A quick history of the rates Two new rates Baseline 2360 per server workstation Confidential systems 16290 per server in confidential systems Not all new money pulled out security costs from other rates they were lowered ID: 1001354
Download Presentation The PPT/PDF document "New Security Rates Deliver Additional an..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. New Security Rates Deliver Additional and Improved Protections
2. A quick history of the ratesTwo new ratesBaseline – $23.60 per server, workstationConfidential systems – $162.90 per server in confidential systemsNot all new money – pulled out security costs from other rates, they were lowered
3. Projects address multiple threatsAs we go through each initiative, the threat(s) being addressed are among these:Hackers – garden variety, organized crime – identity thievesMalware/social engineeringMalicious insidersHuman errorNo single silver bullet protection, multiple layers
4. Building/ensuring security programsAgency NIST complianceEnsure each agency has a focused security programThe most critical point of success for security is that there is a daily grind toward results, identifying and mitigating risks, working on the correct priorities, making the necessary commitmentsThis project includes the rewriting of policy, adopting control standards, and measuring agency progress Archer is a key component in reaching our objectives, host policy, track agency compliance, enhance governanceComplimentary to the risk assessment mentioned earlierBrian has spoken to the plans and milestones
5. Identity/Access managementMicrosoft Identity Management (MIM)Consistent provisioning, improvement toward objective of least privilege, self-service password reset lessens social engineering riskMilestonesTool selection 9/28/15Build/Pilot MSFT Identity Management 2/26/16 Status: Project with MSFT to setup MIM in IOT for PROD. DEV sites are setup to test.Pilot Self Service Password Reset 4/15/1652% of phone calls for the helpdesk are password resetsTwo factor for elevated privileges TBD
6. Identity/Access managementAvectoRemove local admin privileges from laptopsMilestonesProcure software 9/1/15Implement pilot agency 3/31/16Enforce at all agencies 8/31/16
7. Access managementCisco Identity service engine (NAC) – device authorizationVPN, wireless, then the campus networkAbsorbed new responsibilities with current staffMilestonesServer setup 12/23/15Client VPN migration 8/1/16Statewide wireless 6/30/16Wired pilot – IOT 12/21/16
8. Application protectionThis is for Extranet apps, not IN.govNetScaler web application firewall – protection from code vulnerabilitiesA layer of protection inhibiting hackers from exploiting vulnerabilities in source code (e.g. – cross site scripting, SQL injection, etc.)MilestonesTwo positions created and filled 9/15/2015All applications behind proxy and monitored VariableProtections studied, enabled as feasible 12/31/2016
9. Asset managementArcher is the tool (4 use cases – SecOps, SOC; Policy – NIST compliance, Asset management, Audit)Procurement in process through MSPRelational system linking key attributes for systems (apps), servers, databases, and workstations (warranty info, software, vulnerabilities)MilestonesProcured Archer 4/30/15Operational prod, dev - SOC 10/08/15Created and filled 2 administrative positions 11/1/15Award asset management consulting, development work 3/25/16Asset management implemented (est.) 6/25/16
10. Vulnerability managementLumension – improved patch managementPatched systems less vulnerable to malwareMilestonesCreated and filled support position 9/1/2015Phase 1: Pilot IOT/IDOA 1/29/16Phase 2: Rollout client to all agencies 2/29/16
11. AuditingMcAfee database auditing softwareDefend from mistakes, malicious insiders, rights abuseMilestonesMcAfee database auditing software purchased 2015Testing with DWD 2015Positions created, filled 12/1/15Tools training 3/7/16Project planning 3/14/16
12. Network MonitoringSecurity Operations CenterHandling network events, MS-ISAC notifications – Level 1 dutiesNick has shared details
13. Network monitoringMicrosoft Advanced Threat AnalyticsPart of the Enterprise Mobility Suite (MIM as well)Threat analytics is designed to identify pass the hash attacks, remote execution, bruteforce, lateral movement and other anomalous behavior from AD, SIEM and other log sourcesMilestonesContract finalized 12/2/15Procurement of servers complete 3/10/16Implementation services complete 4/15/16
14. Email and network monitoringFireEye – improved malware detectionUses sandbox and broad threat identification sources to build extensive databaseMilestonesPOC completed 5/6/15Product procured 9/1/15Email protection implemented 10/1/15Network protection implemented 12/8/15Note – More than 2300 malware infections stopped since implementation
15. Endpoint protectionMcAfee ATD – Advanced Threat Detection (Sandbox)McAfee TIE – Threat Intelligence Exchange (database)Automated updates of protection at the endpointMilestonesMcAfee implementation assistance 12/21/15Enterprise monitoring 3/4/16 Enterprise blocking enforced 4/1/16
16. Training and awarenessStatewide programMascot vs. gamificationReviewed several training programsObjective is to procure yet this fiscal yearHurdles once purchased include method of tracking – ELM or through vendor
17. Research and DevelopmentProofs of Concept Researching products we think can fill gaps – Pondurance, Morphic, Varonis, Dark Trace, FireEye, TaniumBeginning a Dell SecureWorks POC in the next few weeks – Intrusion detection/protection servicesOnly product purchased from the POC was FireEye. All had value but for lack of fit or cost, they have not been pursued thus far.