Continuous Monitoring and Real Time Risk Scoring

Continuous Monitoring

and Real Time Risk

Scoring

Erich Baumgartner, VP Federal

Q1 Labs – An IBM Company

J.R. Cunningham, Director of

Federal Strategy

Accuvant

Meeting the Information Requirements of

Federal Agencies

Two-phased compliance and security timeline

Security Intelligence for Continuous

Monitoring

Monitors network changes to detect vulnerabilities in the

network

Changes may be potential threats and policy/compliance

violations, resulting in security gaps

Compares configuration data from network security devices

with layer 7 network activity analysis

Continuously checks rule policy effectiveness and raises alerts

Provides single console view of risk exposure needed to

meet continuous monitoring requirements (risk management,

log management, SIEM, network behavior analysis)

Continuously Manage Risk with

Security Intelligence

Move beyond traditionally reactive security management

Multi-vendor network

configuration monitoring &

Automated compliance

and risk assessment

Predictive threat modeling & simulation

Risk Indicators

Configuration/ Topology

Network Activity

Vulnerability Management

Network & vulnerability context

Accuvant & Q1 Labs

Traditional SVARs Technology Driven

Traditional Consulting Audit/Compliance Driven

J.R. Cunningham Accuvant

What is Continuous Monitoring?

“…determine if the

complete set of

planned, required,

and deployed

security controls

within

an information

system or

inherited by the

system continue

to be effective

over time…” NIST

SP 800-37

Why is Continuous Monitoring Critical? (Beyond the Obvious Answer – “It’s Required”)

Intelligent Cyber Security- Applying

countermeasures to only systems needing those

controls

Threat Intelligence – Understanding as much

about the enemy and threat vectors as possible

Acquisition excellence – find the “big ROI”

Situational Awareness – decision superiority

delivered with “speed of need”

“If an agency has $1 to spend today, where

should they spend it and why?”

Continuous Monitoring and Situational

Awareness

Malware

Insider Threat

Device/Data Theft

Leakage

Espionage

Endpoint Protection

Network Defenses

Encryption

Situational

Awareness

Choosing Meaningful Metrics

Organizational

Vulnerability & Patch

Management

Software & Data Asset

Management

Network &

Configuration

Management

Compliance & Audit

Management

Security Information &

Event Management

• Accurate

• Repeatable

• Potential for Risk Relevance

(either alone or with other

• Should be known in industry

• Not Necessarily Actionable

• Can sometimes validate or

invalidate other data

Industry Standard Metrics (measurablesecurity.mitre.org)

Finding the Risk Relevant Data

Organizational

Vulnerability & Patch

Management

Software & Data Asset

Management

Network &

Configuration

Management

Compliance & Audit

Management

Security Information &

Event Management

Risk Relevant

• Some level of aggregation

• Also a repeatable process

• Begins to inform SA

• Not necessarily actionable

• Centrally managed

Security Intelligence Across the

Infrastructure – Anomaly Detection

Squelching the Noise

Informative and Actionable Output

Q1 Report Screen Here

Pre-built NIST reporting

Risk Based Decisions

* NIST SP 800-39

What to do next?

Watch our recent webcasts http://q1labs.com/resource-

center/media-center.aspx

Download the “Gartner SIEM Critical Capabilities” report

http://q1labs.com/resource-center/analyst-

reports/details.aspx?id=17

Download the “Continuous Monitoring for Government

Agencies” paper http://q1labs.com/resource-center/white-

papers/details.aspx?id=137

Read our blog http://blog.q1labs.com/

Follow us on Twitter: @q1labs @ibmsecurity

More info: info@Q1Labs.com Twitter: @q1labs @accuvant Blog: blog.q1labs.com

Thank You!

Continuous Monitoring and Real Time Risk Scoring

Technology

“Continuous monitoring en continuous auditing: continuous ......Relatie continuous monitoring en continuous auditing Het continuous monitoringsproces kan zowel de organisaties zelf

“Continuous monitoring en continuous auditing: continuous ... · Continuous auditing en continuous monitoring: continuous solutions? Teamnummer 612 1 Management samenvatting Algemeen

Continuous Transaction Monitoring

Continuous Emission Monitoring System

Continuous security monitoring

Automatic Continuous Speech Recognition Database speech text Scoring

CONTINUOUS GLUCOSE MONITORING CONTINUOUS GLUCOSE

SOC E CONTINUOUS MONITORING - clusit.it e Continuous...Monitoring Continuous

Continuous Monitoring 2.0

Online continuous monitoring system

Continuous Glucose Monitoring

CONTINUOUS AUDITING & CONTINUOUS MONITORING...IL CONTINUOUS AUDITING & IL CONTINUOUS MONITORING NELLE SOIETA’ INDUSTRIALI NICOLAS MARCHI, Regional Manager Internal Auditor - Pirelli

Fundamentals of Continuous Monitoring - NIST · PDF file6/6/2013 · Fundamentals of Continuous Monitoring ... Information Security Continuous Monitoring for . ... Potential impact/costs

Operating manual€¦ · By default, continuous monitoring is disabled. Once enabled, continuous monitoring is always active. To enable/disable continuous monitoring: Press and hold

Continuous Monitoring · “Continuous monitoring and continuous auditing: From Idea to implementation” (2010), 2. 8 o ... they havebeen implementing a system of continuous monitoring

Continuous Auditing & Continuous Monitoring in a Broader Perspective

Continuous monitoring strategy_guide_072712

A Blueprint for Continuous Monitoring and · PDF fileA Blueprint for Continuous Monitoring and Mitigation ... Continuous monitoring and detection ... nor do security information and

Kentucky Continuous Monitoring Process

Monitoring and Pre-Scoring Activities