1 / 35

Enterprise Security:  Planning Today for Tomorrow’s Unknown Threats

Enterprise Security:  Planning Today for Tomorrow’s Unknown Threats. Christopher Buse Chief Information Security Officer State of Minnesota. Agenda. Vulnerability and threat trends Minnesota’s enterprise-wide vulnerability management approach Q & A. Payoff.

ciara-white
Download Presentation

Enterprise Security:  Planning Today for Tomorrow’s Unknown Threats

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Enterprise Security:  Planning Today for Tomorrow’s Unknown Threats Christopher BuseChief Information Security OfficerState of Minnesota www.security.state.mn.us

  2. Agenda • Vulnerability and threat trends • Minnesota’s enterprise-wide vulnerability management approach • Q & A www.security.state.mn.us

  3. Payoff • Update on the current threat landscape • Understanding of why the problem is simply too big to solve on an agency by agency basis • Tips to form audit recommendations with serious impact www.security.state.mn.us

  4. My Job • Build a world class enterprise security program for the State of Minnesota • Challenges • Security • Cultural • Financial • Human Resources www.security.state.mn.us

  5. Our Organization

  6. Threat Update www.security.state.mn.us

  7. The Landscape is Hostile • Exponential increase in threats • Threats more complex and stealthy • Perpetrated by well funded criminal groups • Zero day is now everyday www.security.state.mn.us

  8. Mobile Phone Attacks • Today’s phones are computes • iPhone • Blackberry • Examples • Blackjacking Exploit www.security.state.mn.us

  9. RSA Takeaway • Bad guys are getting much better • Crimes of notoriety now crimes perpetrated for financial gain • Almost everything bad starts by exploiting a vulnerability www.security.state.mn.us

  10. Minnesota’s Approach www.security.state.mn.us

  11. What is a Vulnerability? • Typically a logic flaw in a piece of software • Exploited by hackers to obtain unauthorized access • Over 8000 new vulnerabilities in 2006 www.security.state.mn.us

  12. Dissecting the Problem • Vulnerabilities that we can find and fix • In the wild long for at least a week • Reputable vendors have signatures • Zero day vulnerabilities • Problems just identified • Most likely no signatures • Sometimes workarounds to minimize risk • Unknown vulnerabilities • Something bad is happening • Scanning shows that nothing is wrong • AV and all else is up to date www.security.state.mn.us

  13. Plan of Attack www.security.state.mn.us

  14. Find and Fix www.security.state.mn.us

  15. Desired Outcome • Develop a comprehensive vulnerability management program • Promptly identify vulnerabilities • Classify vulnerabilities, based on criticality • Remediate issues www.security.state.mn.us

  16. Strategy • Invest in an Enterprise Vulnerability Management Solution • Join forces with Minnesota Colleges and Universities to build out a common vulnerability management program and share a common vulnerability management platform www.security.state.mn.us

  17. Personnel • Office of Enterprise Technology and MnSCU Office of the Chancellor: • Oversee the program • Maintain enterprise tools • Provide training and technical support to agencies • Analyze and disseminate security advisories • Agencies and MnSCU Institutions: • Use the tools to assess all technology assets • Establish vulnerability management team • Remediate issues www.security.state.mn.us

  18. Team Interactions OET Central Vulnerability Management Team Agency Vulnerability Management Team • Network Support • Server Support • Workstation Support • Application Support www.security.state.mn.us

  19. Tools • ip360 by nCircle • VNE Manager appliance • Harden BSD OS • Web based console • Device Profiler • Harden BSD OS • Flash memory • Security Intelligence Hub (SIH) • Oracle Database • Canned and custom reporting • TCO expected to be about 13 million over 12 years www.security.state.mn.us

  20. Architecture www.security.state.mn.us

  21. Program Status • Software and hardware infrastructure built • Installations complete at most large agencies • Policies and detailed standards being finalized • Lots of scanning activity • External face of government • Inside secure agency networks • Across the WAN • Areas to focus on next • Mobile device vulnerabilities • Web application vulnerabilities www.security.state.mn.us

  22. Zero Day Exploits www.security.state.mn.us

  23. Shootin Cattle • World one giant herd • Sharpshooters take aim and fire • One cow drops • Lead cow puts impenetrable shield to stop more bullets • The herd is once again safe Snoop Doggie Moo www.security.state.mn.us

  24. Key Takeaways • One cow always takes a bullet for the good of the team • It’s best not to be THAT cow I Paid Da Cost To Be Da Boss Snoop www.security.state.mn.us

  25. Strategy • Manage an enterprise-wide threat dissemination service • Subscribe to several commercial vulnerability notification services • Communicate targeted notices to agencies • Leverage inventory date in ip360 • Communicate over secure portal www.security.state.mn.us

  26. Status • Targeted advisory service dependent on ip360 inventory data • Until ip360 fully deployed, broadcast critical alerts to agencies • Plan to implement a secure portal this year www.security.state.mn.us

  27. Unknown Vulnerabilities www.security.state.mn.us

  28. Strategy • Actively look for signs of anomalies • IDS/IPS systems • Network flows • Security Information and Event Management (SIEM) system • Quarantine machines exhibiting abnormal behavior www.security.state.mn.us

  29. SIEM • Real time analysis of security event data • Identify threats • Reporting on log data for forensic activities and compliance monitoring • SIM is responsible for storage and reporting • SEM is responsible for analysis and threat identification www.security.state.mn.us

  30. Status • Joining forces with MnSCU to build one SIEM solution for higher education and government • Currently working on RFP • Plan to have solution running by June 2009 • SIEM technology carries a hefty price tag www.security.state.mn.us

  31. Audit Tips www.security.state.mn.us

  32. Stuff To Consider • Enterprise-wide vulnerability and threat management audit • Problem simply too costly to solve on an agency by agency basis • Scanners only address known vulnerabilities with signatures • Need strategy to limit damage from zero day vulnerabilities • Need to be able to recognize abnormal network traffic www.security.state.mn.us

  33. Questions chris.buse@state.mn.us www.security.state.mn.us

More Related