CrossView Cross Domain Solution Page 7

Convergence: External Data Source Aggregation HR Data Communications Personnel Security Information Foreign Travel Information Facility Access Information Shared Space Audit Data Multi-source data aggregation and single search queries Page 8

REST APIs (requires separate Convergence license) Desktop Agents Convergence: Conceptual Architecture Collector Node Central Database Master Node Enterprise Application Suite Connector Modules Analytics Node Arbitrary External Data Sources Analytics Future Data Phase 1 Page 9

Spotlight - Analytics Interface Enables customers to discover and understand meaningful patterns in large sets of audit data through seamless integration with best of breed analytical tools including: Risk assessment algorithm, Anomaly detection, User trend analysis, Role based profiling w/ threat indicators Analytics Platform modules may be developed by ROS, authorized 3 rd -party partners, or directly by customers Analytics Platform provides optimized access to SureView data and a means for sending the results of analysis back into the SureView system for presentation to analysts Page 10

Analytics Modules Spotlight: Conceptual Architecture Management & Status User Interface Enterprise Application Suite Analytics Node Collector Node Master Node REST APIs Central Database Spotlight Framework Page 11

Support for Person-Centric Investigations Add features to more easily attribute collected audit data to an identifiable person. Implies a shift away from the traditional primary association of collected data to an SureView agent. Particularly relevant to: Convergence customers who are aggregating audit data from multiple external data sources SureView customers with hosted virtual desktop environments CrossView customers with users whose behavior they audit across multiple domains Page 12

SureView Value Proposition Demonstrably Superior Cyber Audit Capability Operationally-proven, mature and scalable solution with overall install base of over hundreds of thousands endpoints to date Unobtrusive and configurable policy-based endpoint auditing with full context event replay Comprehensive coverage and collection of end-user behavior on desktops, workstations and laptops, whether connected to the network or completely offline Low Risk Fully accredited for operation on JWICS, SIPRNET & other classified/unclassified networks Fully interoperable with other host based security system architectures and leading Security Information and Event Management (SIEM) tools such as ArcSight Comprehensive mission support for services, training, and documentation Compliant Compliant with DCID 6/3 and ICD 503 as well as DISA STIG security requirements Fully validated NIST FIPS 140-2 encryption modules for all cryptographic functions Standardized audit policies and common, exportable data format enable discovery and retrieval of audit information. Cost Effective Low Total Cost of Ownership (TCO) Flexible Pricing for Focused Observation Investigations and Enterprise Auditing Support for Hosted Virtual Desktops to align with agency virtualization and cloud strategies Page 13

To Demonstrate the power of the ROS SureView system with Convergence and Advanced Analytics Options Page 14

Agenda Scenario 1 Unapproved Job Outsourcing Scenario 2 Intellectual Property Theft Page 15

Scenario 1 Unapproved Job Outsourcing Scenario: FJEA insider, Aaron Reed, exposes his agency to tremendous risk when he covertly outsources his job to a 3 rd party in China and opens up access to mission resources in the process. This demonstration shows how the correlation of aggregated data from multiple sources can illustrate a rich view of the context around user activities that provides valuable insight into an insider s motivate and intent. This kind of proactive approach is essential to mitigating today s complex array of insider threat risks. Page 16

Scenario 1 Unapproved Job Outsourcing Video Demo Page 17

Scenario 2 Intellectual Property Theft Scenario: Impact of Company Reduction In Force Notification (RIF) on employee behavior causing increased risk of an Insider Threat incident. Bob Davis potentially working with a 2 nd Party inside the company to exfiltrate sensitive company data. This demonstration shows that an effective insider threat mitigation program requires aggregation and correlation of data from various data repositories. With context and audit records from multiple sources, the time to discover and investigate incident is reduced. Page 18

Scenario 2 Intellectual Property Theft Video Demo Page 19

Contact Info Michael Crouse Vice President, Sales and Marketing Raytheon Oakley Systems 443-858-8527 michael.crouse@raytheon.com Daniel Velez Director, Program Operations Raytheon Oakley Systems 703-244-9887 daniel.velez@raytheon.com Cleared for release. #IIS2013-226. Page 20

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information