1 / 23

REN-ISAC Research and Education Networking Information Sharing and Analysis Center

REN-ISAC Research and Education Networking Information Sharing and Analysis Center. ISACs in General. Mission.

wirt
Download Presentation

REN-ISAC Research and Education Networking Information Sharing and Analysis Center

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. REN-ISACResearch and Education Networking Information Sharing and Analysis Center

  2. ISACs in General

  3. Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

  4. Mission The REN-ISAC mission is to aid and promote cyber securityoperational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

  5. Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

  6. Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

  7. Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

  8. Mission The REN-ISAC mission is to aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. The mission is conducted within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. REN-ISAC serves as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships.

  9. Roles • ISAC role: A community formed of trusted security staff at R&E institutions; sharing actionable information for operational protection and response; among the trusted R&E members, cross-sector, and with external trusted partners. Certain services (alerts and notifications) to all of R&E regardless of membership status. REN-ISAC is the R&E “trusted partner” in commercial, governmental, and private security information sharing relationships. • CSIRT role: Notifications (>12k/month) regarding compromised systems and other incident involvement; supporting all of US R&E (>1600 institutions notified to-date). SOC for Internet2 network.

  10. REN-ISAC is a Cooperative Effort • Member participation is a cornerstone of REN-ISAC • Dedicated resource contributors: IU, LSU, and Internet2 • In kind contributors: EDUCAUSE, MOREnet • Member contributions through participation: • Executive Advisory Group • Technical Advisory Group • Microsoft Analysis Team • Membership Committee • Services development and operation • Systems, tools, etc. • Seek mutually beneficial relationships

  11. Advisory Groups, Analysis Teams, and Services

  12. Relationships • Internet2 • Internet2 SALSA • Internet2 CSI2 Working Group • Global Research NOC at IU • EDUCAUSE • Higher Education Information Security Council • Private threat analysis and mitigation efforts • Other sector ISACs • National ISAC Council • DHS/US-CERT and other national CERTS and CSIRTS • Vendors (Microsoft) • NCFTA (National Cyber-Forensics & Training Alliance) • APWG (Anti-Phishing Working Group)

  13. Sustainability • Hosted by Indiana University • Financial contributions from IU, LSU, and Internet2, and in-kind support from EDUCAUSE • Member contributions in projects, services, and activities • A modest membership fee ($700/$900 per institution per year) • Financial Principles, in the Charter:

  14. Benefits of Membership • Receive and share practical and actionable defense information in a private community of trusted members • Establish relationships with known and trusted peers • Have access to direct security services • Benefit from information sharing relationships in the broad security community • Benefit from vendor relationships, such as the REN-ISAC and Microsoft Security Cooperation Program relationship • Participate in technical educational security webinars • Participate in REN-ISAC meetings, workshops, & training • Have access to the 24x7 REN-ISAC Watch Desk • Have access to threat information resources ("data feeds") that can be used to identify local compromised machines, and to block known threats

  15. Information Products • Daily Watch Report provides situational awareness. • Alerts provide critical and timely information concerning new or increasing threat. • Notifications identify specific sources and targets of active threator incident involving R&E. Sent directly to contacts at involved sites. ~4000 notifications sent per month. • Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc. • Advisories inform regarding specific practices or approaches that can improve security posture. • TechBurst webcasts provide instruction on technical topics relevant to security protection and response. • Monitoring views provide summary views from sensor systems, e.g. traffic patterns on Internet2, useful for situational awareness.

  16. Membership • Membership is open to colleges and universities, teaching hospitals, R&E network providers, and government-funded research organizations. • The institution is the “member”, and is represented by a management representative who nominates one or more member representatives. • Very specific job responsibility requirements define who is eligible to become a member representative. • Membership is tiered (General and XSec). The tiers differ in eligibility criteria, the degree of trust vetting, sensitivity of information shared, information products shared, and the commitment-level of the institution.

  17. Membership and Reach • As of October 2011, there are: • 341 members • Represented by 858 member representatives • A list of member institutions is on the Membership web page • http://www.ren-isac.net/cgi-bin/memberlist.cgi • Service to R&E beyond just the membership • REN-ISAC has communicated with over 1600 EDU institutions, directly and privately, regarding compromised systems (notifications) • Episodic public alerts are aimed at R&E security practitioners and CIOs

  18. Joining REN-ISAC • Membership is initiated by a CIO or equivalent, who becomes the “management representative”. During registration the CIO can delegate the management representative role. • The management representative nominates “member representatives” • Member representatives must be FTE with institution-wide responsibilities for operational security protection and response, etcetera. • Tiered membership model • First tier (General): nominated by management representative, meets eligibility criteria, and no dings by current members during vetting • Second tier (Xsec): has been a General member in good standing for six weeks, meets eligibility requirements, and receives two vouches of personal trust from existing members, • http://www.ren-isac.net/membership.html

  19. Over the Past Year • Membership growth: 301  341 institutions, represented by 730  858 persons (dated October 2011) • Relationships growth: US-CERT, NCFTA, APWG • Growth in engagement with trusted partners: more information sharing • Involvement in strategic industry groups focused at the takedown of specific security threats • Advancement of the SES tool (v1  v2), created the Collective Intelligence Framework (CIF): threat data repository, flexible API, support for analyst threat research • NSF award OCI-1127425 for development of SES v3, including support for inter-federation, scaling, additional data types, and tool integration. • Engagement with the NSF International Research Network Connections, TransPAC3 and America Connects to Europe projects, supporting "community security" activities.

  20. Over the Past Year • Partnership with the Multi-State ISAC and SANS to bring an aggressive aggregate buy program for Securing The Human training to EDU. • Engagement in international standards work for security incident reporting (IODEF) • Handling of 0-day vulnerability communications between members and vendors • Increase in number of notifications (more data sources) regarding observed infected EDU-based machine: > 12,000 notifications/month • Additional staff, funded by membership fees, permitting substantial strengthening of our infrastructure, and deployment of new services

  21. References • REN-ISAC Organizational Documents   • http://www.ren-isac.net/about/index.html • Charter • Membership Document • Terms and Conditions • Fees • Information Sharing Policy • Disclaimer • Overviews • http://www.ren-isac.net/about/index.html • Flier • Executive Overview • Joining • http://www.ren-isac.net/membership.html

  22. Contacts Doug PearsonTechnical Directordodpears@ren-isac.net http://www.ren-isac.net 24x7 Watch Desk: soc@ren-isac.net +1 (317) 278-6630

More Related